The National Commission for Technology and Freedoms (CNIL) said Microsoft’s search engine Bing had not set up a system allowing users to refuse cookies as simple as accepting them. This is the largest fine imposed so far in 2022.
On Thursday, France’s privacy watchdog said that it has fined US tech giant Microsoft EUR 60 million for foisting advertising cookies on users.
The French regulator said that during investigations it found out that “when users visited this site, cookies were deposited on their terminal without their consent, while these cookies were used, among others, for advertising purposes.”
It also “observed that there was no button allowing to refuse the deposit of cookies as easily as accepting it.”
The CNIL said the fine was justified in part because the profits the company made from advertising profits were indirectly generated from the data collected via cookies (tiny data files that track online browsing).
Bing offered a button for the user to immediately accept all cookies, but two clicks were needed to refuse them, it said.
The company has been given three months to rectify the issue, with a potential further penalty of EUR 60,000 per day overdue.
The fine was issued to Microsoft Ireland, where the company has its European base.
Microsoft Take on the Fine
In a statement released by Microsoft, the company said that it had “introduced key changes to our cookie practices even before this investigation started.”
“We continue to respectfully be concerned with the CNIL’s position on advertising fraud,” it said, adding that it believes the French watchdog’s “position will harm French individuals and businesses.”
Cookie control
Cookies are installed on a user’s computer when they visit a website, allowing web browsers to save information about their session.
They are hugely valuable for tech platforms as ways to personalize advertising — the primary source of revenue for the likes of Facebook and Google.
But privacy advocates have long pushed back.
Since the European Union passed a 2018 law on personal data, internet companies have faced stricter rules that oblige them to seek consent from users before installing cookies.
Last year, the CNIL said it would carry out a year of checks against sites not following the rules on using web cookies.
Google and Facebook were sanctioned by the French regulator with fines of EUR 150 million and EUR 60 million, respectively, for similar breaches around their use of cookies.
The two firms also face scrutiny over their practice of sending the personal data of EU residents to servers in the United States.
Tech giants continue to face a slew of cases across Europe.
Earlier this month, Europe’s data watchdog imposed binding decisions concerning the treatment of personal data by Meta, the owner of Facebook, Instagram, and WhatsApp.
The European Data Protection Supervisor said in a statement that the rulings concerned Meta’s use of data for targeted advertising, but did not give details of its ruling or recommended fines.
The latest case follows complaints by privacy campaigning group Noyb that Meta’s three apps fail to meet Europe’s strict rules on data protection.