The CNIL has fined the SOCIÉTÉ DU FIGARO 50,000 euros for depositing advertising cookies on the lefigaro.fr website without obtaining the prior consent of Internet users.
The CNIL, after receiving a complaint, carried out several checks between 2020 and 2021 on the news website lefigaro.fr. These checks revealed that when a user visited this site, cookies were automatically placed on his computer by the company’s partners, without any action on his part or despite his refusal. Several of these cookies were used for advertising purposes and should have been subject to the user’s consent.
On the basis of these elements, the restricted formation – the body of the CNIL in charge of imposing sanctions – considered that the company had failed to comply with its obligations because it did not systematically guarantee the collection of users’ consent before the deposit of advertising cookies and the respect of their refusal to the deposit of these cookies. It therefore imposed a fine of 50,000 euros and decided to make its decision public.
The obligations that the restricted panel is sanctioning today date from before the implementation of the RGPD and remain in the new guidelines and the recommendation of the CNIL of October 1, 2020.
The responsibility of SOCIÉTÉ DU FIGARO
The SOCIÉTÉ DU FIGARO, as publisher of the lefigaro.fr website, has a share of responsibility in the respect of the legislation on cookies (article 82 of the Data Protection Act) by its partners depositing cookies on its site. In particular, it must ensure that they do not deposit cookies subject to consent before users have made the choice to accept or refuse. It must also ensure that they respect the refusal expressed by the latter.
The CNIL considers that the fact that the cookies come from partners does not relieve the site editor of his own responsibility insofar as he has control over his site and its servers.
The CNIL considered that the responsibility of the company is an obligation of means and that the SOCIÉTÉ DU FIGARO had not satisfied it.
This decision is in line with the Conseil d’Etat’s decision “Éditions Croque Futur” of June 6, 2018, which already specified the distribution of responsibilities between site publishers and their partners.
The failure to comply
Despite the implementation of several tools (a consent management platform, tools for identifying cookies deposited despite a refusal signal or before any action by the user), the CNIL’s controls have made it possible to observe on multiple occasions that cookies subject to consent were deposited before any action by the Internet user or continued to be read despite his refusal.
This decision is part of the global compliance strategy initiated by the CNIL over the past two years with French and foreign players publishing high-traffic sites and having practices contrary to the legislation on cookies.
Between 2020 and 2021, the CNIL adopted approximately 70 corrective measures (formal notices and sanctions) in connection with non-compliance with the legislation on cookies. In 60% of the cases, these were “foreign” organizations (parent company outside France).
These measures mainly concerned large private actors from a wide variety of economic sectors.
Get consent before loading third party tracking scripts
At CookieFirst, we offer customizable cookie consent management tools to ensure that you comply with RGPD, GDPR, and any other regulatory requirements that apply to your organization. Our consent management platform (CMP) lets you monitor consent for third-party scripts, view statistics on opt-in rates, set up granular opt-in, and more!
The process is user-friendly and simple. You can scan and monitor your visitor’s consent and replace all third-party scripts with one single code snippet. Similarly, all consent is logged and encrypted within an anonymous database for retention purposes. — try CookieFirst!