Google LLC and Facebook parent company Meta Platforms Inc. are bracing themselves for another big fine after France’s data watchdog found them guilty of violating European Union privacy rules.

According to Politico, the Commission Nationale de L’informatique et des Libertés or CNIL is preparing to slap Google’s U.S. and Irish operations with fines of €90 million ($101.8 million) and €60 million respectively. Meanwhile, Facebook’s Irish business will be hit with its own €60 million penalty.

The fines come as a result of the companies’ failure to give French netizens an easy way to reject their cookie tracking technology. And though the amounts may seem minuscule compared to the multibillion-dollar revenues of the two companies, CNIL will apply further penalties of €100,000 each day if they don’t fix their practices and give French users an easy way to opt out of being tracked.

The fines have not yet been officially announced, and CNIL said it would not comment before a decision was posted on its website. Google did not respond to a request for comment. A spokesperson for Facebook said the company was reviewing CNIL’s decision and that it remains committed to working with relevant authorities.

CNIL has a history of targeting big tech companies using EU privacy legislation, taking advantage of the e-Privacy Directive that governs the privacy of communications. In December 2020, it used this legislation to fine Amazon.com Inc. €35 million and Google €100 million for cookie violations. Google is currently still fighting that earlier case in France’s highest court, the Council of State, and could well fight these new fines and appeal to it again.

France relies on the e-Privacy Directive because, under the terms of the EU’s General Data Protection Regulation, the only regulator that’s authorized to take action against offending companies is the one in which they’re based, which is Ireland’s Data Protection Commission.

However, the DPC’s European colleagues have often criticized it for going too easy on big tech companies. In December for example, Norway’s data protection regulator said Ireland’s interpretation of data protection laws would render the GDPR “pointless.”

Photo: mohamed_hassan/Pixabay