France’s data privacy regulator has fined tech giant Microsoft 60 million euros – the watchdog’s largest fine of 2022 – for making it easier for users of its search engine to accept advertising cookies than to refuse them, and failing to conform to EU regulations.
This is the latest fine from the National Commission for Technology and Freedoms (CNIL), which last year announced it would be cracking down on companies failing to follow the 2018 European Union GDPR data privacy law that requires websites to seek consent from users before installing online trackers, known as cookies.
The CNIL said Thursday that Microsoft’s search engine Bing, until the end of March, had made it easier to accept cookies – data files installed on a user’s computer that track online browsing – than to refuse them.
Bing offered one button for users to click to accept all cookies, but required two clicks to refuse them, the CNIL said.
The regulator also pointed to two cookies for advertising purposes that were systematically installed on users’ computers “without their consent”.
The CNIL justified the 60 million euro fine in part because of because of the advertising profits generated from the data collected by the cookies.
Microsoft said in a statement that it had “introduced key changes to our cookie practices even before this investigation started”.
The company said it believed the CNIL’s position on cookies would “harm French individuals and businesses”.