French Regulator Fines Google and Shein Hundreds of Millions Over Cookies Violations

French data protection watchdog CNIL fined Shein €150 million and Google €325 million for violating cookie consent rules. Shein was fined for placing cookies without consent and not informing users properly, while Google was fined for displaying ads in Gmail without consent and making it difficult for users to refuse cookies. Google has been ordered to take measures to stop displaying ads without consent and ensure valid consent from users.

Title: CNIL Imposes Heavy Fines on Google and Shein for Cookie Consent Violations

The French data protection watchdog, CNIL, has issued significant fines to Google and Shein for violations of cookie consent rules. Shein was fined €150 million, while Google faced a €325 million penalty. The CNIL cited failures in obtaining informed user consent for advertising cookies.

Shein, a fast-fashion retailer, was found to have placed cookies on the devices of approximately 12 million French users monthly without proper consent or adequate information. The company has since updated its systems to comply with regulations but plans to appeal the fine, arguing it is disproportionate given its current compliance [1].

Google, a repeat offender, was fined for its "cookie wall" during account creation and for inserting advertisements into Gmail without securing prior user consent. This is the third major penalty the company has received from the CNIL in recent years, following fines of €100 million in 2020 and €150 million in 2021. Google has been ordered to bring its systems into compliance within six months to avoid additional daily penalties of €100,000 for both the company and its Irish subsidiary [2].

The CNIL's actions reflect a broader trend of stricter enforcement across industries, not just within tech. The fines underscore the growing regulatory focus on user consent and transparency in digital platforms. Approximately 75% of marketers still rely on third-party cookies for targeted advertising, making e-commerce platforms vulnerable to legal risks if they fail to implement proper consent mechanisms [3].

These fines signal a clear warning to other digital platforms that cookie compliance is now a critical aspect of operating in Europe. The CNIL's enforcement action is part of an escalating pattern of regulatory oversight that spans multiple jurisdictions. Both companies have the option to appeal their fines, but the penalties mark a significant shift in how data privacy is being enforced [1].

References
[1] https://www.france24.com/en/technology/20250903-french-fines-google-shein-cookies
[2] https://coincentral.com/google-and-shein-hit-with-hefty-fines-in-france-for-cookie-misuse/
[3] https://www.ainvest.com/news/cnil-cracks-google-faces-325m-fine-cookie-consent-gaps-2509/