The Council of State on Friday rejected Google's appeal for the cancellation of a fine of 100 million euros received from the Cnil in 2020 for its "
cookies
", a sanction for which it had considered that the French authority was not competent.
The subsidiaries of Google in Europe "
are not justified in requesting the cancellation of the deliberation of the restricted formation of the Cnil that they are attacking
", wrote in particular the Council of State in its decision, of which AFP had awareness.
Read alsoAdvertising cookies: the CNIL imposes a record fine on Google and sanctions Amazon
“
We take note of the decision of the Council of State which clarifies the judgment rendered by the CNIL last year.
We have made the changes required by the CNIL, which closed the procedure accordingly in 2021. We remain mobilized to work constructively with the CNIL
,” a Google spokesperson told AFP.
A new fine
In December 2020, the French personal data policeman imposed fines of 100 million and 35 million euros respectively on Google and Amazon for non-compliance with the legislation on information prior to the deposit of "
cookies
", web advertising trackers.
During an inspection in March of the same year, the commission had noted 3 shortcomings concerning Google: the deposit of tracers without the Internet user having given his prior consent, the lack of sufficiently clear information on the purpose of "
cookies
and the absence of a procedure to withdraw consent.
This fine, a record for the Cnil at the time, was exceeded at the beginning of January by a new sanction of 150 million euros against Google (and 60 million euros against Facebook), this time concerning the methods of obtaining consent. .
In its argument, Google had questioned the legal interpretation of the links between the two European laws which govern the subject of data on the Internet: the directive on privacy (e-privacy) of 2002 and the general regulation on the protection of personal data. (GDPR) adopted in 2016. According to the search giant's analysis, the case should have gone through the "
European one-stop-shop
" mechanism defined in the GDPR, which defines a lead authority (in Ireland for Google) solely responsible for cross-border issues.
The Cnil had considered that it had jurisdiction to sanction infringements relating to tracers on the basis of the e-privacy directive and had been supported in this interpretation by the judge in chambers of the Council of State in March 2021.