France’s privacy watchdog has imposed a €60 million ($63.88 million) fine against Microsoft’s Ireland subsidiary for dropping advertising cookies in users’ computers without their explicit consent in violation of data protection laws in the European Union.
The authority, which carried out an online audit between September 2020 and May 2021 following a complaint it received in February 2020, stated the tech giant deposited cookies with an aim to serve ads and fight advertising fraud without getting a user’s permission beforehand, as is required by law.
Along with the fines, Microsoft has also been ordered to alter its cookie practices within three months, or risk facing an additional penalty of €60,000 per day of non-compliance following the end of the time period.
In a statement shared with the Wall Street Journal, the Windows maker said it has already made changes to include an option to reject advertising cookies. It, however, expressed concerns that cookies for ad fraud detection shouldn’t require consent from those “intending to defraud others.”
CNIL’s fines come as part of a broader crackdown on big tech companies and follows similar monetary penalties issued against Google’s parent Alphabet and Meta Platforms earlier this January.
Last month, the regulator also fined electricity provider Électricité de France (EDF) and Discord over the use of weak encryption algorithms to secure passwords and failing to comply with GDPR data retention policies, respectively.