Google, Facebook Fined $237M Over Cookies

John Lister's picture

Facebook and Google have been fined a total of $237 million for the way they ask users for permission to issue cookies. French regulators said the companies breached rules that say refusing cookies must be as simple as accepting them.

The fines came from the CNIL, France's primary data privacy regulator. It found the companies had breached France's Data Protection Act. In both cases, the companies breached rules on cookies that took effect last year with a deadline of March 31st for compliance. (Source:

Unfair Choice

Facebook was fined approximately $68 million USD while Google was fined approximately $170 million USD, covering both the main Google site and YouTube. Both companies have three months to comply fully with the law, after which they will face daily fines of approximately $113,000 USD.

The logic behind the rules is that business usually rely on consent to lawfully issue cookies under French law, with cookies inherently using personal data. The rules say such consent must be based on a meaningful decision by the users. Part of what makes the decision meaningful is that businesses don't try to influence the choice by making one option easier to exercise than another.

One Click To Accept

The CNIL concluded that Facebook and Google had in fact done this. That's because their sites were set up to ask permission to issue non-essential cookies, with a single button to accept. Users who wanted to reject the cookies would need to go through multiple clicks to make and confirm their decision.

The rules ultimately stem from European wide legislation including the so-called e-Privacy Directive and the GDPR. However, French regulators are particularly tough in the way they apply these rules.

The BBC notes the CNIL has previously called for websites to keep track of people who've refused cookies and not ask again for at least six months. It also wants a link or button on every page of a web site that lets users check the previous permission they've given for cookies and easily withdraw it. (Source:

What's Your Opinion?

Do you find it simple to accept or refuse cookies? Would you reject cookies more often if it was easier to do so? Are these fines appropriate?

Rate this article: 
Average: 5 (4 votes)


Dennis Faas's picture

I've always wondered who gets to keep the cash once the fines have been collected?

kitekrazy's picture

I doubt it is collected either. So it isn't or the fines don't make a dent.

Chief's picture

Here's how the game works in a bureaucracy:

Regulatory Body 'A' makes rules, makes judgements, issues fines (judge, jury, executioner - all in one convenient location - no checks/balances).

Regulatory Body 'A' at the end of the fiscal year issues a report to the 'mother ship' in essence humble-bragging about how many regulations they created, how many and how much the fines, and how many entities they now control (either by putting out of existence or regulating).

This thereby justifies their existence, proves their importance, increases their power, and serves as the basis of how much their budget issued by the 'mother ship' should be increased for the following fiscal year.

Where the fines go is immaterial, as the name of the game is power and the object is to gain more power.

If your budget exceeds your fines, you ask for more so you can grow in importance and power.

If your fines exceed your budget, you ask for more, so you can grow in importance and power.

Win/win for the bureaucracy.

Lose/lose for the populace.

beach.boui's picture

"Lose/lose for the populace."

The populace also loses when data mining companies covertly collect your personal and private information and make money from with without your knowledge or permission, and without sharing that money with you.

mike's picture

If the CNIL wants companies to keep track of those who refused cookies, that is adding an extreme burden on those companies if they can't use cookies to do so. The logistics would be insane. Of course, the easy alternative would be to not use cookies at all.

I also wonder what happens to the fines, assuming they ever get collected.

Personally, I have not had any problems rejecting cookies.

buzzallnight's picture

are on your computer
and to delete them if you want to
without blowing every password you ever used at the same time!

Chief's picture

This is yet another glaring example of how/why the regulatory bureaucracy is out of control.

Here, you have the European Union, which is supposed to be ONE, run by a myriad of fiefdoms, each with it's own "rules" which are never completely published or understood, as they change constantly, depending on which way the political winds are blowing!

Cookies are 'convenience' items on our computers. While not impossible to get rid of, if you do, you lose all the 'convenience' of being 'known' when you go to you favorite web sites.

It's just like carrying a 'smart' phone - it tracks your every movement for your 'convenience'.

The choice is yours - don't depend on some regulatory fiefdom to "protect" you; or, you will end up with the situation Benjamin Franklin supposedly described: "Those who would trade freedom for security deserve neither!"

beach.boui's picture

Here, you have cynical opinion that distorts the facts. The CNIL is doing their job in holding a couple of Goliath companies to account for their bad behavior, and in do so, they are working to protect the rights of the taxpayers who pay their salaries. The various members of the EU call themselves "states". They're analogous to the 50 states of America. While we have federal rules, laws and regulations, the states may also impose their own. Yes, it is nearly impossible to devise a law or regulation that suits every state, because every state is different in their needs or circumstance.

Cookies are a tracking method, first and foremost. They can be, and sometimes are, used to store convenience options for a particular website. Some people know how to deal with site cookies, and many don't. Everyone should be made aware that cookies are being used and have the option to opt-in or opt-out, without deceptive practices that try to keep you in, or unaware that you're opted in.

Cell phones track us, but that tracking data benefits the data collector (Google) as much or more than it benefits the individual. My phone doesn't track me, but I can't control which cell towers it connects to, which gives a general proximity of my whereabouts whether I disable tracking and storage of my travels, or not.

Most users are not savvy enough to understand the technology that is used against them when using their phones and computers. While I would encourage everyone to make an effort to do so, our civilization needs regulatory and watchdog agencies to keep the Goliath companies in check. Why? Because everyone, even those who don't understand the technology they're using, deserve to be protected from the abuse of those who think they're above the law.

russoule's picture

While it is true that the "goliath" companies use various means to capture that "information", the information captured is more of a "What are you watching on television tonite?" type of data. Your IP address, your name, your actual advertising or site usage, your shoe size, etc. The real problem that most consumers are concerned about is the capture of FINANCIAL DATA, and that can be, and SHOULD BE, restricted via rules and regulations. However, unless there is some nefarious reason to avoid te knowledge of where you are, that data is meaningless since it changes by the movement of your body/cell phone/computer. In other words, WHO CARES?

We the public are subjected to advertising constantly all day long. Would you prefer the un-focused advertising that lack of "cookies" would generate? If I am looking for a yard blow-up in the Valentines mode, what difference does it make that the next ad is for other valentine type products instead of ads for furniture? Of course the various controlling bodies could just outlaw advertising completely on the 'net, but then where would Dennis get the money to keep his site open? THERE IS NO "FREE" LUNCH and all the so-called free sites actually MUST make money from something or be independently wealthy and do there thing as a "public service".

Cookies are a method to gather pertinant data for advertising purposes and while irritating, it serves the purpose of providing access to a wealth of "free" information.

Practically speaking, without the advertising, there would be a very much smaller internet universe.