France fines Microsoft $64M for privacy law violations using Bing cookies
3 min. read
Published on
Share this article
Improve this guide
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
France’s National Commission for Technology and Freedoms (Commission Nationale de l’Informatique et des Libertes or CNIL) has fined Microsoft 60 million euros for forcing cookies on customers via the Bing search engine. Specifically, the fine was issued to Microsoft Ireland, the software giant’s European base.
Microsoft’s plate is full this year with different issues it needs to address. Aside from its current problems with GitHub Copilot, Teams, and different lawsuits related to its proposed $69 billion Activision merger deal, it now needs to pay a whopping $64 million after the CNIL’s investigation discovered the pushy cookie acceptance system of Microsoft on Bing. The privacy watchdog of France explained on Thursday that “when users visited this site, cookies were deposited on their terminal without their consent, while these cookies were used, among others, for advertising purposes.” It added that it also “observed that there was no button allowing to refuse the deposit of cookies as easily as accepting it.”
The CNIL specifically refers to how Microsoft set up its options for accepting and refusing cookies, wherein there was only one button for doing the former but two clicks to reject the request.
Also, the investigation elaborated that Bing placed advertising cookies on users’ browsers without informing them, which directly violated the freedom of consent of internet users detailed in the French Data Protection Act.
The amount is considered the largest fine imposed by the watchdog, but it explained that it is rational given the software giant’s profit from the cookies. Additionally, the company could pay an additional 60,000 euros per day overdue if it fails to resolve the problem within the three-month period the CNIL gave.
Nonetheless, Microsoft said in a recent statement that it had already “introduced key changes to our cookie practices even before this investigation started.” It added that it continues “to respectfully be concerned with the CNIL’s position on advertising fraud” and stressed that CNIL’s “position will harm French individuals and businesses.”
The same situation is not new in Europe, especially after the European Union passed a 2018 law on personal data consent that tech companies must adhere to. Microsoft is also not the first to fall into such a sanction: Google and Facebook were fined 150 million and 60 million euros respectively by CNIL due to cookie-related matters. Additionally, both companies are being investigated due to issues of sending EU residents’ personal data to servers in the US. The European Data Protection Supervisor also imposed binding decisions on Meta’s additional case regarding using data for targeted advertising.
