·¨¹ú¶Ô¡°ºÚ°µÄ£Ê½¡±ÖØȳö»÷£¬¹È¸èºÍFacebook±»·£½ü2.4ÒÚÃÀÔª
ÍøÕ¾ÍùÍù»áÓÕµ¼Óû§Í¬ÒâÍøÕ¾¸ú×Ùcookie£¬ËüÃǵÄ×ö·¨ÊÇÔö¼ÓÓû§¾Ü¾øÍøÕ¾ÒªÇóµÄÄѶȡ£1ÔÂ6ÈÕ£¬·¨¹úµÄÊý¾Ý±£»¤¼à¹Ü»ú¹¹¿ªÊ¼´ò»÷¿Æ¼¼ÒµÄÚÕâÖÖËùνµÄ¡°ºÚ°µÄ£Ê½¡±£¬¶ÔFacebook¡¢¹È¸è£¨Google£©ºÍYouTube¹²´¦ÒÔ2.1ÒÚÅ·Ôª£¨Ô¼ºÏ2.38ÒÚÃÀÔª£©·£¿î¡£
·¨¹ú¹ú¼ÒÐÅÏ¢Óë×ÔÓÉίԱ»á£¨CNIL£©±íʾ£¬ÕâЩ¹«Ë¾µÄÐÐΪΥ·´ÁË¡¶·¨¹úÊý¾Ý±£»¤·¨¡·£¨French Data Protection Act£©£¬¶ÔFacebook·£¿î6000ÍòÅ·Ôª£¬¶Ô¹È¸è¼°ÆäÊÓƵÁ÷ýÌåÒµÎñ·£¿î1.5ÒÚÅ·Ôª¡£³ý·£¿îÒÔÍ⣬¸Ã¼à¹Ü»ú¹¹»¹ÒªÇóÕâЩ¹«Ë¾ÔÚÈý¸öÔÂÄÚÐÞ¸ÄÆäcookie½ÓÊÜ/¾Ü¾ø»úÖÆ£¬·ñÔò½«ÃæÁÙÿÌì10ÍòÅ·ÔªµÄ·£¿î¡£
Å·ÖÞÑϸñµÄÔÚÏßÒþ˽±£»¤ÖƶÈÓÚ2021ÄêÕýʽÆô¶¯£¬Ö®Ç°°ä²¼µÄ¡¶Í¨ÓÃÊý¾Ý±£»¤ÌõÀý¡·£¨General Data Protection Regulation£©ÔÚ2021ÄêµÄ·£¿î×ܶ¹ý10ÒÚÅ·Ôª£¬Ö÷Òª°üÀ¨Â¬É±¤ºÍ°®¶ûÀ¼·Ö±ð¶ÔÑÇÂíÑ·£¨Amazon£©ºÍWhatsAppÊÕÈ¡µÄ¾Þ¶î·£¿î¡£¡¶Í¨ÓÃÊý¾Ý±£»¤ÌõÀý¡·µÄÓ°Ï첢ûÓÐÈËÃÇËùµ£ÐĵÄÄÇôÑÏÖØ¡£
µ«·¨¹ú¹ú¼ÒÐÅÏ¢Óë×ÔÓÉίԱ»á×î½üµÄ·£¿îÈ´ÊÇÒÀ¾ÝÁíÍâÒ»ÏîÅ·ÃË·¨ÂÉ£º¡¶µç×ÓÒþ˽ָÁî¡·£¨ePrivacy Directive£©¡£¸ÃÖ¸ÁîÔÚÔ¼20ÄêÇ°±»×ª±ä³É·¨¹ú·¨ÂÉ¡£ÕâÏî¡°¹ÅÀϵġ±£¨ÔÚ»¥ÁªÍøʱ´ú£©·¨Âɼ´ÈËÃdz£ËµµÄ¡°cookie·¨ÂÉ¡±£¬±¾À´Ó¦¸ÃÔÚÎåÄêÇ°±»È¡´ú£¬µ«Á¢·¨³ÌÐòÈ´¶à´ÎÍ£ÖͲ»Ç°¡£
Cookie£¿Ã»´í£¡
Óû§Í¬ÒâÊÇcookie·¨ÂɵĹؼü£¬¶ø·¨¹ú¹ú¼ÒÐÅÏ¢Óë×ÔÓÉίԱ»áÈÏΪFacebookºÍ¹È¸è²¢Ã»ÓÐÇ¡µ±»ñµÃÓû§Í¬Òâ¡£
