CNIL fines Google €325 million and Shein €150 million

France’s Data Protection Authority, the CNIL, has fined Google €325 million and SHEIN (e-commerce platform specialising in fast fashion) €150 million, in particular for failing to comply with the rules on cookies. These fines are part of the several measures taken by the CNIL to regulate non-compliant practices in the tracking and targeting of internet users.

Google’s fine (€200 million against Google LLC and €125 million against Google Ireland Ltd) relates to displaying advertisements inserted between Gmail users' emails without their consent and for placing cookies when creating Google accounts, without valid consent of French users, the CNIL says.

In addition to the fine, the CNIL has issued an order that requires the companies to implement, within six months, measures to cease displaying advertisements between emails in the Gmail service users' mailboxes without prior consent and to ensure valid consent from users for the placement of advertising cookies when creating a Google account. Failure to do so will result in a €100,000 fine per day.

The CNIL also imposed a fine of €150 million on INFINITE STYLES SERVICES CO. LIMITED, the Irish subsidiary of the SHEIN group, for failing to comply with the rules applicable to cookies placed on the devices of users visiting the "shein.com" website.

The CNIL says it has material jurisdiction to carry out investigations and issue sanctions related to cookies placed on the devices of internet users located in France. Cookies are regulated under the ePrivacy Directive, transposed into Article 82 of the French Data Protection Act.

See:

• CNIL - Cookie regulation: the CNIL is continuing the action plan initiated in 2019 and has imposed two fines on SHEIN and GOOGLE