France Fines Google $120M and Amazon $42M For Dropping Tracking Cookies Without Consent

France's data protection agency, the CNIL, has slapped Google and Amazon with fines for dropping tracking cookies without consent. From a report: Google has been hit with a total of $120M for dropping cookies on Google.fr and Amazon ~$42M for doing so on the Amazon .fr domain under the penalty notices issued today. The regulator carried out investigations of the websites over the past year and found tracking cookies were automatically dropped when a user visited the domains in breach of the country's Data Protection Act. In Google's case the CNIL has found three consent violations related to dropping non-essential cookies.

Re: only $24M for Bezos Inc?

[Z00L00K]

24 billion should be the fine.

Re:

[LenKagetsu]

Any time I see companies getting fined big numbers the only question on my mind is "Why is this not given to the victims?"

Re:only $24M for Bezos Inc?

[AleRunner]

Any time I see companies getting fined big numbers the only question on my mind is "Why is this not given to the victims?"

Primarily for the simple reason that fines are designed as a punishment and as a discouragement for bad behaviour rather than as compensation. In fact it might be that no single person particularly suffered from this and afterwards Google and Amazon have deleted the data. They still broke the law and have to pay a fine.

Separately, the victims have the right to file for actual damages (including mental damage like anguish, not just physical damage) but this requires them to show, on the balance of probabilities, that they were damaged. Given the work the authorities have already done this becomes much easier than otherwise but it might still be very difficult for any particular victim to show that they were damaged.

There are other reasons too. We don't actually want to encourage and reward people for being victims. If one potential victim took precautions, for example, using an ad blocker and privacy tools, and stopped themselves being damaged then they should be rewarded. Another person, who just used a stock browser and accepted adverts without question, on the other hand, is quite negligent. Like leaving your front door completely open. We shouldn't victim blame, but we shouldn't encourage people to become victims either and we should definitely support people who took appropriate precautions. A little bit of difficulty and expense required to get compensation may be a good thing.

Use a Cookies Manager with your browser.

[Futurepower(R)]

It's important to use a Cookies Manager with your browser and often delete ALL the cookies.

Companies getting permission from you to save Cookies only means they save a huge amount of information on your computer.

Re: Use a Cookies Manager with your browser.

[muffen]

Install the browser extension "I don't care about cookies" so you don't get asked about cookies (it just accepts everything), then install the extension "cookie auto delete" so cookies are deleted when you leave a domain. Best solution to the cookie problems.

Re:

[smooth wombat]

I simply delete all cookies whenever I close the browser or, when it's up for a bit, clear everything before I go on my surfing rampage. I even have Firefox set to only allow cookies from the main site. No third party cookies allowed.

Does it really hurt companies that much to have to reset a cookie thinking I'm a new visitor? Don't know, but if it screws with their metrics, that's a good thing.

Re:

[Applehu Akbar]

I simply delete all cookies whenever I close the browser or, when it's up for a bit, clear everything before I go on my surfing rampage.

That way, you have to log on to each of your online accounts over and over again whenever you browse. But you're protected against the horror of seeing online advertising related to the things you usually buy.

Re:

[smooth wombat]

How many accounts would you need to log into each day? Two? Three? Is that so horrible to do, especially when leaving your account wide open like that is a security risk. By forcing yourself to log in, it is more secure.

As for ads for what I usually buy, I don't buy online so nothing to worry about. Don't see ads anyway.

Unpopular opinion

[CastrTroy]

Unpopular opinion, but I've really tired of seeing all the massive pop-overs asking for permissions for cookies. People should just get in the habit of deleting cookies more often so that they can't be tracked. I have a whitelist of cookies that don't get deleted so I stay logged into a few choice sites, and then everything else gets deleted every time I restart my browser, which is usually at least once a week. I have also permanently disabled 3rd party cookies which has never caused a functional problem for me.

The client holds all the cards as far as cookies are concerned, so there's not much reason to try and force the businesses to follow a standard and ask the user every time they visit a site whether or not they can store cookies. Just build better cookie management features into browsers that allow people to actually take control of how they are being tracked.

Re: Unpopular opinion

[fbobraga]

...and blocking script is a no-go in the great majority of websites, today

Re:Unpopular opinion

[Mattcelt]

I've really tired of seeing all the massive pop-overs asking for permissions for cookies

This (user fatigue) is the entire point, and a massive, industry-wide "fuck you" to Europe and the GDPR. It's malicious compliance, and designed to cause users to be irritated (with GDPR) and stop paying attention to what they're agreeing to.

