- Upgrade to Microsoft Office Pro and Windows 11 Pro with this bundle for 87% off
- Get 3 months of Xbox Game Pass Ultimate for 28% off
- Buy a Microsoft Project Pro or Microsoft Visio Pro license for just $18 with this deal
- How I optimized the cheapest 98-inch TV available to look and sound incredible (and it's $1,000 off)
- The best blood pressure watches of 2024
France Fines Microsoft $64m for Imposing Ad Cookies to its Bing Users
France’s digital privacy regulator, the Commission nationale de l’informatique et des libertés (CNIL), announced on December 22, 2022 it had fined US tech giant Microsoft €60m ($64m), its largest this year, over advertising cookies.
The CNIL found that Microsoft’s search engine, Bing, had not set up a system allowing users to refuse cookies as simply as accepting them – a requirement under the EU’s general data protection regulation (GDPR).
The regulator also said that, after investigation, it found that “when users visited [Bing], cookies were deposited on their terminal without their consent, while these cookies were used, among others, for advertising purposes.” Bing offered a button for the user to immediately accept all cookies, but two clicks were need to refuse them, it said.
The fine was justified partly because of the money the company made from advertising profits indirectly generated from the data collected via cookies, the CNIL added.
The company has been given three months to rectify the issue, with a potential further penalty of €60,000 ($64,000) per day overdue.
The fine was issued to Microsoft Ireland, where the company has its European base.
In a statement, Microsoft said that it had “introduced key changes to our cookie practices even before this investigation started.”
“We continue to respectfully be concerned with the CNIL’s position on advertising fraud,” it said, adding that it believes the French watchdog’s “position will harm French individuals and businesses.”
Google and Facebook were sanctioned by the CNIL in 2021 with fines of €150m and €60m respectively ($159m and $64m) for similar breaches of the GDPR.