Both companies violated the country's privacy law by setting non-essential cookies without obtaining users' prior consent, the French National Data Protection Commission (CNIL) said Thursday.
In Google's case, the company's opt-out mechanism also failed to completely prevent the company from collecting data, according to the CNIL.
“When a user deactivated the ad personalization on the Google search by using the available mechanism from the button 'Access now,' one of the advertising cookies was still stored on his or her computer and kept reading information aimed at the server to which it is attached,” the organization said in an English-language version of a statement about Thursday's ruling.
The newest sanction comes almost two years after the CNIL fined Google $57 million for failing to obtain people's unambiguous consent before using their data for ad targeting.
A Google spokesperson said the new decision “doesn’t account for the fact that French rules and regulatory guidance are uncertain and constantly evolving.”
The spokesperson also said the ruling “overlooks” the company's privacy efforts -- including the controls it offers to users.
The CNIL also faulted Amazon over its explanation of cookies.
That statement wasn't sufficient to explain how cookies were used for ad targeting, and didn't inform users that they could refuse to accept Amazon's cookies, the CNIL said.
An Amazon spokesperson said the company disagrees with the CNIL's decision, and complies "with all applicable laws in every country in which we operate."