Yesterday, the French Data Protection Authority CNIL, confirmed Amazon had been fined €35m for installing advertising tracking cookies on the devices of web users without having prior permission. This news comes in the wake of the CNIL revealing that Google will also be hit with a GDPR fine of €100m for the same misdemeanor. The official ruling can be read here.
In the official investigation, CNIL identified Amazon’s French websites did not obtain prior consent of visitors before installing advertising cookies – small pieces of data on computers and other Internet-enabled devices when browsing the internet for the purpose of identifying and tracking users.
CNIL went on to say that this type of advertising cookie “can only be placed after the user has expressed his or her consent”. By installing cookies without providing adequate information, GDPR regulations were being violated. It was also made public that Amazon had not made steps to add this information until a redesign went live in September 2020.
Amazon issued a statement saying the company does not agree with CNIL’s ruling, saying: “We continuously update our privacy practices to ensure that we meet the evolving needs and expectations of customers and regulators and fully comply with all applicable laws in every country in which we operate”.