¸Ã¼à¹Ü»ú¹¹ÅúÆÀ¹È¸èºÍYouTubeµÄÍøÕ¾³Æ£º¡°Óû§¾Ü¾øÈ«²¿cookieÐèÒªµã»÷¶à´Î£¬µ«½ÓÊÜcookieÈ´Ö»ÐèÒªµã»÷Ò»´Î¡£¡±
FacebookµÄÍøÕ¾Ò²´æÔÚͬÑùµÄÎÊÌ⣬ֻÊǸüà¹Ü»ú¹¹ÔÚ1ÔÂ6ÈÕµÄÉùÃ÷ÖжîÍâÔö¼ÓÁËÒ»¾äÓÐȤµÄÆÀÂÛ£º¡°·¨¹ú¹ú¼ÒÐÅÏ¢Óë×ÔÓÉίԱ»á»¹·¢ÏÖ£¬ÔÊÐíÓû§¾Ü¾øcookieµÄ°´Å¥Î»ÓÚµÚ¶þ¸ö´°¿Úµ×²¿£¬µ«±ê×¢µÄÈ´ÊÇ¡®½ÓÊÜcookie¡¯¡£¡±¸Ã»ú¹¹±íʾ£¬ÕâЩÍøÕ¾µÄ»úÖƾùͨ¹ý¡°Ó°Ï컥ÁªÍøÓû§Í¬Òâ×ÔÓÉ¡±µÄ³ÌÐò£¬×èÖ¹Óû§¾Ü¾øcookie¡£
Facebookĸ¹«Ë¾MetaµÄ·¢ÑÔÈË˵£º¡°ÎÒÃÇÕýÔÚÆÀ¹À¸Ã²¿Ãŵľö¶¨£¬²¢¼ÌÐøÖÂÁ¦ÓÚÓëÏà¹Ø²¿ÃźÏ×÷¡£ÎÒÃǵÄcookieͬÒâ¿ØÖÆ´ëʩΪÓû§ÌṩÁ˶ÔÆä¸öÈËÊý¾ÝµÄ½Ï´ó¿ØÖÆȨ£¬°üÀ¨ÔÚFacebookºÍInstagramÉÏÐÂÔöÒ»¸öÉèÖò˵¥£¬Ö§³ÖÓû§ËæʱÖØв鿴ºÍ¹ÜÀí×Ô¼ºµÄ¾ö¶¨£¬²¢ÇÒÎÒÃǽ«¼ÌÐø¿ª·¢ºÍÍêÉÆÕâЩ¿ØÖÆ´ëÊ©¡£¡±
¹È¸èµÄ·¢ÑÔÈ˱íʾ£º¡°ÈËÃÇÏàÐÅÎÒÃÇ»á×ðÖØËûÃǵÄÒþ˽Ȩ²¢±£ÕÏËûÃǵݲȫ¡£ÎÒÃÇÉîÖªÎÒÃÇÓÐÔðÈα£»¤ÕâÖÖÐÅÈΣ¬²¢³Ðŵ¸ù¾Ý¡¶µç×ÓÒþ˽ָÁî¡·µÄ¹æ¶¨£¬ÒԴ˴ξö¶¨Îª»ù´¡¼ÌÐø×ö³öµ÷Õû£¬Í¬·¨¹ú¹ú¼ÒÐÅÏ¢Óë×ÔÓÉίԱ»áÃÜÇкÏ×÷¡£¡±
¡°ºÚ°µÄ£Ê½¡±
Õâ²¢·ÇFacebookºÍ¹È¸èÊ״α»Ö¸¿ØʹÓúڰµÄ£Ê½ÕâÖÖÓÐÆÛÆÐÔµÄÉè¼Æ£¬ÓÕµ¼Óû§·ÅÆúËûÃǵÄÒþ˽¡£
¼¸ÄêÇ°£¬¡¶Í¨ÓÃÊý¾Ý±£»¤ÌõÀý¡·Õýʽ°ä²¼ºó²»¾Ã£¬Å·ÖÞ¸÷µØµÄÏû·ÑÕßÍÅÌåÔø¾Ïò¹ú¼ÒÒþ˽¼à¹Ü»ú¹¹ÇëÇóµ÷²éºÚ°µÄ£Ê½¡£Å²ÍþÏû·ÑÕßлᣨNorwegian Consumer Council£©×÷Ϊ¸ÃÐж¯µÄÖ÷Òª·¢ÆðÕߣ¬Ôø¾ÕýʽÏòŲÍþµÄÊý¾Ý±£»¤¼à¹Ü»ú¹¹Í¶Ë߹ȸ衣
