The French data protection authority (CNIL) imposed significant fines on Google and Amazon for violating the GDPR's and e-Privacy Directive's rules regarding the use of cookies on their websites.

The two companies were found to use cookies on their websites for targeted advertising purposes without obtaining the users' explicit and affirmative consent. In addition, the companies did not properly notify users of their use of such cookies and of the users' right to withdraw their consent at any time.

The CNIL imposed a ?100 million fine on Google, the largest fine imposed under the GDPR to date. The CNIL also determined that Google Ireland and Google LLC in the U.S. are considered joint controllers with regard to this processing and therefore split the fine between the companies. Google LLC in the U.S. was fined ?60 million and Google Ireland was fined ?40 million. Amazon was fined ?35 million.

CLICK HERE to read the CNIL's press release regarding the Google fine.

CLICK HERE to read the CNIL's press release regarding the Amazon fine.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.