10 déc 2020 · FRENCH DATA PROTECTION AUTHORITY – NEWS GOOGLE IRELAND LIMITED with a total fine of 100 million euros, specifically for
| Previous PDF | Next PDF |
[PDF] French Authority Fines Google for Data Privacy - cloudfrontnet
12 fév 2019 · On January 21, 2019, the French data protection authority Commission Nationale de l'Informatique et des Libertes (“CNIL”) fined Google €50
FIRST MAJOR BREACH OF THE GDPR: FRANCE FINED GOOGLE
€50 000 000 that fined to Google by the French authorities in consequence of the occurred and the administrative fine regulated under the GDPR has been
[PDF] Google Fined €50 Million in France for GDPR Violation - Covington
22 jan 2019 · On January 21, 2019, the French Supervisory Authority for data protection (“CNIL ”) issued a fine of €50 million against Google for violations of
[PDF] CNIL Fines Google €50 Million: What this Means for Businesses and
January 30, 2019 - On January 21, 2019, the French Data Protection Authority (" CNIL") sanctioned Google LLC for violating the General Data Protection
[PDF] Google Fined for Violation of EU Data Protection Law
22 fév 2019 · In a decision testing what it means to give informed consent to online data collection, a French regulatory · body recently fined Google LLC (
[PDF] Lessons from French data protection authoritys record fines on
Lessons from French data protection authority's record fines on Google, Amazon for basic cookie failures Published 16-Dec-2020 by Robert Baugh, Keepabl
Google Fined €50 Million by French Data Protection Authority for
23 jan 2019 · 25, 2018, the Commission Nationale de l'Informatique et des Libertés (“CNIL”), the French data protection authority, fined Google €50 million
[PDF] Lessons from CNILs EUR50 Million GDPR - Fox Rothschild LLP
to the GDPR On January 21, 2019, the French Commission Nationale de on Google LLC under the EU General Data Protection Regulation (Regulation (EU) Protection Authorities (DPAs) power to fine organizations up to 4 of annual
[PDF] GDPR - European Data Protection Board - europaeu
ANSWERS FROM THE FRENCH SUPERVISORY AUTHORITY efficiently the GDPR equips the Data Protection Authorities (thereafter the DPA/DPAs) with The restricted committee of the CNIL has imposed 15 fines since May 2018 For instance: 50 million euros on GOOGLE; 400 000 euros on SERGIC; 180 000 on
[PDF] Cookies: €60 million fine against GOOGLE LLC and €40 million fine
10 déc 2020 · FRENCH DATA PROTECTION AUTHORITY – NEWS GOOGLE IRELAND LIMITED with a total fine of 100 million euros, specifically for
[PDF] french double tax treaties
[PDF] french double taxation treaty
[PDF] french economy
[PDF] french economy 1960s
[PDF] french electricity supply
[PDF] french energy department
[PDF] french energy resources
[PDF] french er ir re verb endings chart
[PDF] french exemption ontario schools
[PDF] french fashion early 1800s
[PDF] french fashion history
[PDF] french fashion in the 1700s
[PDF] french fashion late 1800s
[PDF] french fashion timeline
EUROPEN DATA PROTECTION OFFICE (EDPO)
AVENUE HUART HAMOIR 71 - 1030 BRUSSELS - BELGIUM
WWW.EDPO.COM
UNOFFICIAL ENGLISH TRANSLATION
FRENCH DATA PROTECTION AUTHORITY - NEWS
millions-deuros-lencontre-de Cookies: €60 million fine against GOOGLE LLC and €40 million fine against GOOGLEIRELAND LIMITED
10 December 2020
On December 7, 2020, the CNIL's Restricted Committee sanctioned the companies GOOGLE LLC and GOOGLE IRELAND LIMITED with a total fine of 100 million euros, specifically for having placed advertising cookies on the computers of users of the search engine google.fr without prior consent or satisfactory information. On March 16, 2020, the CNIL carried out an online check on the website google.fr which revealed that when a user visited the website, cookies were automatically placed on their computer, without any action on their part. Several of these cookies had an advertising objective.Breaches of the Data Protection Act
The Restricted Committee, the CNIL body in charge of pronouncing sanctions, found three violations of Article 82 of the French Data Protection Act: Placing of cookies without prior collection of the user's consentWhen a user visited the google.fr website, several cookies with an advertising purpose were
automatically placed on the user's computer without any action on their part. As this type of cookie could not be placed without the user's consent, the Restricted Committee considered that the companies had not complied with the requirement set forth in Article 82 of the French Data Protection Act to obtain prior consent before placing cookies that were not essential to the service. A failure to inform users of the search engine google.fr When a user visited the google.fr website, an information banner was displayed at the bottom of the page, bearing the following words "Reminder regarding Google's privacy policy" in front of which were two buttons entitled "Remind me later" and "Consult now".EUROPEN DATA PROTECTION OFFICE (EDPO)
AVENUE HUART HAMOIR 71 - 1030 BRUSSELS - BELGIUM
