Google racked up another record fine in the European Union, this time a €100mil penalty from France’s privacy watchdog over the way it manages cookies on its search engine.

CNIL, France’s data protection authority, also slapped online shopping giant Amazon.com Inc with a €35mil fine for placing cookies, which are tracking devices, on people’s computers without their consent, according to a statement on Dec 10.

The companies were given a three-month ultimatum to make changes to the information they provide to users, or face additional daily fines of €100,000 .

The Google penalty is double CNIL’s previous highest fine, also for the Alphabet Inc unit. The company has also faced intense scrutiny from the European Commission, having been fined more than €8.2bil in three antitrust cases.

Helpful products

Google said in a statement that it stands by its "record of providing upfront information and clear controls, strong internal data governance, secure infrastructure, and above all, helpful products.”

It said the decision "overlooks these efforts and doesn’t account for the fact that French rules and regulatory guidance are uncertain and constantly evolving.”

Amazon also said it disagreed with the French authority’s findings.

"We continuously update our privacy practices to ensure that we meet the evolving needs and expectations of customers and regulators and fully comply with all applicable laws in every country in which we operate,” the company said in a statement.

CNIL said its findings showed that through a number of changes Google has made since September, cookies targeting users for advertising purposes are no longer automatically placed on people’s computers when they visit the google.fr page.

But the information provided to Google users in France still doesn’t inform them sufficiently about why and how cookies are used, the authority said.

Visitors to the French Amazon page who click on an advert risk being exposed to privacy violations because cookies are instantly deployed without any information being given to users, CNIL said.

EU data protection regulators’ powers have increased significantly since the bloc’s so-called General Data Protection Regulation, or GDPR, took effect in May 2018. The law allows watchdogs for the first time to levy fines of as much as 4% of a company’s annual global sales.

The latest fines, however, were levied based on separate rules regulating firms’ use of cookies and other tracking devices.

 - Bloomberg