France: CNIL fines Amazon €35M for cookie violations
The French data protection authority ('CNIL') announced, on 10 December 2020, its deliberation imposing on Amazon Europe Core Sarl a fine of €35 million for cookie violations under Article 82 of the Act No.78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties (as amended to implement the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')). In particular, the Restricted Committee of CNIL highlighted that after conducting investigations from 12 December 2019 to 19 May 2019 on the website amazon.fr, it found that when a user visited the website, cookies were placed automatically on their computer in the absence of any action by the user. In regards to this automatic placement of cookies, CNIL found that such placement of cookies at the time the user entered the website was incompatible with the requirement to obtain the user's prior consent. In addition, CNIL noted that the use of browser settings as a valid mechanism for collecting consent depends on the user being informed that they have a possibility to consent through browser settings beforehand, which had not happened in the case of Amazon's website.
CNIL has also announced two fines totalling €100 million against Google LLC and Google Ireland Limited for cookie violations.