France’s privacy watchdog said Thursday it has fined US tech giant Microsoft 60 million euros ($64 million) for foisting advertising cookies on users.
The French regulator said that after investigations it found that “when users visited this site, cookies were deposited on their terminal without their consent, while these cookies were used, among others, for advertising purposes.”
It also “observed that there was no button allowing to refuse the deposit of cookies as easily as accepting it.”
The CNIL said the fine was justified in part because of the profits the company made from advertising profits indirectly generated from the data collected via cookies—tiny data files that track online browsing.
Bing offered a button for the user to immediately accept all cookies, but two clicks were need to refuse them, it said.
The company has been given three months to rectify the issue, with a potential further penalty of 60,000 euros per day overdue.
The fine was issued to Microsoft Ireland, where the company has its European base.
In a statement Microsoft said that it had “introduced key changes to our cookie practices even before this investigation started.”
“We continue to respectfully be concerned with the CNIL’s position on advertising fraud,” it said, adding that it believes the French watchdog’s “position will harm French individuals and businesses.”
Cookies are installed on a user’s computer when they visit a website, allowing web browsers to save information about their session.
They are hugely valuable for tech platforms as ways to personalise advertising—the primary source of revenue for the likes of Facebook and Google.
But privacy advocates have long pushed back.
Since the European Union passed a 2018 law on personal data, internet companies have faced stricter rules that oblige them to seek consent from users before installing cookies.
Last year, the CNIL said it would carry out a year of checks against sites not following the rules on using web cookies.
The two firms also face scrutiny over their practice of sending the personal data of EU residents to servers in the United States.
And tech giants continue to face a slew of cases across Europe.
Earlier this month, Europe’s data watchdog imposed binding decisions concerning the treatment of personal data by Meta, the owner of Facebook, Instagram and WhatsApp.
The European Data Protection Supervisor said in a statement that the rulings concerned Meta’s use of data for targeted advertising, but did not give details of its ruling or recommended fines.
The latest case follows complaints by privacy campaigning group Noyb that Meta’s three apps fail to meet Europe’s strict rules on data protection.