Google & Shein Hit with Record Privacy fines in France: What You Need to Know
france’s data protection authority, the CNIL, has delivered a significant blow to tech giant Google and fast-fashion retailer Shein, issuing record fines totaling €475 million for violations of cookie consent regulations. This action underscores a growing global focus on user privacy and the importance of transparent data practices. Let’s break down what happened, why it matters to you, and what changes are coming.
The Core Issue: Cookie Consent & Yoru Data
Cookies are small files websites store on your browser to remember information about you. They power personalized advertising and are basic to the business models of many online platforms. Though, regulations like the GDPR (General Data Protection Regulation) require websites to obtain your explicit consent before using these cookies – and that consent must be freely given, informed, and easily withdrawn.
The CNIL found both google and Shein failed to meet these standards.
Shein: A €150 Million Penalty
Shein, popular with millions of shoppers, collected “massive” amounts of data from 12 million monthly French users without proper consent. Specifically,the CNIL cited:
Lack of clear information: Users weren’t adequately informed about the use of cookies.
Tough consent withdrawal: Options to refuse or withdraw consent were inadequate.
While Shein claims to have updated its systems to comply with regulations, it plans to appeal the fine, deeming it ”disproportionate.”
google: A €325 Million Fine – And a Pattern of Violations
This isn’t Google’s frist run-in with the CNIL over cookie practices. This latest fine brings the total penalties to €675 million, following previous fines of €100 million (2020) and €150 million (2021).
The CNIL highlighted several key issues:
“Cookie Walls”: Google’s account creation process presented a “cookie wall,” requiring acceptance of tracking before proceeding. the CNIL found this didn’t provide truly informed consent.
Gmail Advertising: Inserting ads directly into Gmail inboxes without prior consent was also flagged as a violation. this practise, affecting 53 million French users, constitutes “direct canvassing” requiring explicit permission.
Repeated Negligence: The CNIL emphasized the scale of Google’s user base and the breadth of its alleged failures.
Google has stated it will review the decision and maintains it has addressed previous CNIL concerns.
What Does This Mean for You?
These fines signal a stronger enforcement of data privacy regulations. Here’s what you can expect:
More Transparent Cookie Banners: Websites will likely become more diligent in explaining their cookie usage and providing clear consent options. Greater Control Over Your Data: You should have easier access to tools to manage your cookie preferences and withdraw consent. Increased Privacy Awareness: These cases raise awareness about the importance of understanding how your data is collected and used online.
What Happens Next?
Google has six months to bring its systems into compliance. Failure to do so will result in daily penalties of €100,000 for both Google and its Irish subsidiary.
This case sets a precedent for stricter data privacy enforcement across Europe and beyond. it’s a clear message to companies: respecting user consent isn’t just good practice – it’s the law.
Resources:
* CNIL Official Press Release
