10/12/2020
By Leonardo Neri and Barbara Oliveira 

Last Monday, the 7th, the restricted committee of the National Commission for Informatics and Liberties (CNIL), France's regulatory body, fined Google 100 million euros and Amazon 35 million euros for violating the Data Protection Law.

The sanction was announced this Thursday (10) by the French regulatory agency. In addition to the fines, the penalized companies must make adjustments to their information notices within three months.

The sanction was applied after it was found that the pages of the aforementioned companies were applying advertising cookies automatically, without any action on the part of the user, which would be violating art. 82 of the French Data Protection Law.

The analyses were carried out between December 2019 and May 2020. For the CNIL, the penalized companies did not provide information in a clear and complete manner, which would be a violation of users' privacy.

Both companies expressed their disagreement with the regulatory agency's decision and claim to constantly update their pages and data protection practices.

In September 2020, the companies redesigned their pages and, according to the CNIL, complied with the legislation.

The sanctions are based on a rule that predates the current European Union General Data Protection Regulation (GDPR), which further tightened data protection rules and the consent regime. From April 2021, the CNIL will be able to impose penalties based on the new legislation.

The applicability of the aforementioned million-dollar fine by the CNIL should be seen as a preview of what will soon happen in Brazil with the entry into force of the General Data Protection Legislation (LGPD). Contact us to learn more about the LGPD.