Meta Platforms Ireland (Facebook)
Issued by Commission Nationale de l'Informatique et des Libertés (CNIL) on 2022-01-06
What happened
The CNIL fined Facebook €60 million for the same cookie consent violation pattern identified in the Google case. On facebook.com, users could accept all cookies with a single click but had to navigate multiple screens and settings to refuse them. The CNIL found this design manipulated user behavior, making it significantly easier to consent than to decline. The asymmetric cookie banner failed to meet the requirement that refusal be as easy as acceptance. This decision, issued alongside the Google cookie fine, established a clear CNIL enforcement position against dark pattern cookie consent designs across major platforms.
Articles violated
Lessons learned
Cookie consent design is a regulatory priority for EU DPAs. The enforcement pattern is clear: accept and refuse must be equally accessible. Even large platforms are not exempt from national DPA jurisdiction on cookie matters. Companies operating in France should audit cookie banners for consent symmetry and implement changes proactively rather than waiting for enforcement.
Source
View original decisionDisclaimer: This summary is for informational purposes only and does not constitute legal advice. Refer to the original decision for complete details.
Get enforcement alerts for Technology
We track GDPR fines across Europe. Enter your email to get notified about new enforcement actions.