EU launches new plan to take on GAFAM tech giants

If agreed by member states, the plan will increase the EU's ability to impose fines on tech giants Google, Amazon, Facebook, Apple, and Microsoft

Published Modified

The European Commission today announced a “digital European constitution” in a bid to tame tech giants known as GAFAM (Google, Amazon, Facebook, Apple, and Microsoft).

The plan includes new Europe-wide rules for tech companies detailed in two texts: The Digital Services Act (DAS) and the Digital Markets Act (DMA).

The DSA is an update on a directive from the year 2000 covering online hate speech, disinformation and digital content.

The DMA covers issues such as counterfeiting, sale of dangerous products, and respect for market competitors – a rule that may rein in the infamous Google algorithm that makes some services more visible than others in search results.

Increased penalties for tech companies

If tech companies do not comply with the new rules they will be hit with sanctions. A company could be fined 6% of its annual turnover for hosting illegal content and 10% for breaking market competition rules.

They may also be required to separate certain services offered within one tech company, such as online payments managed by Apple, Google, or Facebook. While these options may be convenient for some users, there are concerns over the amount of data GAFAM are able to harvest on users by expanding, and combining multiple services under one brand.

The plan could be implemented within three years, following discussions and negotiations with the European Parliament and member states.

French regulator fines Google over automated cookies

This comes as French data-privacy regulator CNIL has fined Google companies Google LLC and Google Ireland Limited a combined total of €100 million.

In a statement the CNIL said the sanctions had been imposed following an investigation in March 2020, during which it found that the Google companies had automatically “placed advertising cookies on the computers of the search engine google.fr, without obtaining prior consent and without providing adequate information”.

This constituted a breach of the French Data Protection Act, which specifies that users must give prior consent for cookies to be used, and sufficient information must be given to allow them to do so.

In a further breach of French Data Protection Act, the CNIL also found that if users on google.fr attempted to opt-out of advertising cookies, most cookies were removed but one cookie was still stored on their computer and continued to collect data.

It is estimated that 50 million users were affected, while Google continued to make significant money from data collected by the advertising cookies. Consequently, Google LLC is being fined €60 million and Google Ireland Limited €40 million.

More fines possible

While a September 2020 update meant the companies have stopped automatically placing cookies on google.fr, the CNIL has said that it is still not being made clear enough to users what cookies on the site are being used for, or how they can refuse them.

The Google companies now have three months to improve this information, or face penalty payments of €100,000 per day until they do so.

Related stories

Facebook France to pay €106 million in new tax settlement

Influential French figures unite against Amazon