France Fines Microsoft For Privacy Breaches

Uploaded on 2022-12-29 in TECHNOLOGY-Key Areas-Social Media, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

The French digital privacy watchdog in the Commission Nationale de L’informatique et des Libertés (CNIL), announced on 22nd of December that it had fined Microsoft $64M for breaking advertising laws. The CNIL said the Microsoft search engine Bing was operating with a system that did not allow users to easily get out of cookie collection. 

This  is a requirement under the EU’s General Data Protection Regulation and the Microsoft fine is the largest the CNIL has given this year. The Microsoft fine was issued to Microsoft’s European HQ in Ireland and the company has been given three months to rectify the issue, with a potential further penalty of 60,000 Euros per day overdue.

CNIL said the large fine was justified due to the money Microsoft made from advertising profits generated from the violation. 

When users visited Bing, cookies were deposited on their terminals without consent and later used for advertising purposes, the CNIL said. Although Bing offered a button to accept cookies, two clicks were needed to refuse them. This type of cookie can be placed only after the user's consent according to the law, the statement added.
The regulator observed a more complex refusal mechanism of cookies on the website to discourage users from refusing cookies and "encouraging them to favor the ease of the consent button appearing in the first window."
It was considered a process "violating the freedom of consent of internet users."

Microsoft said that it had implemented changes to its cookie collection process before the CNIL’s investigation began. "We continue to respectfully be concerned with the CNIL's position on advertising fraud," it said, adding that it believes the French watchdog's "position will harm French individuals and businesses."

The Microsoft case follows complaints by privacy campaigning group Noyb that Meta's three apps fail to meet Europe's strict rules on data protection. Google and Facebook were sanctioned by the CNIL in 2021 with fines of €150m and €60m respectively ($159m and $64m) for similar breaches of the GDPR.

CNIL:    Microsoft:    VNExpress:      Anadolu Agency:      Oodaloop:       Infosecurity Magazine:    Daily Sabah

You Might Also Read: 

EU Still Blocking Social Media Users' Data Transfer:

 

« Four Major Cyber Attacks In 2022: How To Not Repeat History In 2023
US Bans Government Users From Using TikTok »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CNCERT/CC

CNCERT/CC

CNCERT is the national Computer Network Emergency Response Technical Team / Coordination Center of China.

Cyber Security & Information Systems Information Analysis Center (CSIAC)

Cyber Security & Information Systems Information Analysis Center (CSIAC)

CSIAC is chartered to leverage best practices and expertise from government, industry, and academia on cyber security and information technology.

IronNet Cybersecurity

IronNet Cybersecurity

IronNet’s product and services provide enterprise-wide security management and visibility of your network, users and assets.

GMV

GMV

GMV is a technological business group offering solutions, services and products in diverse sectors including Intelligent Transportation Systems, Cybersecurity, Telecoms and IT.

Forum of Incident Response & Security Teams (FIRST)

Forum of Incident Response & Security Teams (FIRST)

FIRST is the global Forum of Incident Response and Security Teams.

Gallarus Industry Solutions

Gallarus Industry Solutions

Gallarus leads innovation within industrial Manufacturing, Production and Management Systems, including Cyber Security solutions specifically developed to protect against the latest cyber criminality.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

SIRP Labs

SIRP Labs

SIRP is a Risk-based Security Orchestration, Automation and Response (SOAR) platform that fuses essential cybersecurity information to enable a unified cyber response.

Sunartek Labs

Sunartek Labs

Sunartek are equipped with expert resources and advanced technology to identify cyber threats and prevent any breach, bypassing the security network of your organization.

DTS Systeme

DTS Systeme

DTS Systeme is an IT service provider with a focus on the core areas of datacenter, technologies and IT security.

HackEDU

HackEDU

HackEDU provides secure coding training to companies ranging from startups to the Fortune 500.

Defentry

Defentry

Defentry have created an Ecosystem that lets our users easily monitor, train and resolve their digital security issues.

CyberCatch

CyberCatch

CyberCatch provides an innovative cybersecurity Software-as-a-Service (SaaS) platform designed for SMBs.

CloudScale365

CloudScale365

CloudScale365 offers state-of-the-art managed IT services and cloud, hosting, security, and business continuity solutions.

CYMAR

CYMAR

CYMAR The “CYBER” Smart Solution to offer sustainability and bring resilience to Global SMART Terminals and protect the supply chain of the World’s economy.

ArmorX AI

ArmorX AI

ArmorX AI (formerly Kapalya) operates an encryption management platform designed to encrypt all data in transit and at rest on mobile end-points, corporate servers, and cloud servers.