CNIL wants to fine Google and Facebook millions for incorrect cookie consent

The French privacy regulator plans to fine Google and Facebook for violating e-Privacy regulation. The companies would have to pay 150 and 60 million euros respectively because European users cannot easily refuse cookies.

Politico writes this on the basis of documents from the Commission nationale de l’informatique et des libertés or CNIL. The French privacy watchdog wants to give Google two fines. The American division of the company would be fined 90 million euros, and the Irish division 60 million euros. For Facebook, the fine of 60 million euros will only be borne by the Irish department. The CNIL is allowed to take action against the US branch of the company because it concerns violations of the e-Privacy regulation and not the GDPR. The e-Privacy Regulation is about protecting all forms of digital communication. Regulators can therefore also hold a company liable in another country if it commits a violation in the communication between a European and a foreign user. Under the GDPR, a company can only be held liable if it is located in the same country as the victim. European supervisors are also allowed to exchange this task with each other, as is now happening in several investigations into WhatsApp, for example.

Politico does not provide much information about the nature of the complaint. It would revolve around cookie consent; Google and Facebook would make it too difficult to refuse tracking cookies on and The companies would have to adjust that within three months of the final ruling, otherwise they could also receive an additional fine of 100,000 euros per day, the site writes.

The fine has not yet been announced definitively. The CNIL does not want to confirm that it will come with such a fine. Facebook parent company Meta tells Politico it is “reviewing the decision,” pointing to several measures it has taken to give users retrospective control over what data the company collects.