France Fines Microsoft For Privacy Breaches

Uploaded on 2022-12-29 in TECHNOLOGY-Key Areas-Social Media, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

The French digital privacy watchdog in the Commission Nationale de L’informatique et des Libertés (CNIL), announced on 22nd of December that it had fined Microsoft $64M for breaking advertising laws. The CNIL said the Microsoft search engine Bing was operating with a system that did not allow users to easily get out of cookie collection. 

This  is a requirement under the EU’s General Data Protection Regulation and the Microsoft fine is the largest the CNIL has given this year. The Microsoft fine was issued to Microsoft’s European HQ in Ireland and the company has been given three months to rectify the issue, with a potential further penalty of 60,000 Euros per day overdue.

CNIL said the large fine was justified due to the money Microsoft made from advertising profits generated from the violation. 

When users visited Bing, cookies were deposited on their terminals without consent and later used for advertising purposes, the CNIL said. Although Bing offered a button to accept cookies, two clicks were needed to refuse them. This type of cookie can be placed only after the user's consent according to the law, the statement added.
The regulator observed a more complex refusal mechanism of cookies on the website to discourage users from refusing cookies and "encouraging them to favor the ease of the consent button appearing in the first window."
It was considered a process "violating the freedom of consent of internet users."

Microsoft said that it had implemented changes to its cookie collection process before the CNIL’s investigation began. "We continue to respectfully be concerned with the CNIL's position on advertising fraud," it said, adding that it believes the French watchdog's "position will harm French individuals and businesses."

The Microsoft case follows complaints by privacy campaigning group Noyb that Meta's three apps fail to meet Europe's strict rules on data protection. Google and Facebook were sanctioned by the CNIL in 2021 with fines of €150m and €60m respectively ($159m and $64m) for similar breaches of the GDPR.

CNIL:    Microsoft:    VNExpress:      Anadolu Agency:      Oodaloop:       Infosecurity Magazine:    Daily Sabah

You Might Also Read: 

EU Still Blocking Social Media Users' Data Transfer:

 

« Four Major Cyber Attacks In 2022: How To Not Repeat History In 2023
US Bans Government Users From Using TikTok »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

ThreatConnect

ThreatConnect

ThreatConnect is an enterprise threat intelligence platform by Cyber Squared bridging incident response, defense, and threat analysis for InfoSec & DFIR teams.

IBackup

IBackup

IBackup is a Web Based Online Backup service provider.

Adeptis Group

Adeptis Group

Adeptis are experts in cyber security recruitment, providing bespoke staffing solutions to safeguard your organisation against ever-changing cyber threats.

Advenica

Advenica

Advenica develops, manufactures and sells innovative cybersecurity solutions for encryption and secure information exchange.

Air Informatics

Air Informatics

Air Informatics LLC provides security, information management, analytics and informatics for IT and wirelessly enabled airplanes and operations.

Fedco International

Fedco International

Fedco International is an IT and SCADA ICS Security consultancy firm.

Digital Security

Digital Security

Digital Security is an Ecuadorian company specialized in providing comprehensive information security solutions.

Norsk Akkreditering

Norsk Akkreditering

Norsk Akkreditering is the national accreditation body for Norway. The directory of members provides details of organisations offering certification services for ISO 27001.

AiCULUS

AiCULUS

AiCULUS is a global technology company that specializes in API security and Risk Management products.

Corellium

Corellium

Corellium are dedicated to supporting our peers in the ARM community who seek to build more secure, performant, and accessible software and devices.

Netgo

Netgo

Netgo group meet the requirements of a complex, digitized world with IT consulting, IT solutions & services, managed & cloud services and software products & development.

BrainStorm

BrainStorm

BrainStorm Threat Defense takes a new human-focused approach to security awareness that traditional training lacks. It’s a cutting-edge platform to make your users more security savvy.

CyberX9

CyberX9

CyberX9 helps you protect against a wide range of cyber attacks whether you are a business or a high-net worth individual under risk.

Concorde Technology Group

Concorde Technology Group

Concorde Technology Group is one of the UK’s leading IT support and services providers, delivering cost-effective and innovative IT solutions to businesses across the country.

Helix Security Services

Helix Security Services

Helix Security provides IT & information security consultancy to government and businesses across New Zealand.

Rhodian Group

Rhodian Group

Rhodian Group (formerly Adar) specialize in providing Technology, Cybersecurity, and Compliance services to the insurance industry.