Big tech behemoths Google and Meta have been exposed by France’s data protection agency CNIL for employing “dark patterns” on their platforms to cheat users of their right to withhold personal data. Google faces a $170-million fine; Meta’s Facebook faces a $68-million penalty.
Dark Patterns are any kind of strategy employed by a website or any online platform through which they make a user comply with a specific requirement via misleading user interface design. CNIL made the case against both Google and Facebook, arguing that they made rejecting cookies too difficult for users.
For Facebook, French users were required to click on the button “Accept cookies.” CNIL said that when a button is labeled in this way, it “necessarily generates confusion” and ultimately leads users into believing that they have no say in the matter. For Google, CNIL stated the issue was not about a misleading label.
The agency said to accept cookies, a user could do it with a single click. But to reject cookies, the user was required to go through several menu options. Google and Facebook were both penalized following several complaints from users.
According to EU law, if citizens provide personal data to any tech company while using its products or services, it is required that the individuals only do so with a full understanding of what kind of information they will be providing and the kind of choice they are making.
When platforms such as Google and Facebook adopt “dark patterns” to obtain consent from users who do not really understand what they are signing onto, it is clearly in violation of the law.
CNIL stated that the fines of the two major platforms were calculated on the basis of “the number of data subjects concerned and the considerable profits the company makes from advertising revenues indirectly generated from the data collected by the cookies.”
Though the protection agency’s fines of the tech giants seem huge, they are not when compared to the corporations’ annual revenue. In the most recent quarter, Google’s parent company reported $18.9 billion in net income while Facebook made $9.2 billion.
When ARS Technica contacted the firms, Google and Facebook did not clearly explain how they would implement the required changes in their respective cookie policies to comply with CNIL’s ruling.
A Google spokesperson stated, “People trust us to respect their right to privacy and keep them safe. We understand our responsibility to protect that trust and are committing to further changes and active work with the CNIL in light of the ePrivacy Directive.”
A Meta spokesperson responded to the media outlet, stating that the company was reviewing CNIL’s decision and remained committed to working with relevant authorities.
“Our cookie consent controls provide people with greater control over their data, including a new settings menu on Facebook and Instagram where people can revisit and manage their decisions at any time and we continue to develop and improve these controls,” the spokesperson said.
Since March 31, 2021, when the new cookie rules took effect, the CNIL has implemented 100 corrective measures corresponding to non-compliance with the newly implemented legislation on cookies.