French privacy regulators on Thursday closed a case against Facebook after determining the US tech giant had changed the way it collected user data to comply with the law.
Facebook was slapped with a 60-million-euro ($61-million) fine last December when the French regulator CNIL ruled it was failing to allow users to easily opt out of cookies, tiny data files that track online browsing.
CNIL told the firm’s parent company Meta to fix the issue within three months or face further punishment.
On Thursday, the regulator announced that “the company had complied with the injunction issued” by installing a button labelled “only allow essential cookies”.
Cookies are installed on a user’s computer when they visit a website, allowing web browsers to save information about their session.
They are hugely valuable for tech platforms as ways to personalise advertising — the primary source of revenue for the likes of Facebook and Google.
But privacy advocates have long pushed back.
Since the European Union passed a 2018 law on personal data, internet companies have faced stricter rules that oblige them to seek consent from users before installing cookies.
Both Facebook and Google continue to face a slew of cases across Europe.
The French regulator stressed in its statement on Thursday that the end of this procedure did not rule out further scrutiny of Facebook, particularly of the requirement to give users “clear and complete” information on data collection.
“The CNIL, therefore, reserves the right to check the compliance of the facebook.com website with these other requirements in the future and, if necessary, to resort to enforcement actions,” it said.
AFP has contacted Meta for comment.
The French regulator hit Google with a 150-million-euro fine at the same time as Facebook was sanctioned.
Google said in April it had “completely overhauled” its approach as a result, though CNIL told AFP on Thursday that the case against Google was still open.
AFP