GDPR should have gone further and required opt-in by default without user interaction. But alas, we got this instead.

Re:

[LenKagetsu]

I think it means "User automatically rejects all non-essential cookies, has to whitelist manually but is never prompted to do so."

Re:

[Mattcelt]

An argument is a connected series of statements intended to establish a proposition.

Anonymous Coward: No it isn't.

Yes it is! It's not just contradiction.

Anonymous Coward: Look, if I argue with you, I must take up a contrary position.

Yes, but that's not just saying 'No it isn't.'

Anonymous Coward: Yes it is!

No it isn't! Argument is an intellectual process. Contradiction is just the automatic gainsaying of any statement the other person makes.

Anonymous Coward: No it isn't.

Re:

[OneOfMany07]

Why can't a single response from users be applied by software to similar situations? Not asking for site X, but for all sites that want to use this type of cookie? Couldn't Firefox or other browsers do that?

Re:

[TheNameOfNick]

It's not about making this easy for you or indeed giving you a choice. They will wear you down until you submit. You're already telling them not to track you, aren't you? There's an extra header for it that you send with every request. They still put up that huge overlay and ask you if they may set tracking cookies.

Re:

[Bite The Pillow]

And IT professionals should be doing nightly offsite backups so they don't get ransomware. A statistically rounded zero number of people know this is an option and would use it. Putting it in their face constantly so they learn will not help.

Re:

[OrangeTide]

I've blackholed domains in my global hosts file when their websites have gotten too annoying for me. It keeps my from accidentally clicking on search results that aren't going to lead me anywhere useful, like pinterest.

Re:

[Bobtree]

This Firefox add-on removes most cookie warnings: https://addons.mozilla.org/en-... [mozilla.org]

a bit excessive

[e**(i pi)-1]

I'm very concerned in general about privacy but the current system of having to consent on every page to cookies (especially on European sites) is just annoying. What would help more if there would be on every browser a fast way to allow or deny cookies or get rid of cookies. Leave it to the user and not produce access burdens. Getting rid of cookies is possible but it requires a couple of clicks. But I don't want every time when accessing a page like google search or an amazon page to have to consent fi

Re:

[TheNameOfNick]

Not a single web site is required by law to ask for cookie permissions. You don't need to ask for essential cookies (those which are technically necessary for the site to perform its user facing function), and you don't need to use any other cookies. Pestering the user with these text-book examples of hostile design is a choice that web site owners make. They don't want you to quickly reject unnecessary cookies, be it manually with an unobtrusive overlay or with a browser function. You know that you can alr

Re:

[MS]

I fully agree - unfortunately I cannot mod you up

I make websites for a living: without cookie-consent-popups. I don't need them. Even online shops do not need those popups.

What's the Net?

[bill_mcgonigle]

So did they make more from the tracking than the fines will take away? These don't look like France being tough.

Dropping cookies?

[DontBeAMoran]

Surely they meant "creating", "adding", "updating" or "modifying".

Re:

[hawk]

an odd choice of word, indeed.

I figured it was antitrust for not including someone else's cookies . . .

Maybe "pooping" would be a better word for this activity . . .

hawk

Re:

[nitehawk214]

You are not the only one confused. I was like "yes, I want them to drop tracking cookies. I don't want that shit at all. Why would france be angry that they are not tracking?"

DROP cookie FROM browser WHERE idiots = 'can't use english language';

Re:

[nitehawk214]

Fuck, I forgot to escape my single quote.

Re:

[Waccoon]

I'm sure Slashdot wouldn\'t have rendered it correctly anyway.

Re:

[s4080326]

Surely they meant "creating", "adding", "updating" or "modifying".

Yeah my first parse of the headline made me think they had "dropped" cookies in the same way the "dropped" Google Plus and 101 other Google products. I was prepping my outrage to comment "Well if you wanted Google to support cookies you shouldn't have forced regulations on them"

Re:

[presidenteloco]

It was also strange to me that the author of this article somehow thought "dropping cookies" was common parlance, not in need of clarification.

Maybe the author has a vision of google being like a rabbit visiting around the Internet and dropping "presents" everywhere it goes.

Re: Dropping cookies?

[reanjr]

Dropping cookies is common parlance. I hear it all the time from marketing people. The website is dropping the cookie onto your machine. It's actually pretty clear if you know who the dropper is.

Re:

[presidenteloco]

The author's mistake then was thinking that marketing people are a significant fraction of their article's audience, as opposed to, say, 1% of their audience.

"Placing tracking cookies on users' devices" is clearer.