Facebook/Google use Dark Patterns in Cookie Consent—says France, Waving $240M Fines
France plans to hit Google and Facebook/Meta with $240 million in fines (€210M). French people have been complaining the tech giants’ cookie-consent popups are illegal.
And the Commission Nationale de l’Informatique et des Libertés (CNIL) agrees. The French data regulator says the popups are a “dark pattern,” because they make it easier to agree to unnecessary cookies than to reject them. Facebook’s popup is particularly egregious—basically redefining “yes” to mean “no.”
Yes, the French are revolting (again). In today’s SB Blogwatch, we sing La Marseillaise.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Strangely, Pogo hops back.
Tyranny’s bloody standard is raised against us
What’s the craic? Elisa Braun and Vincent Manancourt report—“Google, Facebook face big privacy fines”:
“Still fighting the earlier case”
French data regulator the CNIL is set to fine Google €150 million and Facebook €60 million … for failing to allow French users to easily reject cookie tracking. … Google and Facebook also face a daily penalty of €100,000 if they do not fix their practices within three months.
…
In December 2020, the CNIL fined Amazon and Google €35 million and €100 million for cookie violations under the e-Privacy rules. … Google is still fighting the earlier case before the Council of State, the highest court in France. … A person directly involved in the matter said the company is likely to oppose these new fines and go to the French top court again.
And Bill Toulas adds—“$210 million in fines”:
“A manual, discouraging process”
France’s National Commission on Informatics and Liberty (CNIL) … investigated the case following multiple complaints from French users. … The fines are for making it difficult for website visitors to reject tracking cookies by hiding the option behind multiple clicks.
…
Both Facebook and Google allow visitors … to accept the entire set of cookies in a single action. … Rejecting the cookies, though, is a manual, discouraging process that requires users to disable them one by one.
…
A Google spokesperson has shared the following statement: … “We understand our responsibility … and are committing to further changes and active work with the CNIL.” … A Facebook spokesperson has responded: … “We are reviewing the authority’s decision and remain committed to working with relevant authorities.”
tl;dr? Natasha Lomas has this nice precis—“France spanks Google $170M, Facebook $68M”:
In short, the tech giants were using manipulative dark patterns to try to force consent. … Under EU law, if consent is the legal basis being claimed for processing people’s data there are strict standards.
Still too long? Trust Mark Di Stefano:
In order to refuse cookies, Facebook makes users click a button titled “Accept Cookies.” You have to laugh.
Laugh? Until you cry. johnklos waxes scatalogical:
“Accept all”
It’s a shame there aren’t more big fines for ****ty sites. … Having an “Accept all” button but requiring another click to have the option of refusing, then making us manually select each category to turn off, then confirming, is … ****ty.
…
These large sites know exactly what they’re doing. They’re hoping people will become fed up enough to just accept, or they’re hoping there’ll be enough accidents where people click “Accept all.”
But what can you do? Nothing, in a way, says Chris G:
“I go elsewhere”
I see quite a few sites that don’t have a Reject All button, have a few basic on off buttons and then hidden away in the ‘our partners’ section, dozens of Legitimate Interest buttons. I just reject the entire site.
…
The moment that box appears, I go elsewhere. … It is obvious they have less interest in doing business with me than [in] selling/sharing my data.
But what sort of ridiculous law forces sites to pop up cookie buttons all the time? matsemann says you don’t understand:
“Stupid sites wanting to exploit users”
You haven’t understood the laws. It’s not about cookies, it’s about tracking and personal data.
If you are annoyed with the popups, be annoyed with the companies’ disregard for your privacy. … The problem isn’t the law, it’s those stupid sites wanting to exploit users.
Technology to the rescue! rantrantrant rants:
“Browser extensions”
Currently, the majority of websites I visit have 3rd party cookie consent popups that have ‘dark pattern’ agreement terms, usually a quick & easy ‘Consent to everything including sacrificing your first born’ vs. a complicated, laborious ‘Manage cookies/preferences.’
It’s much easier to install a browser extension that automatically deletes cookies than to go through the ‘manage’ options. My bet is that the vast majority of users don’t know about such browser extensions & so just consent to all.
Such as? Persona recommends thuswise:
I … use the “I Don’t Care About Cookies” add-on to ignore/auto accept cookie requests, but I use it in conjunction with the “Cookie AutoDelete” one. So, while I may accept all cookies, they are purged after I quit the site.
Meanwhile, baby sums up all this righteous indignation as:
Old man yelling at clouds.
And Finally:
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.
Image sauce: Paul Gaudriault (via Unsplash)