Heavy Sanctions for Two Major Platforms
Google received a fine of 325 million euros, the largest ever imposed by the regulator. Shein was ordered to pay 150 million euros. Both companies have millions of users in France, which the CNIL said increased the scale of the violations. The penalties fall among the most severe in Europe under current data protection laws.
What the Regulator Found
Cookies are small data files stored by websites on users’ browsers. While they can support routine functions such as remembering settings, they are also central to advertising systems that profile users. The CNIL found that both firms set cookies before obtaining valid consent. In Shein’s case, investigators said the company collected extensive browsing data from about 12 million users each month without offering clear explanations or simple tools to opt out.
Shein has since updated its consent framework to comply with French and European law. The company still plans to appeal, calling the fine disproportionate.
Google faced broader criticism. The regulator noted that users creating a Google account encountered a cookie wall, which effectively required acceptance of tracking in order to proceed. While such designs are not always unlawful, the CNIL said the process lacked sufficient detail to allow informed choice.
Wider Concerns Around Google
The decision also highlighted Google’s practice of inserting ads between emails in Gmail. Authorities said this counted as direct commercial solicitation that should have required prior agreement from users. An estimated 53 million people in France were affected.
Google has already faced earlier penalties for similar issues, paying 100 million euros in 2020 and 150 million in 2021. In the latest case, prosecutors originally sought a 520 million euro penalty, but the final amount was set lower while still ranking as the regulator’s largest fine to date.
Compliance Deadlines
Both companies must now bring their systems into line with European data rules. Google has six months to make changes, and Shein faces the same requirement. Failure to comply would trigger additional daily fines of 100,000 euros, which would apply to both Google and its Irish unit.
France’s Ongoing Approach
The regulator described the sanctions as part of a broader effort that has been running for five years. Its strategy has focused on high-traffic sites and services where data practices affect millions of people. By targeting global platforms such as Google and Shein, the CNIL is continuing to signal that European rules on privacy and consent will be enforced with financial weight.
Notes: This post was edited/created using GenAI tools. Image: DIW-Aigen.
Read next: Google Tied to $45 Million Israeli Propaganda Push Amid Gaza Genocide[3]