France’s privacy watchdog fines Microsoft Ireland €60m

CNIL sanctioned the firm for not having put in place a mechanism to let people refuse cookies as easily as accepting them

France’s CNIL privacy watchdog said it had imposed a €60 million fine against Microsoft Ireland, saying it sanctioned the company for not having put in place a mechanism to let people refuse cookies as easily as accepting them.

The fine was imposed after a complaint was made about cookies on, prompting the regulator to make a number of checks on the site during September 2020 and May 2021. The complaint had related to cookies being lodged on a user’s computer when they logged on to the search engine. Cookies are often used to facilitate targeted advertising.

CNIL said the €60 million fine was justified on a number of fronts, including the number of people affected and the advertising benefits Microsoft Ireland might indirectly have drawn from the cookies.

In a statement, Microsoft said it had “fully co-operated” with the French regulator and had introduced key changes to its cookie practices even before CNIL’s investigation started.


The company expressed concern, however, with what it described as “CNIL’s position on advertising fraud”.

“We believe the CNIL’s position will harm French individuals and businesses by allowing fraud to spread online,” Microsoft said.

The Wall Street Journal reported that the company argued that advertising cookies should not require consent by those intending to defraud others. The Journal also reported that Microsoft has not yet decided on a possible appeal.

The Microsoft fine maintains a trend of active regulation by CNIL. Earlier this year, it fined Alphabet’s Google a record €150 million for making it difficult for internet users to refuse cookies. Facebook was also fined €60 million for the same reason. – Additional reporting: Reuters

Ciara O'Brien

Ciara O'Brien

Ciara O'Brien is an Irish Times business and technology journalist