The French data protection authority France’s National Commission for Technology and Freedoms (Commission Nationale de l’Informatique et des Libertes or CNIL) fined Microsoft 60 million euros for violating cookie rules on the company’s Bing search engine. The fine was imposed specifically on Microsoft Ireland, the European headquarters of the software giant.
Aside from the current problems with GitHub Copilot and various lawsuits related to the proposed $69 billion Activision merger, Microsoft must now pay a whopping $64 million after the CNIL investigation revealed Microsoft’s intrusive cookie acceptance system on Bing.
The French data protection watchdog said Thursday that “when users visited this site,cookies were deposited on their terminal without their consent, while these cookies were used, among others, for advertising purposes.” It added that it also “observed that there is no button allowing to refuse the deposit of cookies as easily as accepting it.”
According to the CNIL, Bing has not allowed users to reject cookies associated with advertising as easily as they can be accepted, which is required. In addition, the cookies are placed on users’ computers without their consent.
Microsoft was given three months to fix the problems. In addition, the company could pay an additional 60,000 euros per overdue day if it does not fix the problem within the three-month period set by the CNIL. After the European Union passed a personal data consent law in 2018 that tech companies must abide by, Microsoft is not the first company to be hit with such a sanction: Google and Facebook were fined €150 million and €60 million, respectively, by the CNIL for violating cookie rules.