µ«¸ù¾Ý¡¶Í¨ÓÃÊý¾Ý±£»¤ÌõÀý¡·Ïµġ°Ò»Õ¾Ê½¡±»úÖÆ£¬ÕâÀàͶËßÓ¦¸ÃÓɹ«Ë¾Å·ÖÞ×ܲ¿ËùÔÚ¹ú¼ÒµÄ¼à¹Ü»ú¹¹´¦Àí£¬¶ø´ó²¿·Ö´óÐͿƼ¼¹«Ë¾µÄ×ܲ¿¶¼Î»ÓÚ°®¶ûÀ¼¡£Òò´Ë£¬ÕâÏîͶËß±»×ª½»¸ø°®¶ûÀ¼Êý¾Ý±£»¤Î¯Ô±»á£¨Irish Data Protection Commission£©¡£ÖÚËùÖÜÖª£¬¸Ã»ú¹¹Ð§ÂʵÍϲ¢ÇÒ×ʽð²»×㣬Òò´Ë¸Ã°¸ºóÀ´¾Í²»ÁËÁËÖ®ÁË¡£
·¨¹ú¹ú¼ÒÐÅÏ¢Óë×ÔÓÉίԱ»á±ÜÃâÁËÕâ¸öÏÝÚ壬ÒÀ¾Ý¡¶µç×ÓÒþ˽ָÁî¡·Õë¶Ô¹È¸èºÍFacebook²ÉÈ¡Ðж¯¡£¸Ã»ú¹¹ÔÚ1ÔÂ6ÈÕµÄÉùÃ÷Öз´¸´Ìáµ½£¬Æä¶ÔÓÚÔÚ·¨¹ú¾³ÄÚÎ¥·´¡¶µç×ÓÒþ˽ָÁî¡·µÄÐÐΪÓд¦ÒÔ·£¿îµÄ˾·¨¹ÜϽȨ¡£
ŲÍþÏû·ÑÕßлáµÄÊý×ÖÕþ²ßÖ÷¹Ü·Ò¶÷¡¤Ã׶û˹ËþµÂÔÚ1ÔÂ6ÈÕ¸æËß¡¶²Æ¸»¡·ÔÓÖ¾£º¡°·¨¹ú¹ú¼ÒÐÅÏ¢Óë×ÔÓÉίԱ»áµÄ¾ö¶¨·¢³öÁËÇ¿ÁÒµÄÐźţ¬¼´ÍøÕ¾±ØÐë¸øÓû§ÕæÕý¹«Æ½µÄÑ¡ÔñȨ£¬²»ÄÜÓÕµ¼Óû§½ÓÊÜ·ûºÏ¹«Ë¾¡®×ÔÉíÀûÒ桯µÄÌõ¼þ¡£¡±
ÃÀ¹úµç×ÓÒþ˽ÐÅÏ¢ÖÐÐÄ£¨Electronic Privacy Information Center£©Ôø¾¶à´ÎÏòÃÀ¹úÁª°îóÒ×ίԱ»á£¨Federal Trade Commission£©Í¶ËߺڰµÄ£Ê½¡£ÔÚÃÀ¹ú×ÜͳÇÇ¡¤°ÝµÇÕþ¸®Ö´ÕþÆڼ䣬ÃÀ¹úÁª°îóÒ×ίԱ»á¸ü¼ÓÖ§³ÖÕâÀàͶËß¡£ËüÔÚ2021Äê10ÔÂÔø¾±íʾ£¬½«Õë¶Ô¡°ÆÛÆ»òÒýÓÕÏû·ÑÕßÑ¡Ôñ¶©ÔÄ·þÎñ¡±µÄºÚ°µÄ£Ê½¼Ó´óÖ´·¨Á¦¶È¡££¨²Æ¸»ÖÐÎÄÍø£©
·Ò룺Áõ½øÁú
ÉóУ£ºÍôð©
ÍøÕ¾ÍùÍù»áÓÕµ¼Óû§Í¬ÒâÍøÕ¾¸ú×Ùcookie£¬ËüÃǵÄ×ö·¨ÊÇÔö¼ÓÓû§¾Ü¾øÍøÕ¾ÒªÇóµÄÄѶȡ£1ÔÂ6ÈÕ£¬·¨¹úµÄÊý¾Ý±£»¤¼à¹Ü»ú¹¹¿ªÊ¼´ò»÷¿Æ¼¼ÒµÄÚÕâÖÖËùνµÄ¡°ºÚ°µÄ£Ê½¡±£¬¶ÔFacebook¡¢¹È¸è£¨Google£©ºÍYouTube¹²´¦ÒÔ2.1ÒÚÅ·Ôª£¨Ô¼ºÏ2.38ÒÚÃÀÔª£©·£¿î¡£
