During the month of January, Google announced its intention to cancel one of its fines imposed by the National Commission for Computing and Liberties (CNIL) via the Council of State. This last delivered its verdict : it validates the sanction pronounced by the CNIL against Google. The Mountain View firm will have to pay the sum of 100 million euros.
Google has attempted a second appeal to have its fine of 100 million euros canceled
In December 2020, Google was fined 100 million euros for violating cookie regulations. Thus, Internet users were imposed these advertising tracers without having consented to them, which is a violation of the European directive on privacy (ePrivacy), the principles of which have been transferred to the Data Protection Act.
SpaceX plans 52 launches in 2022, a new record
In March 2021, Google had attempted a first summary appeal which had been rejected by the Council of State. She believed that only the Irish data protection authority had jurisdiction to settle this dispute, as the company’s European headquarters are in Dublin. Nevertheless, the administrative judge had validated the fine awarded by the CNIL.
Finally, in January 2022, Google went to the Council of State for a second time to have this fine canceled. This time, the firm pleaded that the French authority was not competent to impose this type of sanction and considers that the case should have gone through the “European one-stop shop” system as defined in the GDPR.
Facade of the Council of State. Credit: Council of State
The CNIL is indeed competent according to the Council of State
In the decision taken and announced by the Council of State, the institution considers and confirms that the CNIL is competent to intervene in this type of situation. Google’s argument is therefore rejected by the judge, who specifies that ” if the conditions for obtaining the user’s consent provided for by the general data protection regulations are applicable to the operations of reading and writing in the terminal of a user, it has not been provided for the application of the so-called one-stop-shop mechanism applicable to cross-border processing. »
The Council of State also considered that the fine was not excessive in relation to the facts alleged by the CNIL. She justifies this point by saying: that the higher market share of 90% represented by the Google search engine with an estimate of 47 million users in France as well as the particularly significant profits produced by the online targeted advertising segment enabled by the data collected by the use of cookies. »
The administrative judge confirms the three violations of Article 82 of the Data Protection Act sanctioned by the CNIL, namely:
- The deposit of cookies without the prior consent of the user
- Lack of user information
- The partial failure of the proposed mechanism to refuse cookies.
In addition to this now validated fine, Google will have to pay another in the amount of 150 million euros, also imposed by the CNIL. The French authority considers that Google has once again violated the rules on cookies by not allowing the Internet user to easily refuse the deposit of cookies.