In December 2020, the National Commission for Informatics and Freedoms (CNIL) imposed a record fine on Amazon and Google, respectively 35 million and 100 million euros. The Mountain View firm contests this fine. On January 12, she pleaded before the Council of State for the annulment of this sanction that she had received for non-compliance with the legislation on information prior to the deposit of cookies.
Google considers that the CNIL is not competent to judge its irregularities
Google’s line of defense is to question the legal interpretation of the links between the privacy directive (e-privacy) and the general regulations on the protection of personal data (GDPR). The company considers that the case should have gone through the “European one-stop-shop” system defined in the GDPR. This rule requires the settlement of a dispute by the data protection authority of the country hosting the European headquarters of the company, in the case of Google, Ireland.
Despite the crackdown, a record level of investment for tech in China
In Europe, Google is based in Dublin, Ireland. Photograph: Outreach Pete / Flickr.
Google argues that the French authority was not competent to impose this type of sanction. The public rapporteur reaffirmed the compliance of the CNIL by explaining that the interpretation of the law was clear on this point. According to him, there is no need to refer this type of preliminary question to the Court of Justice of the European Union. The opinion of the rapporteurs is often followed by the administrative judges who know that this referral would have the effect of suspending the case.
The CNIL considers that it is fully competent to penalize offenses related to tracers on the basis of e-privacy. Google’s lawyer, Patrice Spinosi, considers that he has no “Obvious answer to this question”.
An almond disputed by Google a few days after a new sanction from the CNIL
This fine had been drawn up by the CNIL during a control in March 2020. The commission noted three failings concerning the digital giant: the deposit of tracers without the Internet user having previously given his agreement, the lack of information sufficiently clear on the purpose of cookies and the absence of a procedure to withdraw consent. These findings led to the fine of 100 million euros, contested by Google.
If in December 2020, this almond given by the CNIL to Google was a record, the company has since beaten it. A few days ago, the administrative authority once again sanctioned the company with a fine of 150 million euros. Accompanied by Facebook, sentenced to pay a fine of 60 million euros, the two companies are accused of not respecting the law in force in France on cookies and have three months to comply.