France Fines Google And Shein For Cookie And Privacy Breaches

France’s data protection authority (CNIL) has fined Google €325 million (₹3,180 crore) and Shein €150 million (₹1,440 crore) for breaching data privacy rules.

Google’s penalty stems from displaying Gmail ads and using cookies without proper consent, while Shein was fined after tests on its French site in August 2023 revealed that cookies were placed even when users opted out.

Under EU’s General Data Protection Regulation (GDPR), cookies are considered personal data and websites must obtain user approval before placing or using them.

Shein said it "firmly contests" CNIL's decision and will appeal, calling the fine "wholly disproportionate" given its compliance and corrective actions.

CNIL has ordered Google to stop showing Gmail ads without prior consent and to obtain valid approval before creating accounts that place ad trackers, with non-compliance attracting a €100,000 (₹90 lakh) daily fine.

A Google spokesperson said the company is reviewing the decision and added that users have always been able to control ad settings. Google noted it has recently made it easier to decline personalized ads and change how ads appear in Gmail.