On May 11, 2023, the CNIL’s restricted committee brought an end to the proceedings against Microsoft Ireland Operations Limited, after due consideration of the measures taken by Microsoft Ireland Operations Limited in response to CNIL’s injunction.
On December 19, 2022, the committee found Microsoft non-compliant with requirements of GDPR and issued a fine of 60 million euros while simultaneously obliging them to allow users of “bing.com” located in France to give their consent to the use of tracers used to combat advertising fraud, as soon as they arrived on the website.
CNIL gave Microsoft three months to inplement the requirements. In case Microsoft would fail to comply within the set timeframe, it would face further sanctions of 60,000 euros per day of delay. However, the company moved quickly to amend their technical infrastructure so as to permit French users to express their consent. Therefore the proceedings have now been terminated, offering a reprieve from further penalties.