·¨¹ú¹ú¼ÒÐÅÏ¢Óë×ÔÓÉίԱ»á£¨CNIL£©±íʾ£¬ÕâЩ¹«Ë¾µÄÐÐΪΥ·´ÁË¡¶·¨¹úÊý¾Ý±£»¤·¨¡·£¨French Data Protection Act£©£¬¶ÔFacebook·£¿î6000ÍòÅ·Ôª£¬¶Ô¹È¸è¼°ÆäÊÓƵÁ÷ýÌåÒµÎñ·£¿î1.5ÒÚÅ·Ôª¡£³ý·£¿îÒÔÍ⣬¸Ã¼à¹Ü»ú¹¹»¹ÒªÇóÕâЩ¹«Ë¾ÔÚÈý¸öÔÂÄÚÐÞ¸ÄÆäcookie½ÓÊÜ/¾Ü¾ø»úÖÆ£¬·ñÔò½«ÃæÁÙÿÌì10ÍòÅ·ÔªµÄ·£¿î¡£
Å·ÖÞÑϸñµÄÔÚÏßÒþ˽±£»¤ÖƶÈÓÚ2021ÄêÕýʽÆô¶¯£¬Ö®Ç°°ä²¼µÄ¡¶Í¨ÓÃÊý¾Ý±£»¤ÌõÀý¡·£¨General Data Protection Regulation£©ÔÚ2021ÄêµÄ·£¿î×ܶ¹ý10ÒÚÅ·Ôª£¬Ö÷Òª°üÀ¨Â¬É±¤ºÍ°®¶ûÀ¼·Ö±ð¶ÔÑÇÂíÑ·£¨Amazon£©ºÍWhatsAppÊÕÈ¡µÄ¾Þ¶î·£¿î¡£¡¶Í¨ÓÃÊý¾Ý±£»¤ÌõÀý¡·µÄÓ°Ï첢ûÓÐÈËÃÇËùµ£ÐĵÄÄÇôÑÏÖØ¡£
µ«·¨¹ú¹ú¼ÒÐÅÏ¢Óë×ÔÓÉίԱ»á×î½üµÄ·£¿îÈ´ÊÇÒÀ¾ÝÁíÍâÒ»ÏîÅ·ÃË·¨ÂÉ£º¡¶µç×ÓÒþ˽ָÁî¡·£¨ePrivacy Directive£©¡£¸ÃÖ¸ÁîÔÚÔ¼20ÄêÇ°±»×ª±ä³É·¨¹ú·¨ÂÉ¡£ÕâÏî¡°¹ÅÀϵġ±£¨ÔÚ»¥ÁªÍøʱ´ú£©·¨Âɼ´ÈËÃdz£ËµµÄ¡°cookie·¨ÂÉ¡±£¬±¾À´Ó¦¸ÃÔÚÎåÄêÇ°±»È¡´ú£¬µ«Á¢·¨³ÌÐòÈ´¶à´ÎÍ£ÖͲ»Ç°¡£
Cookie£¿Ã»´í£¡
Óû§Í¬ÒâÊÇcookie·¨ÂɵĹؼü£¬¶ø·¨¹ú¹ú¼ÒÐÅÏ¢Óë×ÔÓÉίԱ»áÈÏΪFacebookºÍ¹È¸è²¢Ã»ÓÐÇ¡µ±»ñµÃÓû§Í¬Òâ¡£
¸Ã¼à¹Ü»ú¹¹ÅúÆÀ¹È¸èºÍYouTubeµÄÍøÕ¾³Æ£º¡°Óû§¾Ü¾øÈ«²¿cookieÐèÒªµã»÷¶à´Î£¬µ«½ÓÊÜcookieÈ´Ö»ÐèÒªµã»÷Ò»´Î¡£¡±
