Microsoft Ireland Faces $64 Million Fine for Cookie Consent Violations on Bing.com

The Breach of the French Data Protection Act

Between September 2020 and May 2021, the CNIL looked into the website on multiple occasions after receiving a complaint about the conditions for depositing cookies on "bing.com."

A cookie was automatically placed on users' terminals when they visited the search engine "bing.com" without their knowledge or consent.

Additionally, without their consent being sought, a cookie with an advertising purpose was placed on their terminal when they continued to use the search engine.

But according to the General Data Protection Regulation, this kind of cookie can only be placed after the user has given their explicit consent.

Learn About Data Privacy Legislation and EU Analytics Cookie Compliance

As a result, the restricted committee, the CNIL body in charge of imposing penalties, fined Microsoft Ireland Operations Limited $64 million.

The extent of the processing was appropriate given the sum, the number of people impacted, and the profits the company made from advertising revenue derived in part from the information the cookies collected.

In addition to the administrative fine, a court order was also issued that requires Microsoft to obtain the consent of the data subjects within three months; if it fails to do so, the business will be liable for a penalty for each day of delay.

The tech giant Apple also faced some fines for not providing a cookie banner that allows users to easily reject all the cookies.

Recently, Google changed its cookie consent banner for the same reason Microsoft was fined.

More and more companies are fined for not using their cookie consent banner correctly. Have you heard about cookieless tracking? If not, you should give it a shot!