France Fines Microsoft For Privacy Breaches

Uploaded on 2022-12-29 in TECHNOLOGY-Key Areas-Social Media, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

The French digital privacy watchdog in the Commission Nationale de L’informatique et des Libertés (CNIL), announced on 22nd of December that it had fined Microsoft $64M for breaking advertising laws. The CNIL said the Microsoft search engine Bing was operating with a system that did not allow users to easily get out of cookie collection. 

This  is a requirement under the EU’s General Data Protection Regulation and the Microsoft fine is the largest the CNIL has given this year. The Microsoft fine was issued to Microsoft’s European HQ in Ireland and the company has been given three months to rectify the issue, with a potential further penalty of 60,000 Euros per day overdue.

CNIL said the large fine was justified due to the money Microsoft made from advertising profits generated from the violation. 

When users visited Bing, cookies were deposited on their terminals without consent and later used for advertising purposes, the CNIL said. Although Bing offered a button to accept cookies, two clicks were needed to refuse them. This type of cookie can be placed only after the user's consent according to the law, the statement added.
The regulator observed a more complex refusal mechanism of cookies on the website to discourage users from refusing cookies and "encouraging them to favor the ease of the consent button appearing in the first window."
It was considered a process "violating the freedom of consent of internet users."

Microsoft said that it had implemented changes to its cookie collection process before the CNIL’s investigation began. "We continue to respectfully be concerned with the CNIL's position on advertising fraud," it said, adding that it believes the French watchdog's "position will harm French individuals and businesses."

The Microsoft case follows complaints by privacy campaigning group Noyb that Meta's three apps fail to meet Europe's strict rules on data protection. Google and Facebook were sanctioned by the CNIL in 2021 with fines of €150m and €60m respectively ($159m and $64m) for similar breaches of the GDPR.

CNIL:    Microsoft:    VNExpress:      Anadolu Agency:      Oodaloop:       Infosecurity Magazine:    Daily Sabah

You Might Also Read: 

EU Still Blocking Social Media Users' Data Transfer:

 

« Four Major Cyber Attacks In 2022: How To Not Repeat History In 2023
US Bans Government Users From Using TikTok »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clifford Chance

Clifford Chance

Clifford Chance are one of the world's pre-eminent law firms with resources across five continents. Practice areas include Cyber Security & Information Protection

Advanced Resource Managers (ARM)

Advanced Resource Managers (ARM)

ARM provide specialist recruitment services for technology and engineering including cyber security.

Paladion

Paladion

Paladion is a provider of managed IT security services.

CyberSecurity Malaysia

CyberSecurity Malaysia

CyberSecurity Malaysia is the national cyber security specialist agency under the Ministry of Science, Technology and Innovation (MOSTI).

Maverick Technologies

Maverick Technologies

Maverick is an industrial automation, enterprise integration and operational consulting company. Services include industrial cyber security.

Hedgehog Security

Hedgehog Security

The key objective of Hedgehog is to provide simple, effective and affordable information security improvements that support your drive to increase productivity and profitability.

LSEC

LSEC

LSEC is a not for profit organization that has the objective to promote Information Security and the expertise in BeNeLux and Europe.

Taqnia Cyber

Taqnia Cyber

Taqnia Cyber specializes in the fields of cyber security, intelligence, operations, and training. It offers its services and consultations to both public and private sectors.

FortifyData

FortifyData

FortifyData is the next generation of cyber risk management–a comprehensive platform that continuously evaluates your third-party, internal and people risks.

InterGuard

InterGuard

As the pioneer for Unified Insider Threat Prevention and productivity monitoring tools, InterGuard offers on premise and SaaS-based services that are easily available and affordable.

Hassans International Law Firm

Hassans International Law Firm

Hassans is the largest law firm in Gibraltar, providing a full range of legal services across corporate and commercial law including Data Protection and GDPR compliance.

Stone Forest IT (SFIT)

Stone Forest IT (SFIT)

Stone Forest IT specialises in providing advisory, implementation and managed services for IT infrastructure, IT security solutions, business applications (ERP and CRM) and business analytical tools.

Eastern Cyber Resilience Centre (ECRC)

Eastern Cyber Resilience Centre (ECRC)

The Eastern Cyber Resilience Centre is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

FastNetMon

FastNetMon

FastNetMon is a very high performance DDoS detection and mitigation tool which could detect malicious traffic in your network and immediately block it.

Troye Computer Systems

Troye Computer Systems

Troye provide a complete range of digital workspace solutions that empower people to do their very best work in a safe and secure manner anywhere, anytime, using any device.

Evervault

Evervault

Evervault provides engineers easy solutions to complex data security and compliance problems.