Close this search box.
AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Harbor cooperation between DPO, Legal Services, IT and Marketing
Turn data subject request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Guide your partners trough vendor management process workflow
Identifying the risk from the point of view of Data Subject
Quickly respond, mitigate damage and maintain compliance
Consolidate your data and prioritize your relationship with customers
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

CNIL fines Google and Facebook a total of €210 million over cookies

France CNIL fines Google and Facebook multimilion fine

The French Data Protection Authority – CNIL (Commission Nationale de l’Informatique et des Libertés) fined Facebook €60 million and Google €150 million for non-compliance with the French Data Protection Act.

Facebook is a social media giant with over 2.895 billion monthly active users, and at least 1.908 billion people use Facebook every day.

Google, on the other hand, is the most visited website in the whole world, with over 92 billion visits last March of 2021. And did you know that 92.41% of the search engine segment is controlled by Google?

After numerous complaints and online investigations, CNIL concluded that both Facebook and Google failed to make it as easy to reject cookies as it is to accept them.

While websites offer a button allowing a single click to accept cookies, they do not provide an equivalent solution that would allow users to refuse cookies just as easily.

The fine was issued by French CNIL rather than the Irish Data Protection Commission (lead supervisory authority for Facebook and Google) as cookies fall under the ePrivacy Directive, which is embedded into French Data Protection Act and not GDPR.

However, GDPR still regulates consent, and therefore, fines can qualify as a GDPR fine.

Facebook €60 million fine

On the last day of 2021, CNIL issued a €60 million fine to Facebook Ireland Limited.

The investigation, which started in April, uncovered that, as opposed to a single button to accept cookies, Facebook requires several clicks to refuse cookies.

In addition, the button to refuse cookies is located at the bottom of a second page and was labeled “Accept cookies,” which was not only confusing but also misleading.

Google €150 million fine

In June 2021, the CNIL carried out an online investigation on websites and and found that, while Google offers a button allowing users to immediately accept cookies, to reject them, they have to go through at least five different actions.

Following the investigation, the CNIL issued a €150 million fine to Google (€90 million fine to Google LLC and €60 million for Google Ireland Limited) on account of their findings.

The restricted committee, the CNIL body in charge of issuing sanctions, stated that “making the refusal mechanism more complex actually discourages users from refusing cookies and encourages them to opt for the ease of the “I accept” button“.


Both Google and Facebook ignored cookie recommendations and cookie guidelines that clearly state that organizations must offer to users the possibility to accept or refuse online trackers with the same degree of simplicity.

The CNIL ordered the companies to provide users in France with a means of refusing cookies as simple as the existing means of accepting them within three months.

If they fail to do so within three-months time, the companies will have to pay a penalty of €100 thousand per day of delay.

The amount of the fine is determined considering the number of data subjects involved, the scope of processing, and the profits of companies, which are mostly generated through the company’s advertising streams based on cookies.

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top