CNIL Cracks Down: Google Faces €325M Fine Over Cookie Consent Gaps
Aime SummaryFrance’s data protection authority, the CNIL, imposed a €325 million ($380 million) fine on GoogleGOOGL-- for violating cookie consent regulations, marking the third major penalty the tech giant has received in recent years over similar issues. The ruling, which the company may appeal, centers on the CNIL’s assertion that Google failed to secure users’ informed consent before deploying advertising cookies. The fine is among the largest ever issued by the regulator and reflects growing scrutiny of how major digital platforms handle user data under European and French law [1].
According to the CNIL, the case involves several specific practices, including the use of a “cookie wall” during account creation. This mechanism, while not inherently illegal, was deemed to lack sufficient transparency about the data being collected, undermining the principle of informed consent. Additionally, the regulator cited Google’s practice of inserting advertisements within Gmail inboxes without securing prior user approval, a violation of European legal standards for direct canvassing [2]. Google has been given six months to bring its systems into compliance; failure to do so could incur daily penalties of €100,000 for both Google and its Irish subsidiary [1].
This is the third significant cookie-related fine against Google from the CNIL, following penalties of €100 million in 2020 and €150 million in 2021. The regulator described these actions as part of a broader strategy to enforce data protection laws over the past five years, particularly targeting high-traffic platforms. The current fine was initially requested at a higher level of €520 million by prosecutors, but the CNIL ultimately settled on €325 million, citing the scale of Google’s user base in France and the extent of the alleged negligence [1].
The CNIL also fined Shein €150 million ($175 million), accusing the fast-fashion platform of amassing “massive” amounts of data from 12 million monthly users without securing informed consent or offering adequate options to withdraw consent. Shein, which has updated its systems to comply with CNIL requirements, announced its intention to appeal the fine, calling it “disproportionate” given its current compliance with the law [2].
Google, in a statement, said it would review the decision but emphasized its compliance with previous CNIL demands. The company has faced increasing regulatory pressure across Europe, particularly in France, where the CNIL has taken a firm stance on data privacy and digital governance. The rulings underscore the growing emphasis on user consent and transparency in the digital economy, particularly as regulators continue to interpret and enforce the European Union’s stringent data protection laws [1].
The case highlights the challenges large tech companies face in aligning their business models with evolving legal standards. As digital platforms rely heavily on data collection for targeted advertising, the CNIL’s actions signal a broader shift toward stricter enforcement of user rights and the need for more transparent consent mechanisms [2].
Source: [1] France 24 with AFP (https://www.france24.com/en/technology/20250903-french-fines-google-shein-cookies) [2] France 24 with AFP (https://www.france24.com/en/live-news/20250903-record-french-fines-for-google-and-shein-over-cookies)
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
Comments
No comments yet