In a busy day for the French Data Protection Authority CNIL, it was announced on Thursday that e-commerce giant Amazon had been fined €35m for a breach of the European Union’s General Data Protection Regulation in relation to the placing of advertising tracking cookies on the devices of web users with seek their authorization for doing so.
This announcement comes on the same day that the CNIL announced a GDPR fine of €100m had been sanctioned against Internet giant Google. In it’s ruling, which you can read here, CNIL said
As part of an official investigation CNIL discovered that Amazon’s French portals are failing to ask for the prior consent of visitors before placing advertising cookies, tiny pieces of data saved while using the Internet, on their computed and other devices.
CNIL added that this sort of advertising cookie “can only be placed after the user has expressed his or her consent”. By placing it before this GDPR regulations were being breached. In addition it was revealed that Amazon had not provided clear or complete information about the cookies it placed on computers of users until a redesign in September 2020.
This GDPR penalty must be paid by its Luxembourg-based entity. Amazon released a statement which said that the company do no agree with CNIL’s decision. It said: “We continuously update our privacy practices to ensure that we meet the evolving needs and expectations of customers and regulators and fully comply with all applicable laws in every country in which we operate”.