Meta and Google fined $238M by French Privacy Watchdog: How to think about cookies

Key Takeaways

  • Google and Facebook were fined a combined $238M for making it easier for users to accept cookies than refuse them.

  • Cookies streamline the online experience by remembering information about you like login credentials and personalizing your experience with customized ads or news feeds.

  • Cookies themselves are not a security concern, but third-party cookies can allow unknown entities to track more information about your online activity than you’d like. There are easy steps to disable or remove existing cookies.

Record-breaking fine

France’s data protection watchdog fined Google nearly $170 million and Facebook $68 million last week for making it harder for users to refuse cookies — which store user information — than to accept them. 

That puts the two companies in violation of the French Data Protection Act. On Facebook and Google sites, one click can enable cookies but it takes multiple clicks to refuse them all, the National Commission on Informatics and Liberty, or CNIL, said. 

“The restricted committee considered that this process affects the freedom of consent: since, on the Internet, the user expects to be able to quickly consult a website, the fact that they cannot refuse the cookies as easily as they can accept them influences their choice in favor of consent,” the CNIL wrote in a statement.

Along with the upfront fines against Google and Meta, the CNIL has also ordered the tech giants to alter how they currently present cookie choices and provide users in the country with a simple means of refusing cookies within three months, or risk facing further fines of more than $100,000 per day of delay.

What are cookies?

HTTP cookies, or internet cookies, are built specifically for Internet web browsers to track, personalize, and save information about each user’s session. Cookies are little packets of data — like a username and password — that are used to identify specific users and improve your web browsing experience. Data stored in a cookie is created by the server upon your connection. This data is labeled with an ID unique to you and your computer.

When the cookie is exchanged between your computer and the network server, the server reads the ID and knows what information to specifically serve to you.

Do a quick check!

To check whether your browser is configured to allow cookies, visit the Cookie checker. This page will attempt to create a cookie and report on whether or not it succeeded.

What are cookies used for?

Hopefully, by understanding what cookies are used for, you’ll be able to decide when they are worth it and when they aren’t. Cookies are used to streamline the online experience. Without cookies, you would have to login to every site you visit after leaving it. If you were shopping on Amazon and accidentally closed the page, then you would have to rebuild your shopping cart.  Cookies are used for:

  • Tracking. Shopping sites use cookies to track items previously viewed or put into a cart. If you would benefit from the site remembering how you interacted with it, cookies are good. 

  • Session management. Cookies enable websites to recognize users and remember login information. If you visit a site frequently and want that convenience, cookies are probably worth it. 

  • Personalization. Customized advertising or customized news feeds can make your online experience more enjoyable or productive. 

Different types of cookies

There are two types of modern cookies: session and persistent. Session cookies are used only while navigating a website. They are stored in random access memory and are never written to the hard drive. When the session ends, session cookies are automatically deleted. Persistent cookies remain on a computer indefinitely, although many include an expiration date and are automatically removed when that date is reached. Persistent cookies are used primarily for authentication and tracking multiple visits to the same site over time.

The threat of cookies

Since the data in cookies doesn't change, they cannot infect computers with viruses or other malware. 

There is a lot of concern about privacy and security on the internet. Cookies cannot store what the user volunteers or that the web server already has. Third-party cookies are generated by websites that are different from the web pages users are currently surfing, usually because they're linked to ads on that page.Third-party tracking cookies can cause security and privacy concerns, since they make it easier for parties you can’t identify to watch where you are going and what you are doing online.

Disabling or removing cookies

If after reading this, you are interested in disabling or removing existing cookies from your browser, then check out the following links for help.

For information on how to enable or disable cookies, see 'Enabling cookies'.

For information on how to delete and clear cookies, see 'Deleting cookies'.