It is hard to believe that the so-called cookie law is almost 20 years old. Despite that, companies still struggle with compliance – including the some of the world’s leading technology companies.
The law is much maligned for not enhancing privacy and, at the same time, being anti-business. While many have been calling for a change (including the UK government) it still remains the law and needs to be complied with.
CNIL Action: Google and Facebook
To remind us of this, the French privacy regulator (the CNIL) issued large fines against Google and Facebook, €150 million and €60 million respectively, for breaching Article 82 of the French Data Protection Act (Privacy and Electronic Communications Directive 2002).
Following an investigation prompted by numerous complaints, the tech giants were penalised because visitors to the site were greeted with cookie banners that permitted a one-click acceptance of cookies, in contrast to a far more complicated method of rejecting cookies. In order to reject cookies, visitors would have to complete several additional steps customising cookie settings.
The balance of a one-click acceptance compared to multi-step rejection, in the CNIL’s view, does not allow visitors to freely provide their consent for cookie collection and they saw this as a fundamental breach of cookie consent regulation.
Key Take Aways
So what lessons can other companies learn to ensure they aren’t subject to similar fines?
Ensure that cookie acceptance and rejection options are balanced
Do not use one-click acceptance, when paired with a labyrinth of steps to reject cookies. Avoid an endless selection of customisable cookies in such scenarios
If there is no balance, it is unlikely that consent will be validly obtained
If you utilise one-click acceptance, regulators will expect one-click rejection to feature alongside it
Need more information about the above people and legal expertise? Talk to one of our lawyers: +44 (0)20 7628 2000
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
1 year 1 month 4 days
Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
1 year 1 month 4 days
Google Analytics sets this cookie to store and count page views.
YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.