Microsoft has been fined €60 million by France’s data protection agency, CNIL, for failing to offer an opt-out for cookies on its Bing search engine, according to Wall Street Journal. In addition, CNIL will fine Microsoft €60,000 per day within three months if it does not ask users for consent to use a cookie to detect ad fraud.
Bing users will be pleased to know that Microsoft now allows you to opt out of Bing cookies if that’s what you want, however, the company is debating what to do about the fraud detection cookie. A company spokesperson said that Microsoft is “concerned about the position of the CNIL regarding advertising fraud” and that these types of cookies “should not require the consent of those who intend to deceive others”.
Microsoft can try to appeal the decision about fraud detection cookies, but if it doesn’t take action it faces a daily fine. If an appeal goes in favor of the CNIL, Microsoft will be forced to ask for consent to use these cookies as well.
Unlike many issues related to patient privacy in the EU under GDPR rules, this cookie issue was pursued by the CNIL under an EU law called the ePrivacy Directive. GDPR cases against tech companies usually go through the Irish Data Protection Commission because they are headquartered in Ireland, but the ePrivacy Directive does not require investigations to be transferred to the country where the company is headquartered, so France can pursue the issue itself.
source: Wall Street Journal