[Cookies: AMERICAN EXPRESS fined €1.5 million by CNIL — summary and sanitized reproduction]

Background

The American Express group, headquartered in the United States, is one of the major issuers of payment cards. In a recent enforcement action, CNIL fined the group €1.5 million for violations related to cookies and tracking technologies on its websites.

Key findings

The CNIL identified improper use of cookies that did not meet legal requirements for consent and user transparency.
Several cookies were placed or read without obtaining valid user consent or providing clear information about purposes and data sharing.
The decision highlights the need for explicit, informed consent and easily accessible opt-out options for users.

Sanctions

The fines totaled €1.5 million, reflecting CNIL’s assessment of the severity and scope of the violations.
The enforcement aligns with CNIL’s ongoing efforts to ensure cookie transparency and user control across major international sites.

Note: The article discusses regulatory actions by CNIL concerning cookie practices by a major payment card issuer operating in Europe. It emphasizes compliance with consent requirements and user information.

Practical implications

Businesses relying on cookies and tracking must implement clear consent mechanisms and provide precise purposes for data processing.
Websites should offer straightforward controls to withdraw consent and manage cookie settings.
Regular audits of cookie banners and third-party integrations are advisable to avoid similar sanctions.

Author summary

A European regulator fined American Express €1.5 million for cookie consent and transparency violations, underscoring the need for explicit user consent and clear information about cookies and data use.

CNIL — 2025-12-03

Background

Key findings

Sanctions

Practical implications

Author summary

More News