France’s National Commission on Informatics and Liberty (CNIL) on Thursday fined Google nearly $170 million and Facebook almost $70 million for making it harder for French users to refuse cookies.
Cookies on a website stores user information. However, France’s privacy regulator has slammed the tech giants, saying that user private information can be hijacked by hackers when they accept the cookies.
CNIL, in its statement, ordered Google and Facebook to fix the issue within three months or face daily fines of more than $100,000 from the restricted committee, the CNIL body that handles sanctions.
“The restricted committee considered that this process affects the freedom of consent: since, on the Internet, the user expects to be able to quickly consult a website, the fact that they cannot refuse the cookies as easily as they can accept them influences their choice in favor of consent,” the CNIL wrote.
That puts the two companies in violation of the French Data Protection Act. On Facebook, YouTube and Google sites, one click can enable cookies but it takes multiple clicks to refuse them all, the watchdog commission added.
“While cookies are largely a matter of privacy and convenience, criminals can hijack them to spy on users.”
Google in response to the European nation’s order, said that it was working to make changes in response to the CNIL commandment.
Facebook also noted that it was reviewing the fines demanded of them, by France’s CNIL.