France: Issued fine against Microsoft for breach of Data Protection Act through illegal use of cookies

On 19 December 2022, the French Data Protection Authority (CNIL) imposed a penalty of EUR 60 million on Microsoft for violating data protection rules regarding the use of cookies. CNIL's investigation began in September 2020 in response to a complaint about the conditions for allowing cookies on the search engine "Bing.com". The committee found that Microsoft breached Article 82 of the French Data Protection Act by applying cookies without prior user consent and due to the lack of an effective means of obtaining consent. In addition to the fine, CNIL also issued an order requiring Microsoft to obtain user consent for cookies on “bing.com”, subject to a periodic penalty payment of EUR 60’000 per day in case of failure to obtain such consent.