The French Data Protection Agency fined Google and Chinese e-commerce giant Shein to $379 million (Euro 325 million) and $175 million (Euro 150 million) respectively for violating cookie rules.
Without ensuring consent, the companies have set ad cookies on users’ browsers, the National Committee on Informatics and Freedom (CNIL) said. Shein then updated the system to comply with regulations. Reuters reported that retailers will appeal the decision.
“When creating a Google account, users were encouraged to select cookies linked to personalized ad display, to detrimentalize those linked to general ad displays and to clearly notify users that their advertising cookie deposit was a condition of access to Google’s services.
The consent obtained in this way is not valid and constitutes a violation of the French Data Protection Act (Article 82). This is the default behavior until October 2023 when the company added the option to reject cookies, but it is worth noting that “the lack of informed consent was still ongoing.”
Google has also been called to place advertisements in the form of emails in the emails on the “Promotion” and “Social” tabs of Gmail, and states that displaying such advertisements requires the user’s explicit consent in accordance with the French Postal and Electronic Communications Code (CPCE).
French telecommunications operator Orange was fined 50 million euros in December 2024 for similarly displaying advertisements between actual email messages without user consent. Google has been ordered to either implement the system into compliance within six months or risk facing a penalty of 100,000 euros per day.
This development comes as a US ju apprentice has discovered that by collecting data, even after opting out of tracking web & app activity, Google is violating user privacy. The decision to award $425 million in compensatory damages is the culmination of a class action lawsuit filed against the company in July 2020.
In a related privacy-related announcement, the US Federal Trade Commission (FTC) said it had agreed to pay $10 million to collect personal data from children watching YouTube videos without parental notice or consent and to resolve allegations that it violates the US Children’s Online Privacy Protection Regulation (COPPA).
The agency said Disney was unable to properly label a video uploaded to YouTube as “children” and would allow it to collect data from children under the age of 13 who use it to view that content and serve targeted ads.
The proposed settlement requires Disney to start warning parents before collecting personal data from children under the age of 13, in addition to a $10 million fine. Disney also needs to start the program to ensure that the videos uploaded to YouTube are properly specified for children.
Separately, the FTC is also taking action against Apitor Technology, a China-based robot toy manufacturer that is allegedly allowing third parties called JPUSH to collect child georecruitment data without knowledge and parental consent in violation of COPPA.
“Apitor has integrated a third-party software development kit called JPush into IT [Android] Apps that allow JPUSH developers to collect location data and use it for any purpose, including advertising, will begin collecting and sharing accurate location data with JPUSH servers after Android users download the APItor app, and are unknown to the child users and their parents. ”
Source link
