For Shein and Google, new fines passed down from the French government are just the way the cookie crumbles.
The country’s data protection watchdog, the Commission Nationale de l’Informatique et des Libertés (CNIL), announced late Wednesday that it had fined Shein €150 million ($174.6 million) for “placing some cookies without the consent of internet users,” failing to respect cookie choices and “not informing [users] properly.”
The CNIL said it considered Shein’s “central position in the online ready-to-wear clothing sector” and the fact that it has roughly 12 million monthly active users in France when determining the scope of the fine.
Shein did not return Sourcing Journal’s request for comment on the CNIL’s penalty, but reportedly told AFP that it plans to appeal the fine, calling it “totally disproportionate given the nature of the alleged grievances” and highlighting its “current compliance” with the country’s regulations.
The CNIL did note in its announcement that Shein “had made changes to its website during the proceedings,” which made it unnecessary to give the company compliance orders to follow alongside the fine.
Google received even more robust penalties than the fast-fashion e-tailer. The CNIL doled out a cumulative €325 million ($378.3 million) to Google, by fining Google LLC €200 million and Google Ireland Limited €125 million. The regulatory agency said the fines it doled out came because Google “displayed advertisements in the form of emails among the emails in the ‘Promotions’ and ‘Social’ tabs of the Gmail messaging service” without users’ express consent and because the company made it “more difficult to refuse cookies linked to personalized advertising than to accept them.”
The CNIL said the record-setting fine comes as a result of the number of impacted users, stating that “the breach regarding cookies concerned more than 74 million accounts,” 53 million of which had “illegally seen the involved advertisements.” It also noted that Google had previously been found “negligent” for cookie breaches.
In addition to the fine, Google has received an order from the CNIL stating that, within six months, it must take measures to stop displaying the ads in question without consent and that it must “ensure valid consent from users for the placement of advertising cookies when creating a Google account.” Should Google fail to live up to the CNIL’s expectations, it will be subject to a further penalty of €100,000 ($116,000) daily until the issue has been resolved.
Google said it is reviewing the CNIL’s decision. A spokesperson for the company told Sourcing Journal via email that the company has already undertaken steps to protect users’ privacy rights.
“People have always been able to control the ads they see in our products. Over the last two years, as the CNIL has acknowledged, we made additional updates to address their concerns, including an easy way to decline personalized ads in one click when creating a Google account, and changes to the way ads are presented in Gmail. We’re reviewing the decision,” the spokesperson said in a statement.
The penalties the CNIL issued to Google could attract the attention of U.S. President Donald Trump, who has been keen on trying to loosen global regulations to favor Big Tech companies based in the U.S., with Google among them.
Trump wrote on Truth Social last month that he plans to “stand up to Countries that attack our incredible American Tech Companies,” and threatened to “impose substantial additional Tariffs” on countries that have “discriminatory” technology regulations in place.
In that same post, he said countries with such regulations “also, outrageously, give a complete pass to China’s largest Tech Companies.”
Shein originally hails from China, and though it is currently headquartered in Singapore, U.S. politicians from both sides of the aisle have continued to associate it with China, in part because of Beijing’s influence over an initial public offering (IPO) and other business practices.
That the CNIL chose to announce its fines on Shein and Google simultaneously could be a nod to Trump’s threat; the final version of the trade agreement between the U.S. and the European Union was reportedly held up by the U.S.’s hopes for the EU to soften the provisions in its Digital Services Act (DSA), under which both Google and Shein are held to the strictest standards because they qualify as very large online providers (VLOPs).
