CNIL fines Google and SHEIN in ongoing cookie compliance crackdown

France’s data protection authority, CNIL, has fined Google 350 million euros and SHEIN 150 million euros as part of a broader enforcement effort targeting non-compliant use of advertising cookies under Article 82 of the French Data Protection Act.

The action stems from CNIL’s 2019 guidelines, aimed at ensuring that internet users are adequately informed and give valid consent for the placement of cookies.

The CNIL’s restricted committee, responsible for imposing penalties, raised ongoing concerns such as unauthorised cookie placement and the growing use of ‘cookie walls’ where users must accept cookies to access services.

Although not illegal by default, such practices require consent, with all choices presented clearly and without bias.

In Google’s case, CNIL also cited a breach of Article L.34-5 of the French Postal and Electronic Communications Code for displaying promotional emails in Gmail’s ‘Promotions’ and ‘Social’ tabs without prior user consent. High-traffic platforms remain a key focus of the authority’s compliance strategy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!