[ad_1]
PARIS—France’s privacy watchdog fined
Microsoft Corp.
for not making it easy enough for users of its Bing search engine to reject cookies used for online ads, as part of a broader increase of enforcing Europe’s privacy laws.
France’s data-protection regulator, the CNIL, said Thursday that it fined a Microsoft subsidiary in Ireland 60 million euros, equivalent to almost $64 million. The company hadn’t—until earlier this year—offered users the option to reject so-called cookies alongside the button to accept them, the regulator said. Cookies are a type of digital identifier that websites can leave in web browsers, and which are often used to help target advertising.
The regulator also ordered Microsoft to seek consent for another type of cookie that it places in web browsers for the purposes of detecting fraudulent views of ads—something the CNIL said wasn’t necessary to make the search engine function. If Microsoft doesn’t comply within three months, it could face additional fines of €60,000 a day, the CNIL said.
A Microsoft spokesman said the company had made changes to its cookie practices to add a reject button for advertising cookies, but that it remains “concerned with the CNIL’s position on advertising fraud.” The company argues that such cookies “shouldn’t require consent by those intending to defraud others,” he said. Microsoft hasn’t decided whether to appeal the part of the decision that ordered it to seek consent for the cookie used to detect ad fraud, the spokesman said.
The CNIL’s fine on Thursday is part of a broader effort by French regulator to pursue big tech companies and online publishers to force them to make reject buttons as prominent as those to accept online cookies when they relate to targeted advertising. Many regulators in the European Union don’t regard targeted ads as necessary for the functionality of a website.
Earlier this year, the CNIL fined
Alphabet Inc.’s
Google €150 million and
Meta Platforms Inc.’s
Facebook €60 million over the same issue. Both Google and Facebook now have a button to reject nonessential cookies next to the one to accept them when visitors first land on their home pages.
Regulators across Europe have taken a hard-line approach against large tech companies and their treatment of user data in recent years. In particular, EU regulators have moved to rein in targeted advertising based on users’ online activity. A body representing all EU privacy regulators recently ruled that Ireland’s data watchdog must order Facebook and Instagram to stop making personalized ads based on users’ activity a condition of using the services.
Many privacy cases against tech companies under the EU’s General Data Protection Regulation, or GDPR, run through Ireland’s Data Protection Commission because that is where many U.S. tech companies have their headquarters. But France’s CNIL has been able to take on the cookie-consent issue because it is governed in part by an older EU law, the ePrivacy directive, which doesn’t include the same provisions to shift investigations to the country where the company in question is based.
Write to Sam Schechner at Sam.Schechner@wsj.com and Mauro Orru at mauro.orru@wsj.com
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
Appeared in the December 23, 2022, print edition as ‘Microsoft Fined in France Over Cookies.’
[ad_2]
Leave a Reply