The image is by Alex Castro.
If you feel like websites have turned the simple business of rejecting tracking cookies into a labyrinthine task that involves close-reading of multiple dialog boxes, then France's data protection agency has your back. The watchdog has fined both Facebook and Google for making it too confusing for users to reject cookies. The companies have three months to change their ways.
French users have to click on a button to refuse cookies on Facebook. Users believe they have no choice in the matter because of such labelling.
Mislabeling is not the problem with the internet giant. Users can accept all cookies with a single click on the company's websites. To reject them, they have to click through several different menu items. Users are being steered in a certain direction that will benefit the company. I am aware that The Verge doesn't offer a single-click "reject all" cookie button.
Dark patterns are being used to push cookies on users.
EU law states that when citizens hand over data online, they must do so freely and with a full understanding of their choice. According to the judgement of the Canadian National Library, Facebook and Google are breaking the law by tricking their users with dark patterns. The companies are fined if they don't change their cookieUI design within three months. Failure to do so will result in fines of 100,000 per day.
For anyone interested in the details of European internet regulation, the case is interesting in that the ePrivacy Directive is the authority of the EU, rather than the General Data Protection Regulation.
I will do my best to condense the explanation offered byNatasha Lomas over at TechCrunch. The data watchdog of Ireland is where many US tech firms locate their European headquarters. The friendly regulatory environment cultivated by the Irish state to attract US tech money in the first place is part and parcel of the slow running complaints that that particular agency has proved itself to be.
The older ePrivacy Directive allows national agencies to direct oversight in their own territories, which is what France's data watchdog has turned to in order to get some timely enforcement. It is an effective way to deal with issues like Amazon and Google. As far as the regulatory sanction from Ireland's data watchdog is concerned, there has yet to be one.
What is the upshot of this? If you live in France, you may be able to reject cookies from Facebook in the future. Which is nice, sure, but hardly the sort of decisive action that the EU wants to take to make sure that tech firms and average consumers are treated fairly. The cookies are crumbled that way.
