Google fined €100m by France’s privacy watchdog

Google’s Irish operation to pay €40m of record fine; Amazon hit with fine over cookies

The financial penalty against Google is the biggest ever issued by the French watchdog. Photograph: Wallace Woon/EPA
The financial penalty against Google is the biggest ever issued by the French watchdog. Photograph: Wallace Woon/EPA

Google has racked up another record European Union fine, this time a €100 million penalty from France's privacy watchdog over the way it manages cookies on its search engine.

CNIL, France’s data protection authority, said Google’s fine had to be paid for the most part by its US entity Google LLC, with €40 million paid by EU-based Google Ireland Limited.

CNIL also slapped online shopping giant Amazon with a €35 million fine for placing cookies, which are tracking devices, on people's computers without their consent, according to a statement on Thursday.

Amazon’s fine has to be paid by its Luxembourg-based entity.

READ SOME MORE

The companies were given a three-month ultimatum to make changes to the information they provide to users or face additional daily fines of €100,000.

The financial penalty against Google is the biggest ever issued by the French watchdog, a spokesman said. The previous record fine of €50 million also targeted the US tech giant for breaching EU data privacy rules.

“We stand by our record of providing upfront information and clear controls, strong internal data governance, secure infrastructure and, above all, helpful products,” Google said in a statement. “Today’s decision under French e-privacy laws overlooks these efforts and doesn’t account for the fact that French rules and regulatory guidance are uncertain and constantly evolving.”

Amazon said separately it disagreed with the decision against it. “We continuously update our privacy practices to ensure that we meet the evolving needs and expectations of customers and regulators and fully comply with all applicable laws in every country in which we operate,” it said.

EU data protection regulators’ powers have increased significantly since the bloc’s so-called General Data Protection Regulation, or GDPR, took effect in May 2018. The law allows watchdogs for the first time to levy fines of as much as 4 per cent of a company’s annual global sales.

But the latest fines were levied based on French rules regulating firms’ use of cookies and other tracking devices.