ARTICLE AD BOX
French regulators have hit Google and Facebook with fines totalling 210m euros (£175m) over use of cookies.
Data privacy watchdog the CNIL said both sites were making it difficult for internet users to refuse the online trackers.
Consent for the use of cookies is key to the EU's data-privacy regulation and a major priority for the CNIL.
The social-media firms have three months to comply or face penalties of 100,000 euros for each day of delay.
Cookies are little packets of data that allows web browsers to store information and provide, for example, targeted ads.
"When you accept cookies, it's done in just one click," said Karin Kiefer, the CNIL's head of data protection and sanctions.
"Rejecting cookies should be as easy as accepting them."
In its statement, the Commission Nationale Informatique & Libertés said it had found that while the tech giants provided a virtual button to allow the immediate acceptance of cookies, there was no equivalent to refuse them as easily.
Google, which was fined 150m euros, said: "People trust us to respect their right to privacy and keep them safe. We understand our responsibility to protect that trust and are committing to further changes and active work with the CNIL in [the] light of this decision."
Facebook, now owned by Meta, said it was "reviewing" the decision to fine it 60m euros.
"Our cookie consent controls provide people with greater control over their data, including a new settings menu on Facebook and Instagram, where people can revisit and manage their decisions at any time, and we continue to develop and improve these controls," it said.
Previous fines
Cookies are highly valuable for Google and Facebook as ways to personalise advertising, which is their primary source of revenue.
But privacy advocates have campaigned against it.
Since the EU passed a law on personal data in 2018, internet companies face stricter rules that oblige them to seek the direct consent of users before installing cookies on their computers.
This is not the first time Google, owned by Alphabet, has been slapped with heavy fines for falling foul of European law.
It was also the target of the CNIL's previous record fine of 100m euros, in 2020.
At the time, it was the largest ever issued by the French data privacy watchdog over ad-tracking cookies.
US retail giant Amazon was also fined 35m euros for breaking the rules.
Ms Kiefer said the issues had been resolved since then.
In 2020, the CNIL strengthened consent rights over ad trackers, saying websites operating in France should keep a register of internet users' refusal to accept cookies for at least six months.
It also said internet users should be able to easily reconsider any initial agreement concerning cookies via a web link or an icon that should be visible on all the website pages.