Assuming you at any point feel like sites have transformed the straightforward business of dismissing following treats into a tangled assignment that includes close-perusing of different discourse boxes, then, at that point, France’s information security office has you covered. The guard dog (CNIL) has fined Google €150 million ($170 million) and Facebook €60 million ($68 million) for making it excessively confounding for clients to dismiss treats. The organizations presently have three months to change their routes in France.
EU law states that when citizens hand over data online, they must do so freely and with a full understanding of the choice they are making. CNIL’s judgement is that Google and Facebook are essentially tricking their users, deploying what are known as “dark patterns” — a style of subtly coercive user interface design — to wangle consent and so breaking the law. Hence the fines and the demand that the companies change their cookie UI design within three months. Failure to do so risks additional fines of €100,000 per day, says CNIL.
For anyone particularly interested in the details of European internet regulation (you poor fools), the case is also interesting in that CNIL is acting under the authority of a bit of EU legislation known as the ePrivacy Directive, rather than the more recently-introduced General Data Protection Regulation (GDPR).
Over at TechCrunch, Natasha Lomas offers a great explanation as to why this is, which I’ll do my best to condense. The problem is that GDPR enforcement is funneled through the data watchdog of Ireland, where many US tech firms locate their European headquarters. That particular agency has proved itself to be a little slow in running down such complaints, which — only a cynic might suggest — is part and parcel of the friendly regulatory environment cultivated by the Irish state to attract US tech money in the first place.
So, in order to get some timely enforcement (or any enforcement) France’s data watchdog has turned to the older ePrivacy Directive, which allows national agencies direct oversight in their own territories. It’s an effective workaround, and CNIL has previously used ePrivacy to fine Google and Amazon on similar issues. Meanwhile, as Lomas points out, Google has yet to face a single regulatory sanction from Ireland’s data watchdog under GDPR.
What’s the upshot of all this? Well, if you live in France, you may get a slightly easier option to reject cookies from Google and Facebook sometime in the future. Which is nice, sure, but hardly the sort of decisive action that — if you agree with the stated desire of EU’s fractured, multi-headed data regulation — is supposed to redress the imbalance of power between tech firms and average consumers. But that’s just the way the cookies crumble.
Did you like this article?
Share it on any of the following social media channels below to give us your vote. Your feedback helps us improve.
Other related Technologies ideas you might enjoy