ANKARA

Google is facing fresh legal setbacks on both sides of the Atlantic, with a US jury ordering it to pay $425 million for deceptive data collection and France’s privacy regulator fining it €325 million ($378 million) over unlawful cookie practices.

A US federal jury ordered Google to pay more than $425 million to a class of nearly 100 million users who said the company collected their data in spite of privacy settings designed to stop it, according to reports.

Jurors on Wednesday found that Google violated users’ privacy by gathering app activity data even when people disabled the “Web & App Activity” setting and a related sub-setting, Courthouse News Service reported.

However, the jury concluded that Google did not break the California Comprehensive Computer Data Access and Fraud Act, said the report.

The lawsuit, filed in 2020 by Anibal Rodriguez, accused Google of deceiving users into believing they could control what information the company tracked. David Boies, the plaintiffs’ attorney, argued Google pushed a “false control story,” telling users they could view, manage, and delete data when, in reality, they had little choice.

Google’s defense team countered that the company believed it had permission to collect limited types of information and that users were informed about it. Jurors said they awarded compensatory damages because the user data had monetary value, but declined punitive damages, citing no evidence of direct harm.

The users had asked for more than $30 billion in compensatory damages.  

$378M fine by French data protection watchdog

Separately, France’s data watchdog fined the search engine giant €325 million ($378 million) and fast-fashion retailer SHEIN €150 million for breaching cookie regulations, according to a statement.

The National Commission for Information Technology and Civil Liberties (CNIL) said Wednesday the penalties are part of an enforcement plan launched in 2019 to crack down on unlawful tracking and targeting of internet users. CNIL said both companies failed to comply with rules requiring clear, informed consent before placing cookies on users’ devices.

Google was also cited for violating Article L.34-5 of the French Postal and Electronic Communications Code by displaying ads in Gmail’s “Promotions” and “Social” tabs without prior user consent. CNIL emphasized that while cookie walls — requiring acceptance of tracking to access services — are not inherently illegal, consent must be freely given and options presented in a balanced way.

While overall compliance with advertising cookie rules has improved, the regulator said it will remain “vigilant” against non-compliant practices and “growing practices such as the use of "cookie walls," which make the acceptance of the placement of cookies on the users’ device a condition to access a service.