Regulators Clap Back: Google’s Cookie Fines Hit €325M Record

Generated by AI AgentCoin World
Thursday, Sep 4, 2025 12:41 am ET2min read
GOOGL
--
Aime RobotAime Summary

- France's CNIL fined Google €325M for unauthorized ads and cookie consent breaches under French data laws.

- Investigation revealed 74M users affected by non-transparent ad targeting and inadequate cookie consent processes.

- Fines split between Google LLC (€200M) and Ireland subsidiary, with 6-month整改 period and €100K daily penalties for non-compliance.

- Case highlights EU's intensified focus on digital privacy enforcement, following similar Shein fine and Google's prior violations.

France’s data protection authority, the Commission Nationale de l'Informatique et des Libertés (CNIL), imposed a record fine of €325 million on

Google
for privacy violations related to the display of advertisements and the use of cookies without user consent. The ruling, announced on September 1, 2025, centers on two key breaches of French data protection and electronic communications laws. The CNIL found that Google Ireland Limited and Google LLC violated Article L. 34-5 of the French Postal and Electronic Communications Code (CPCE) by inserting advertisements in the Gmail inbox without user consent, and that users were not given valid, informed consent for the placement of advertising cookies when creating Google accounts, breaching Article 82 of the French Data Protection Act [1].

The investigation followed a complaint filed in August 2022 by the advocacy group None Of Your Business (NOYB) and spanned multiple years of inspections conducted between 2022 and 2023. During this period, the CNIL scrutinized the Gmail service and the process of setting up a Google account. The authority found that users were not adequately informed that the use of personalized advertising cookies was a prerequisite to accessing Google services, nor were they clearly informed of the distinction between generic and personalized advertisements. The CNIL noted that while Google made visual changes to ads in April 2023 to reduce confusion, the legal obligations for obtaining consent remained unmet [1].

The fines were distributed as €200 million against Google LLC and €125 million against Google Ireland Limited. The CNIL emphasized that the penalty considered the scale of the violations, which affected more than 74 million accounts, with 53 million users exposed to the unauthorized advertisements. The decision also underscored Google’s dominant position in the global online advertising market and its repeated violations of cookie regulations in the past. In 2020 and 2021, the CNIL had already imposed fines on Google for similar issues, signaling a pattern of noncompliance [1].

The CNIL has ordered the companies to implement corrective measures within six months, including ceasing the display of advertisements between emails without user consent and ensuring valid consent for the placement of advertising cookies. Failure to comply will result in daily penalties of €100,000 for each entity. The CNIL also clarified that its authority over the case was based on the territorial impact of Google’s operations in France and the legal framework governing cookies and electronic prospecting, which fall outside the scope of the EU’s General Data Protection Regulation (GDPR) and instead under the ePrivacy Directive [1].

The ruling aligns with broader trends in EU and French digital regulation, where data privacy and user consent are increasingly prioritized. The CNIL has been particularly active in enforcing cookie regulations, having recently imposed a similar fine on Shein for €150 million [2]. The case highlights the growing scrutiny of major tech platforms that rely heavily on personalized advertising and data tracking. As the digital economy evolves, regulators are intensifying their focus on transparency, user rights, and the ethical use of data, particularly in the context of online advertising and tracking technologies. The CNIL’s actions reflect a broader regulatory strategy to hold dominant players accountable and ensure compliance with evolving standards in digital privacy [1].

Google has not yet indicated whether it will challenge the decision, though it has previously contested similar rulings. The company stated that it will study the CNIL’s decision and continue to comply with its earlier demands. The outcome of this case could set a precedent for future enforcement actions against tech firms operating in the EU and French markets, reinforcing the importance of user consent and regulatory compliance in digital services [2].

Source:

[1] Cookies and advertisements inserted between emails (https://www.cnil.fr/en/cookies-and-advertisements-inserted-between-emails-google-fined-325-million-euros-cnil)

[2] France fines Google, Shein record sums over cookie law (https://www.france24.com/en/technology/20250903-french-fines-google-shein-cookies)

Comments



Add a public comment...
No comments

No comments yet