FacebookµÄÍøÕ¾Ò²´æÔÚͬÑùµÄÎÊÌ⣬ֻÊǸüà¹Ü»ú¹¹ÔÚ1ÔÂ6ÈÕµÄÉùÃ÷ÖжîÍâÔö¼ÓÁËÒ»¾äÓÐȤµÄÆÀÂÛ£º¡°·¨¹ú¹ú¼ÒÐÅÏ¢Óë×ÔÓÉίԱ»á»¹·¢ÏÖ£¬ÔÊÐíÓû§¾Ü¾øcookieµÄ°´Å¥Î»ÓÚµÚ¶þ¸ö´°¿Úµ×²¿£¬µ«±ê×¢µÄÈ´ÊÇ¡®½ÓÊÜcookie¡¯¡£¡±¸Ã»ú¹¹±íʾ£¬ÕâЩÍøÕ¾µÄ»úÖƾùͨ¹ý¡°Ó°Ï컥ÁªÍøÓû§Í¬Òâ×ÔÓÉ¡±µÄ³ÌÐò£¬×èÖ¹Óû§¾Ü¾øcookie¡£
Facebookĸ¹«Ë¾MetaµÄ·¢ÑÔÈË˵£º¡°ÎÒÃÇÕýÔÚÆÀ¹À¸Ã²¿Ãŵľö¶¨£¬²¢¼ÌÐøÖÂÁ¦ÓÚÓëÏà¹Ø²¿ÃźÏ×÷¡£ÎÒÃǵÄcookieͬÒâ¿ØÖÆ´ëʩΪÓû§ÌṩÁ˶ÔÆä¸öÈËÊý¾ÝµÄ½Ï´ó¿ØÖÆȨ£¬°üÀ¨ÔÚFacebookºÍInstagramÉÏÐÂÔöÒ»¸öÉèÖò˵¥£¬Ö§³ÖÓû§ËæʱÖØв鿴ºÍ¹ÜÀí×Ô¼ºµÄ¾ö¶¨£¬²¢ÇÒÎÒÃǽ«¼ÌÐø¿ª·¢ºÍÍêÉÆÕâЩ¿ØÖÆ´ëÊ©¡£¡±
¹È¸èµÄ·¢ÑÔÈ˱íʾ£º¡°ÈËÃÇÏàÐÅÎÒÃÇ»á×ðÖØËûÃǵÄÒþ˽Ȩ²¢±£ÕÏËûÃǵݲȫ¡£ÎÒÃÇÉîÖªÎÒÃÇÓÐÔðÈα£»¤ÕâÖÖÐÅÈΣ¬²¢³Ðŵ¸ù¾Ý¡¶µç×ÓÒþ˽ָÁî¡·µÄ¹æ¶¨£¬ÒԴ˴ξö¶¨Îª»ù´¡¼ÌÐø×ö³öµ÷Õû£¬Í¬·¨¹ú¹ú¼ÒÐÅÏ¢Óë×ÔÓÉίԱ»áÃÜÇкÏ×÷¡£¡±
¡°ºÚ°µÄ£Ê½¡±
Õâ²¢·ÇFacebookºÍ¹È¸èÊ״α»Ö¸¿ØʹÓúڰµÄ£Ê½ÕâÖÖÓÐÆÛÆÐÔµÄÉè¼Æ£¬ÓÕµ¼Óû§·ÅÆúËûÃǵÄÒþ˽¡£
¼¸ÄêÇ°£¬¡¶Í¨ÓÃÊý¾Ý±£»¤ÌõÀý¡·Õýʽ°ä²¼ºó²»¾Ã£¬Å·ÖÞ¸÷µØµÄÏû·ÑÕßÍÅÌåÔø¾Ïò¹ú¼ÒÒþ˽¼à¹Ü»ú¹¹ÇëÇóµ÷²éºÚ°µÄ£Ê½¡£Å²ÍþÏû·ÑÕßлᣨNorwegian Consumer Council£©×÷Ϊ¸ÃÐж¯µÄÖ÷Òª·¢ÆðÕߣ¬Ôø¾ÕýʽÏòŲÍþµÄÊý¾Ý±£»¤¼à¹Ü»ú¹¹Í¶Ë߹ȸ衣
µ«¸ù¾Ý¡¶Í¨ÓÃÊý¾Ý±£»¤ÌõÀý¡·Ïµġ°Ò»Õ¾Ê½¡±»úÖÆ£¬ÕâÀàͶËßÓ¦¸ÃÓɹ«Ë¾Å·ÖÞ×ܲ¿ËùÔÚ¹ú¼ÒµÄ¼à¹Ü»ú¹¹´¦Àí£¬¶ø´ó²¿·Ö´óÐͿƼ¼¹«Ë¾µÄ×ܲ¿¶¼Î»ÓÚ°®¶ûÀ¼¡£Òò´Ë£¬ÕâÏîͶËß±»×ª½»¸ø°®¶ûÀ¼Êý¾Ý±£»¤Î¯Ô±»á£¨Irish Data Protection Commission£©¡£ÖÚËùÖÜÖª£¬¸Ã»ú¹¹Ð§ÂʵÍϲ¢ÇÒ×ʽð²»×㣬Òò´Ë¸Ã°¸ºóÀ´¾Í²»ÁËÁËÖ®ÁË¡£