WWW.EDPO.COM
This banner did not provide the user with any information about the cookies that had already been placed on their computer when they arrived on the website. Nor was this information provided to the user when they clicked on the "Consult Now" button. The Restricted Committee therefore considered that the information provided by the companies did not allow users residing in France to be previously and clearly informed about the placing of cookies on their computer and, consequently, about the objectives of these cookies and the means made available to them as to the possibility of refusing them.The partial failure of the "opposition" mechanism
When a user disabled the personalization of Google search ads using the mechanism available to them from the "Consult Now" button, one of the ad cookies would remain stored on their computer and continue to read information to the server to which it was attached. The panel therefore considered that the "opposition" mechanism put in place by the companies was partially defective, in violation of Article 82 of the French Data Protection Act. The sanction pronounced by the Restricted Committee The Committee sanctioned the company GOOGLE LLC with a fine of 60 million euros and the company GOOGLE IRELAND LIMITED with a fine of 40 million euros, which were made public. The Committee justified these amounts in view of the seriousness of the aforementioned triple breach of Article 82 of the French Data Protection Act. It also highlighted the reach of the Google Search search engine in France and the fact that the companies' practices affected nearly fifty million users. Finally, the Committee pointed out the considerable benefits that the companies derive from the advertising revenues indirectly generated from the data collected by these advertising cookies. The Committee noted that, since an update in September 2020, companies have stopped automatically placing advertising cookies as soon as the user arrives on the google.fr page. It nevertheless noted that the new information banner implemented by the companies upon arrival on the google.fr page still did not allow users residing in France to understand the purposes for which cookies are used and did not inform them of the fact that they could refuse these cookies. Therefore, in addition to administrative fines, the Restricted Committee also adopted an injunction under penalty so that the companies proceed to inform people in accordance with Article 82 of the Data Protection Act within 3 months of the notification. Otherwise, the companies will be liable to a penalty payment of 100,000 euros per day of delay.EUROPEN DATA PROTECTION OFFICE (EDPO)
AVENUE HUART HAMOIR 71 - 1030 BRUSSELS - BELGIUM
WWW.EDPO.COM
A competence of the CNIL
In its deliberation, the Restricted Committee recalled that the CNIL is materially competent to control and sanction cookies placed by companies on the computers of users residing in France. It thus stressed that the cooperation mechanism provided for by the GDPR ("one-stop shop" mechanism) was not intended to apply in this procedure since operations related to the use of cookies fall under the "ePrivacy" directive, implemented in Article 82 of the French Data Protection Act.It considered that the CNIL is also territorially competent under Article 3 of the Data Protection Act
because the use of cookies is made within the "framework of activities" of the company GOOGLE FRANCE which is the "establishment" on French territory of GOOGLE LLC and GOOGLE IRELANDLIMITED and promotes their products and services.
It also considered that the companies GOOGLE LLC and GOOGLE IRELAND LIMITED are jointly responsible since they both determine the purposes and means related to the use of cookies. The articulation of the sanction with the work of the CNIL on cookiesAs part of its action plan on advertising targeting and to take into account the entry into force of the
GDPR, the CNIL published on October 1, 2020 its amending guidelines and a recommendation on the use of cookies and other tracers. The CNIL asked the actors to comply with the rules thus clarified, considering that this adaptation period should not exceed six months. On this occasion, it nevertheless specified that it would continue to fully monitor compliance with the other obligations that have not been amended and, if necessary, to adopt corrective measures to protect the privacy of Internet users. The obligations that the CNIL is sanctioning today regarding non-compliance by companies with the GDPR were pre-existing and are therefore not among those that have been clarified by the new guidelines and the recommendation of October 1, 2020. Note: The company GOOGLE LLC, based in California, develops the search engine Google Search. GOOGLE IRELAND LIMITED, based in Ireland, is the European headquarters of the Google Group. The company GOOGLE FRANCE is the establishment in France of the company GOOGLE LLC.quotesdbs_dbs8.pdfusesText_14