French privacy regulator fined Google and Facebook for misleading user interface design

In the context: We have recently witnessed a tremendous commitment to user privacy on the Internet. Apart from the General Data Protection Regulation (GDPR), European countries have backtracked on many occasions when it comes to data collection and user tracking.

The latest privacy initiative comes from France, where the National Commission for Informatics and Freedoms (CNIL) fined Google € 150 million ($ 170 million) and Facebook € 60 million ($ 68 million) for obfuscating cookies too much. In addition to the fines, both companies have 90 days to make changes to make it easier to reject cookies, otherwise they face a fine of € 100,000 per day.

According to CNIL, Facebook and Google are using dark patterns to force users to accept tracking cookies. Dark patterns are techniques for designing the user interface in a way that confuses the user or makes him believe he has no choice in the matter – for example, presenting a dialog box that forces users to accept cookies before accessing content, and then hiding means for refusal. cookies for other menus.

Google hires a dark pattern similar to the example above. Watchdog tells that Google websites, including YouTube, offer a one-click way to accept all cookies, but users have to navigate multiple menus to reject all cookies. The CNIL says Google is deliberately making it harder to refuse cookies so that users take an easier route and just accept them.

In the case of Facebook, CNIL says the company also offers a solution to accept all cookies with one click, but it takes a few clicks to opt out. Also, Facebook is deceiving labels an “Accept Cookies” opt-out button, making people think they have no choice.

CNIL states that both cases violate European law, requiring citizens to fully understand their decisions when consenting to data collection. Interestingly, the CNIL does not rely on the current GDPR law in either case. Instead, it uses an older piece of legislation called the Privacy Directive.

TechCrunch notes that Ireland’s privacy regulators enforce GDPR violations reported by any EU member, but very slow. Many American tech firms are locating their European headquarters in Ireland, primarily due to looser taxation and regulation. However, the Privacy Directive allows European countries to directly enforce sanctions in their own countries. Thus, France is using it to ensure that Facebook and Google are brought to justice in a timely manner.

Source link

Leave a Reply

Your email address will not be published.

Back to top button