·¨¹ú¹ú¼ÒÐÅÏ¢Óë×ÔÓÉίԱ»á±ÜÃâÁËÕâ¸öÏÝÚ壬ÒÀ¾Ý¡¶µç×ÓÒþ˽ָÁî¡·Õë¶Ô¹È¸èºÍFacebook²ÉÈ¡Ðж¯¡£¸Ã»ú¹¹ÔÚ1ÔÂ6ÈÕµÄÉùÃ÷Öз´¸´Ìáµ½£¬Æä¶ÔÓÚÔÚ·¨¹ú¾³ÄÚÎ¥·´¡¶µç×ÓÒþ˽ָÁî¡·µÄÐÐΪÓд¦ÒÔ·£¿îµÄ˾·¨¹ÜϽȨ¡£
ŲÍþÏû·ÑÕßлáµÄÊý×ÖÕþ²ßÖ÷¹Ü·Ò¶÷¡¤Ã׶û˹ËþµÂÔÚ1ÔÂ6ÈÕ¸æËß¡¶²Æ¸»¡·ÔÓÖ¾£º¡°·¨¹ú¹ú¼ÒÐÅÏ¢Óë×ÔÓÉίԱ»áµÄ¾ö¶¨·¢³öÁËÇ¿ÁÒµÄÐźţ¬¼´ÍøÕ¾±ØÐë¸øÓû§ÕæÕý¹«Æ½µÄÑ¡ÔñȨ£¬²»ÄÜÓÕµ¼Óû§½ÓÊÜ·ûºÏ¹«Ë¾¡®×ÔÉíÀûÒ桯µÄÌõ¼þ¡£¡±
ÃÀ¹úµç×ÓÒþ˽ÐÅÏ¢ÖÐÐÄ£¨Electronic Privacy Information Center£©Ôø¾¶à´ÎÏòÃÀ¹úÁª°îóÒ×ίԱ»á£¨Federal Trade Commission£©Í¶ËߺڰµÄ£Ê½¡£ÔÚÃÀ¹ú×ÜͳÇÇ¡¤°ÝµÇÕþ¸®Ö´ÕþÆڼ䣬ÃÀ¹úÁª°îóÒ×ίԱ»á¸ü¼ÓÖ§³ÖÕâÀàͶËß¡£ËüÔÚ2021Äê10ÔÂÔø¾±íʾ£¬½«Õë¶Ô¡°ÆÛÆ»òÒýÓÕÏû·ÑÕßÑ¡Ôñ¶©ÔÄ·þÎñ¡±µÄºÚ°µÄ£Ê½¼Ó´óÖ´·¨Á¦¶È¡££¨²Æ¸»ÖÐÎÄÍø£©
·Ò룺Áõ½øÁú
ÉóУ£ºÍôð©
Websites regularly try to steer users toward accepting their tracking cookies by making it relatively hard to reject them. On January 6, France's data protection watchdog struck back against such tricks¡ªknown in the tech industry as "dark patterns"¡ªby fining Facebook, Google, and YouTube a total of €210 million ($238 million).
