France Fines Microsoft For Privacy Breaches

Uploaded on 2022-12-29 in TECHNOLOGY-Key Areas-Social Media, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

The French digital privacy watchdog in the Commission Nationale de L’informatique et des Libertés (CNIL), announced on 22nd of December that it had fined Microsoft $64M for breaking advertising laws. The CNIL said the Microsoft search engine Bing was operating with a system that did not allow users to easily get out of cookie collection. 

This  is a requirement under the EU’s General Data Protection Regulation and the Microsoft fine is the largest the CNIL has given this year. The Microsoft fine was issued to Microsoft’s European HQ in Ireland and the company has been given three months to rectify the issue, with a potential further penalty of 60,000 Euros per day overdue.

CNIL said the large fine was justified due to the money Microsoft made from advertising profits generated from the violation. 

When users visited Bing, cookies were deposited on their terminals without consent and later used for advertising purposes, the CNIL said. Although Bing offered a button to accept cookies, two clicks were needed to refuse them. This type of cookie can be placed only after the user's consent according to the law, the statement added.
The regulator observed a more complex refusal mechanism of cookies on the website to discourage users from refusing cookies and "encouraging them to favor the ease of the consent button appearing in the first window."
It was considered a process "violating the freedom of consent of internet users."

Microsoft said that it had implemented changes to its cookie collection process before the CNIL’s investigation began. "We continue to respectfully be concerned with the CNIL's position on advertising fraud," it said, adding that it believes the French watchdog's "position will harm French individuals and businesses."

The Microsoft case follows complaints by privacy campaigning group Noyb that Meta's three apps fail to meet Europe's strict rules on data protection. Google and Facebook were sanctioned by the CNIL in 2021 with fines of €150m and €60m respectively ($159m and $64m) for similar breaches of the GDPR.

CNIL:    Microsoft:    VNExpress:      Anadolu Agency:      Oodaloop:       Infosecurity Magazine:    Daily Sabah

You Might Also Read: 

EU Still Blocking Social Media Users' Data Transfer:

 

« Four Major Cyber Attacks In 2022: How To Not Repeat History In 2023
US Bans Government Users From Using TikTok »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

International Security Management Association (ISMA)

International Security Management Association (ISMA)

ISMA is an international security association of senior security executives from major business organizations located worldwide.

mmCERT

mmCERT

mmCERT is the national Computer Emergency Response Team for Myanmar.

CyberPrism

CyberPrism

CyberPrism provides SaaS solutions using proprietary technology, underpinned by industry-leading technical practitioners to protect OT within Government, Maritime and Industrial markets.

MAD Security

MAD Security

MAD Security is a premier provider of information and cybersecurity solutions that combine technology, managed security services, support and training.

SOCOTEC Certification International

SOCOTEC Certification International

SOCOTEC Certification International has been providing management systems assessment and accredited ISO certification services to organisations around the world since 1995.

Computer Network Defence (CND)

Computer Network Defence (CND)

Computer Network Defence (CND) are a Broad-Spectrum Cyber Security Consultancy and Recruitment Agency.

KETS Quantum Security

KETS Quantum Security

KETS harnesses the properties of quantum mechanics to solve challenging problems in randomness generation and secure key distribution and enable ultra secure communications.

Virtue Security

Virtue Security

Virtue Security are specialists in web application penetration testing.

KT Secure

KT Secure

KTSecure’s mission is to provide proven and productive cyber security solutions and managed services, backed by our highly qualified and passionate team of experts.

Tetrate.io

Tetrate.io

Tetrate Service Bridge provides enterprises with a consistent, unified way to connect and secure services across an entire mesh-managed environment.

Seemplicity

Seemplicity

Seemplicity revolutionizes the way security teams work by automating, optimizing and scaling all risk reduction workflows in one workspace.

Secfix

Secfix

Secfix helps companies get secure and compliant in weeks instead of months. We are on a mission to automate security and compliance for small and medium-sized businesses.

Cybalt

Cybalt

Cybalt is a security services company that provides end-to-end security solutions to help clients achieve their business goals.

SecurEnvoy

SecurEnvoy

SecurEnvoy are a leader in designing zero access trust solutions using the latest cutting-edge technologies, to protect your users, devices and data, whatever the location.

GlassHouse Technology

GlassHouse Technology

GlassHouse supports customers in their digitalization journey with our deep technical expertise in Managed Cloud and Security Services, SAP Infrastructure Service and Business Continuity Services.

Tamnoon

Tamnoon

Tamnoon is the Managed Cloud Detection and Response platform that helps you turn CNAPP and CSPM alerts into action and fortify your cloud security posture.

Sinergi Digital

Sinergi Digital

Sinergi Digital is a business unit of the Metrodata Group with a focus on providing ICT solution to help accelerating digital transformation.