France Fines Microsoft For Privacy Breaches

Uploaded on 2022-12-29 in TECHNOLOGY-Key Areas-Social Media, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

The French digital privacy watchdog in the Commission Nationale de L’informatique et des Libertés (CNIL), announced on 22nd of December that it had fined Microsoft $64M for breaking advertising laws. The CNIL said the Microsoft search engine Bing was operating with a system that did not allow users to easily get out of cookie collection. 

This  is a requirement under the EU’s General Data Protection Regulation and the Microsoft fine is the largest the CNIL has given this year. The Microsoft fine was issued to Microsoft’s European HQ in Ireland and the company has been given three months to rectify the issue, with a potential further penalty of 60,000 Euros per day overdue.

CNIL said the large fine was justified due to the money Microsoft made from advertising profits generated from the violation. 

When users visited Bing, cookies were deposited on their terminals without consent and later used for advertising purposes, the CNIL said. Although Bing offered a button to accept cookies, two clicks were needed to refuse them. This type of cookie can be placed only after the user's consent according to the law, the statement added.
The regulator observed a more complex refusal mechanism of cookies on the website to discourage users from refusing cookies and "encouraging them to favor the ease of the consent button appearing in the first window."
It was considered a process "violating the freedom of consent of internet users."

Microsoft said that it had implemented changes to its cookie collection process before the CNIL’s investigation began. "We continue to respectfully be concerned with the CNIL's position on advertising fraud," it said, adding that it believes the French watchdog's "position will harm French individuals and businesses."

The Microsoft case follows complaints by privacy campaigning group Noyb that Meta's three apps fail to meet Europe's strict rules on data protection. Google and Facebook were sanctioned by the CNIL in 2021 with fines of €150m and €60m respectively ($159m and $64m) for similar breaches of the GDPR.

CNIL:    Microsoft:    VNExpress:      Anadolu Agency:      Oodaloop:       Infosecurity Magazine:    Daily Sabah

You Might Also Read: 

EU Still Blocking Social Media Users' Data Transfer:

 

« Four Major Cyber Attacks In 2022: How To Not Repeat History In 2023
US Bans Government Users From Using TikTok »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Reed Smith LLP

Reed Smith LLP

Reed Smith LLP is an international law firm with offices in the USA, Europe, Middle East and Asia. Practice areas include Information Technology, Privacy & Data Security.

Organization for Security and Co-operation in Europe (OSCE)

Organization for Security and Co-operation in Europe (OSCE)

OSCE is the world's largest security-oriented intergovernmental organization. Areas of activity include Cyber/ICT security.

redGuardian

redGuardian

redGuardian is a DDoS mitigation solution available both as a BGP-based service and as an on-premise platform.

Bio-Morphis

Bio-Morphis

Bio-Morphis Reflex solution is a paradigm shift in the approach to information systems security.

Garner Products

Garner Products

Garner design, manufacture, and sell equipment that delivers complete, permanent, and verifiable data elimination.

MPC Alliance

MPC Alliance

A consortium of developers and practitioners of multiparty computation (MPC), committed to accelerating market awareness and adoption of MPC to increase the security and privacy of online services.

Appgate

Appgate

Appgate is the secure access company. We empower how people work and connect by providing solutions purpose-built on Zero Trust security principles.

Vumetric Cybersecurity

Vumetric Cybersecurity

Vumetric is an ISO9001 certified company offering penetration testing, IT security audits and specialized cybersecurity services.

NetWitness

NetWitness

NetWitness empowers security teams to rapidly detect today’s targeted and sophisticated attacks with unparalleled visibility.

Schillings

Schillings

Shillings defends your rights to privacy, reuptation and security. We fight passionately against breaches of your privacy, attacks on your reputation and threats to your security.

Mondoo

Mondoo

Mondoo is a powerful security, compliance, and asset inventory tool that helps businesses identify vulnerabilities, track lost assets, and ensure policy compliance across their entire infrastructure.

AddSecure

AddSecure

AddSecure is a leading European provider of secure IoT connectivity and end-to-end solutions.

MIS Solutions

MIS Solutions

MIS Solutions is a managed cloud and IT security partner making technology work for you.

Jersey Cyber Security Centre (JCSC)

Jersey Cyber Security Centre (JCSC)

Jersey Cyber Security Centre is the jurisdiction's Cyber Emergency Response Team (CERT) and national technical authority for cyber security.

CorePLUS Technologies

CorePLUS Technologies

CorePlus solutions are designed to empower organizations with the tools they need to ensure the utmost protection for their assets, people, and information.

Inveo Group

Inveo Group

Inveo group is the Italian leader for the management of privacy and data protection issues.