Jenny Donath reports as two of the world’s biggest tech companies are fined for violating data privacy regulations.
Photo by Nordwood Themes
Every internet user is likely familiar with the little pop-up bars asking them to either accept all cookies, only essential cookies, or refuse cookies. Now, the French administrative regulatory body CNIL has charged Google and Facebook for failing to give their users fair options – imposing fines as high as 210 million euros against the tech conglomerates.
Google was fined 150 million euros and Facebook was fined 60 million euros. The regulatory body claimed both companies have violated data privacy regulations; additionally, CNIL claimed that it was an infringement of Article 82 of the French Data Protection Act.
The Purpose (and Danger) of Cookies
Although every internet user comes across cookies regularly, it is not always clear what they mean. Cookies are little packets that create a data profile for each user; they allow web browsers to store information and then target users with specific adverts to enhance their experience.
It must be differentiated between first-party and third-party cookies. First-party cookies are directly placed by the visited website, third-party cookies are placed by advertisers to figure out a user’s interest and then place adverts when a user is browsing the internet —independent from whether the user stays on the original website where they accepted the cookies or leaves it. Those cookies keep track of your browsing history throughout the whole web, e.g. remembering passwords. Cookie pop-ups became a legal requirement in the UK and the EU after tech conglomerates faced wide-spread condemnation for having repeatedly and covertly recorded tracking data of its users for years. However, several websites still make it impossible for users to refuse cookies at all. Instead, users must accept cookies to get access to websites.
Given that most users are intending to easily and quickly search for information online, it is more convenient to allow cookies without reading any of the privacy policies. This way, their target websites are only one click away. This breaches fair options of consent, since refusing cookies sometimes takes longer.
According to CNIL, this was an unfair presentation and a restricted freedom of choice. Karin Kiefer, CNIL’s head of data protection and sanctions, said, “Rejecting cookies should be as easy as accepting them.” CNIL added, “several clicks are required to refuse all cookies, as opposed to a single one to accept them.”
Targeted Advertising
For Google and Facebook, cookies are valuable because showing personalised adverts thanks to data storage is their main income source. However, privacy concerns have been raised about what type of information is collected and whether it is well-protected. It should be ensured that hackers cannot easily get hold of private user information. In addition to asking a user to accept cookies, the pop-up bars also refer to their private policies, but hardly anyone ever reads them, as they usually are deliberately formatted with loads of text, jargon, and are harder to read. Companies want to be on the safe side by mentioning them. Joseph Jerome, formerly part of the policy counsel for the Privacy and Data Project at the Centre for Democracy and Technology, said,
“Everybody just decided to be better safe than sorry and throw up a banner —with everybody acknowledging it doesn’t accomplish a whole lot.”
However, it does not make a difference if users do not read the policies, as research shows. They are left in the dark, nonetheless. It is more important to users to get easy and fast access to the websites. Therefore, having fair consent options is important; having an easy option to refuse cookies altogether could save users any possible trouble.
Proper cookie configuration helps to secure cookies. For instance, using session cookies instead of persistent cookies; session cookies expire after the user closes the browser. Therefore, sensitive data has a shorter longevity. Furthermore, cookies should always be encrypted and expire sooner rather than later to avoid easy exposure to hackers. These measures, combined, creates securer data storage.
Response from Google and Facebook
Google and Facebook responded to CNIL’s imposed fines. A spokesperson for Google said,
“People trust us to respect their privacy and keep them safe. We understand our responsibility to protect that trust and are committing to further changes and active work with the CNIL in [the] light of this decision.”
“Our cookie consent controls provide people with greater control over their data, including a new settings menu on Facebook and Instagram, where people can revisit and manage their decisions at any time, and we continue to develop and improve these controls.”
Facebook and Google have three months to fix those issues and create equal options or face further fines as high as 100,000 euros for every delayed day. The European ePrivacy Directive is planning on releasing a new regulation which generally applies to all countries in the EU to ensure data is secured and confidential in an effort to force these powerful companies to adhere to rules that aim to make the internet space safe for everyone. Similar: The Facebook Whistleblower: Effects of Social Media Condemned
We are a not for profit socio-ethical impact initiative advocating for topics that matter, whilst supporting wider planetary change and acknowledgement. Support our journalism by considering becoming an advocate from just £1.
Comments