None of the major American platforms has integrated a refuse advertising cookie button into its consent collection interface. The French media shout at the distortion of competition.
If the French media were quick to comply with the new guidelines of the Cnil, which entered into force on April 1 , the same cannot be said of the GAFA. Neither Google, Amazon, Facebook or Apple have, one week after this deadline, responded to the requirements of the personal data policeman, who now requires all sites and applications to allow their visitors to express their refusal of one-click cookies.
It is indeed necessary to click on the "personalize" button of the interface that Google displays to newcomers to deactivate, in a second level, the display of personalized advertisements within the house services, including the search engine and Youtube. Same process on the Amazon side, where you have to click on the "customize cookies" tab to set your preferences. At Facebook, it's the "Manage data settings" button that allows you to land in an interface where you can only... accept cookies! Finally, there is Apple, where personalized advertisements displayed within native applications are always activated by default. A practice that directly contravenes the eprivacy directive, as denounced by the association France Digitale, at the origin of a complaint on this subject with the Cnil.
Of course, the GAFAs are used to playing cat and mouse with the personal data policeman. But the most surprising thing is that they are not the only ones this time. Neither Twitter nor Pinterest, Twitch, TikTok or Microsoft allow the Internet user to refuse advertising cookies at the first level. The only major American player to comply with the new CNIL rules is Yahoo, a subsidiary of Verizon Media. But why such casualness among others? To understand this, we must remember a subtlety introduced by the GDPR. It provides that a body established in several countries of the European Union can benefit from the one-stop-shop mechanism to have as sole contact the authority of the country where its main establishment is located. For most of the players mentioned above, it is, essentially for tax reasons, Ireland.
"However, if the French Cnil has decided to significantly toughen the recommendations it had published in 2013 concerning the removal of advertising tracers, to bring them into compliance with the RGPD, its Irish counterpart does not have the same interpretation", recalls Nicolas Rieul, boss of the IAB France. "If you deploy an 'accept' button on your banner, you must give as much visibility and space to an option that allows the user to refuse cookies or to go and manage their preferences in this area, in a second level “, writes the Irish Cnil, the DPC, in recommendations published on April 8. No obligation, therefore, to allow the user to refuse at the first level, as imposed by the Cnil. It should be noted that the French policeman is a little alone on this point in Europe, since his German and Spanish counterparts do not impose, either, no refusal at the first level.
GAFA and French media are therefore not in the same boat. And that has a way of annoying most management bosses. "The extremely conservative position of the French Cnil generates a real distortion of competition between French players and their competitors operating in several countries", is moved by one of them. The introduction of the obligation of the possibility of a refusal of the Internet user from the first level is not without consequences for the economic model of the media, with a fall in the rate of consent between 10 and 20 points... and as much less turnover. “Do we really need this additional burden when the GAFA already have the size, the finesse of the data and undeniable tax advantages for them?”, Denounces another.
American platforms nevertheless play a risky game, because the Cnil could invoke other legislation to sanction them. This is the eprivacy directive of 2002, which governs how sites process personal data. It is by invoking the latter, for which there is no one-stop shop mechanism, that the CNIL imposed penalties of 100 million against Google and 35 million against Amazon, last December. She accused them of depositing advertising tracers on the Internet user's computer without the latter having given his prior consent. As well as a lack of information and flaws in the opposition mechanics. Google modified its interface accordingly in March 2021, allowing the Internet user to deactivate all personalization cookies, without ever leaving the consent banner.
"The French Cnil could again sanction American actors who do not put a refuse button at the first level because it considers that it is essential for the validity of the consent to the deposit of tracer, as it is defined by eprivacy" , assures Stéphane Petitcolas, personal data expert at CDLV Conseils and… formerly of the Cnil. An analysis which is not shared by all, in particular the GAFA which have, it is true, the means to engage in a judicial marathon. "For these behemoths, it is rational to risk a fine imposed by the regulator rather than recording a net loss of income linked to the 20 to 30% of users who refuse the deposit of cookies", notes the founder of the platform of SFBX consent management, Bruno Delcombel-Delbos. The ball is now in the regulator's court. With the next step being the transposition of the eprivacy directive into a regulation which will make it possible to standardize the opinion of the European CNILs on the refusal of cookies. This should have been done at the same time as the arrival of the GDPR, almost three years ago. It might happen by the end of the year, or next year…
Farewell Touch Bar, I won't regret...
Caddy, the only web server to use H...
Burkina Faso / Gabon (TV / Streamin...
What the future of work will not b...