(Bloomberg)—Google racked up another record fine in the European Union, this time a 100 million-euro ($121 million) penalty from France’s privacy watchdog over the way it manages cookies on its search engine.
CNIL, France’s data protection authority, also slapped online shopping giant Amazon.com Inc. with a 35 million-euro ($42.49 million) fine for placing cookies, which are tracking devices, on people’s computers without their consent, according to a statement on Thursday.
The companies were given a three-month ultimatum to make changes to the information they provide to users or will face additional daily fines of 100,000 euros ($121,166).
The Google penalty is double CNIL’s previous highest penalties, also for the Alphabet Inc. unit. The company has also faced intense scrutiny from the European Commission, having been fined more than 8.2 billion euros in three antitrust cases.
Google said in a statement that it stands by its “record of providing upfront information and clear controls, strong internal data governance, secure infrastructure, and above all, helpful products.”
It said the decision “overlooks these efforts and doesn’t account for the fact that French rules and regulatory guidance are uncertain and constantly evolving.”
Amazon also said it disagreed with the French authority’s findings.
“We continuously update our privacy practices to ensure that we meet the evolving needs and expectations of customers and regulators and fully comply with all applicable laws in every country in which we operate,” the company said in a statement.
CNIL said its findings showed that through a number of changes Google has made since September, cookies targeting users for advertising purposes are no longer automatically placed on people’s computers when they visit the google.fr page.
But the information provided to Google users in France still doesn’t inform them sufficiently about why and how cookies are used, the authority said.
Google was separately targeted by complaints in several European countries on Thursday over the allegedly harmful way people’s data is being processed in advertising transactions. The company is already the focus of an Irish probe into its data use in advertising transactions and last year announced changes to real-time bidding—an advertising technology used by publishers—to better protect people’s privacy.
“We are engaging fully” in the Irish data protection commission’s “active inquiry on real-time bidding,” Google said in a statement. “Authorized buyers using our systems are subject to stringent policies and standards.”
EU data protection regulators’ powers have increased significantly since the bloc’s so-called General Data Protection Regulation, or GDPR, took effect in May 2018. The law allows watchdogs for the first time to levy penalties of as much as 4% of a company’s annual global sales.