The agency, known as CNIL, said the companies' actions violated the French Data Protection Act. Apart from these fines¡ª€60 million for Facebook and €150 million for Google and its video-streaming business¡ªit gave them three months to change how their cookie acceptance/rejection mechanisms work, or face further penalties of €100,000 a day.
Europe's tough online privacy regime really kicked into gear in 2021, when fines under the previously less-than-feared General Data Protection Regulation (GDPR) totaled more than €1 billion, mostly thanks to blockbuster fines for Amazon and WhatsApp, levied in Luxembourg and Ireland respectively.
CNIL's latest fines, however, were underpinned by a different piece of EU legislation: the ePrivacy Directive, which was transposed into French law some two decades ago. Popularly known as the "cookie law," this ancient (in internet time) rulebook was supposed to be replaced five years ago, though the legislative process has repeatedly stalled.
Cookies? Doh!
Users' consent is central to the cookie law and, according to CNIL, Facebook and Google haven't been getting it fairly.
"Several clicks are required to refuse all cookies, against a single one to accept them," the regulator complained regarding Google and YouTube's websites.
The same applies to Facebook's website, with one particularly entertaining added wrinkle¡ªper January 6's statement: ¡°The CNIL also noted that the button allowing the user to refuse cookies is located at the bottom of the second window and is entitled ¡®Accept cookies.¡¯¡± In all these cases, CNIL said, the mechanisms discourage users from refusing cookies, in a process that "affects the freedom of consent of Internet users."
"We are reviewing the authority's decision and remain committed to working with relevant authorities," said a spokesperson for Facebook owner Meta. "Our cookie consent controls provide people with greater control over their data, including a new settings menu on Facebook and Instagram where people can revisit and manage their decisions at any time, and we continue to develop and improve these controls.¡±
A Google spokesperson said, "People trust us to respect their right to privacy and keep them safe. We understand our responsibility to protect that trust and are committing to further changes and active work with the CNIL in light of this decision under the ePrivacy Directive."
¡°Dark patterns¡±
This is not the first time Facebook and Google have been accused of employing dark patterns¡ªessentially deceptive designs¡ªto manipulate people into weakening their privacy.
A few years ago, shortly after the GDPR came into force, consumer groups from across Europe asked national privacy regulators to investigate dark patterns. The Norwegian Consumer Council (NCC), which spearheaded the push, made a formal complaint against Google to Norway's data protection watchdog.
However, under the GDPR's "one stop shop" mechanism, complaints are supposed to be handled by the regulator in the country where the company has its European headquarters¡ªmeaning Ireland, for most of Big Tech. So the NCC's complaint got passed to the notoriously slow and underfunded Irish Data Protection Commission, where it has been languishing ever since.
France's CNIL avoided this trap by targeting Google and Facebook under the ePrivacy law. As it repeatedly noted in January 6's statements, it has the jurisdiction to issue fines for ePrivacy violations on French soil.
"The CNIL decision sends a strong signal that users must be given real and fair choices online, and not manipulated into 'accepting' whatever is in the companies' own interest," NCC digital policy chief Finn Myrstad told Fortune on January 6.
Over in the U.S., the Electronic Privacy Information Center (EPIC) has repeatedly complained to the Federal Trade Commission (FTC) about dark patterns. The agency has become more sympathetic to these complaints under the Biden administration. It said last October that it would step up enforcement against dark patterns that "trick or trap consumers into subscription services."
