The French regulator said that after investigations, it was found that:
“When users visited this site, cookies were deposited on their terminal without their consent, while these cookies were used, among others, for advertising. It also “observed that there was no button allowing to refuse the deposit of cookies as easily as accepting it.”
The CNIL said the fine was justified in part because of the profits the company made from advertising profits indirectly generated from the data collected via cookies – tiny data files that track online browsing. Bing offered a button for the user to immediately accept all cookies, but two clicks were needed to refuse them, it said.
The company has been given three months to rectify the issue, with a potential further penalty of 60,000 euros per day overdue. The fine was issued to Microsoft Ireland, where the company’s European base is located.
In a statement, Microsoft said:
“We had introduced key changes to our cookie practices even before this investigation started. We respectfully continue to be concerned with CNIL’s position on advertising fraud. the French watchdog’s “position will harm French individuals and businesses.”
Cookies are installed on a user’s computer when they visit a website, allowing web browsers to save information about their session. They are hugely valuable for tech platforms as ways to personalize advertising – the primary source of revenue for the likes of Facebook and Google.
But privacy, advocates have long pushed back. Since the European Union passed a 2018 law on personal data, internet companies have faced stricter rules that oblige them to seek consent from users before installing cookies.
The two firms also face scrutiny over their practice of sending the personal data of EU residents to servers in the United States. And tech giants continue to face a slew of cases across Europe.
Earlier this month, Europe’s data watchdog imposed binding decisions concerning the treatment of personal data by Meta, the owner of Facebook, Instagram, and WhatsApp.
The European Data Protection Supervisor said in a statement that the rulings concerned Meta’s use of data for targeted advertising, but did not give details of its ruling or recommended fines. The latest case follows complaints by privacy campaigning group Noyb that Meta’s three apps fail to meet Europe’s strict rules on data protection.