France’s privacy watchdog fined Microsoft €60 million ($64 million) for not offering clear enough instruction for users to reject cookies used for online ads, as part of the move to enforce Europe’s tightening data protection law.
CNIL, France’s digital privacy regulator, said Thursday that it carried out several investigations on the Microsoft search engine Bing in September 2020 and May 2021 and found that the site dropped advertising cookies in users’ terminals without their explicit consent.
The website also lacked a button for users to reject cookies as simply as accepting them, CNIL said, where two clicks were required to refuse all cookies while only one was needed to accept them.
Cookies are small files that track and monitor the sites users have visited and are often used to help personalize online ads. According to CNIL, the $64 million fine against Microsoft is justified partly because of the scope of revenue the company made from advertising indirectly generated from the data collected via cookies.
Microsoft has been ordered to solve the issue within three months by implementing a simplified cookie refusal mechanism, or it could face additional fines of €60,000 a day, CNIL said.
A Microsoft spokesperson noted in a statement shared with SC Media that the company had already made changes to include a button for advertising cookies even before the investigation started, but it remained concerned with the CNIL’s requirement to collect consent for cookies used to detect advertising fraud.
“We believe the CNIL’s position will harm French individuals and businesses by allowing fraud to spread online,” the statement noted.
The Microsoft spokesperson told SC Media that the company has not yet decided whether to appeal the CNIL order on advertising fraud.
The fine is a part of broader efforts for the French regulator pushing tech giants to comply with new rules on cookies. Earlier this year, CNIL fined Google €150 million and Meta €60 million over the same issue.