The French privacy regulator fined Microsoft because users couldn’t refuse cookies as easily as they accepted them. These are cookies on Bing that have been used for advertising purposes. Microsoft has to pay 60 million euros.
The CNIL investigated bing.com between September 2020 and May 2021. The supervisor concludes that Microsoft has incorrectly placed advertising cookies on Bing. When visitors landed on the home page, cookies were placed without permission. These cookies have been used to create advertising profiles. Furthermore, the CNIL states that there was no direct button to refuse cookies. This made it “more difficult to refuse cookies than to accept them”. The CNIL states that it took one click to accept cookies, but two to refuse them. As a result, Microsoft would discourage users from refusing cookies.
Microsoft has to pay a fine of 60 million euros for this. In addition, the company must also set up a new cookie consent screen in France within three months that allows users to block cookies in advance. If Microsoft doesn’t do it, it has to pay 60,000 euros a day.
The fine will be charged to Microsoft’s Irish headquarters, although it is a criminal offense for French users. The CNIL, the French privacy regulator, says Microsoft has violated the country’s data protection law. This law derives from the e-privacy regulation. It is therefore not a penalty for violating the GDPR.