16 comments

[ 3.4 ms ] story [ 51.2 ms ] thread
Hopefully followed by Techcrunch for cookie wall without one click reject
I've noticed lots of companies with an online presence still do this, I wonder if they will just all wait to be fined before anything happens.
Google and a few others have started presenting Accept and Reject in the same color on the first consent screen. I hope others will follow soon.
They however still may be in breach. Their consent flow claims the following:

"We use cookies and data to:

* Deliver and maintain Google services * Track outages and protect against spam, fraud, and abuse * Measure audience engagement and site statistics to understand how our services are used and enhance the quality of those service" [emphasis mine]

The last point is definitely not functionally necessary nor essential for delivering the service yet is a prerequisite - the "reject" button doesn't apply to those.

$CRTO is a giant, for sure, with $1.6B market cap and quarterly profits [1] of $185M.

The potential for a $65M fine for actions taken 4 years ago will - after they challenge the finding, challenge the value, face a formal hearing, receive a draft decision, review that draft with other GPDR data protection authorities, and finally are levied a financial penalty sometime in 2023 - will surely crater their unethical business model and cause them to change their ways. /s

[1] https://criteo.investorroom.com/2022-08-03-CRITEO-REPORTS-ST...

You’re looking at about $2B revenue a year. The absolute maximum that GDPR can fine is 4% global revenue, which would be $80M for Criteo. So this is nearly topping out. Of course, if a company continues to treat GDPR as the cost of doing business there are other, more long-term, options.
Their actual quarterly profit is 10% of what you claim, so the fine will wipe out a full year of profits. Your sarcasm is totally unwarranted.
> actual quarterly profit is 10% of what you claim

"Profit" is an imprecise word. Criteo made $38mm of net income in the six months ending June 2022 [1], or $76mm annualized. €60mm is about is 80% of that. Free cash flow (FCF), on the other hand, was $77mm or $154mm annualized (40%). (OP referenced gross profit. Fines are no longer tax deductible [2][3]. Referencing a post-tax measure, like net income or FCF, is thus more appropriate than gross profit.)

Either way, your broader point stands. Four fifths or two fifths or 12.5% of cash and cash equivalents, potentially a year, is nothing to sneeze at.

[1] https://criteo.investorroom.com/2022-08-03-CRITEO-REPORTS-ST...

[2] https://www.irs.gov/pub/irs-drop/td-9946.pdf

[3] https://www.journalofaccountancy.com/news/2021/jan/irs-regs-...

I see a future where adtech companies operate under a franchising company owned by a holding company, just to avoid making any net profit for any of the individual companies actually handling someone’s data.
I think the fine needs to be 10x the amount of annual sales (not profits). It needs to be enough that causes these companies to go out of business. They are a cancer on our society, and they need to be eradicated. Most of the time, I'd be soft on people losing jobs, but these jobs 100% need to not exist.
Wake me up when TrustArc or their clients get fined. That is the company that added artificial delay for "processing" if you rejected optional cookies.
I suspected that it is artifical, but never RE'd it, holy shit.

I hope EU fines them

I believe in the EU. I believe in their fines.

Just like yesterday I was walking down the block and the police on Lastarria were towing a gray car. I had never seen that, and they had five cops on the scene watching everything was going in order. I asked them if they were towing I thanked them! In this context there was never any towing, no consequence ever for parking violations. I said yeah great! There has to be integrity, there have to be consequences. Great!