From the French data protection regulator:
On 29 December 2023, the French Data Protection Authority (CNIL) fined YAHOO EMEA LIMITED €10 million for failing to respect the choice of Internet users who refused cookies on its “Yahoo.com” website and for not allowing users of its “Yahoo! Mail” messaging service to freely withdraw their consent to cookies.
YAHOO EMEA LIMITED publishes several web services such as a search engine and an e-mail service. The CNIL received 27 complaints reporting the failure to take into account the refusal of cookies and the obstacles encountered in withdrawing consent to the deposit of cookies. In October 2020 and June 2021, the CNIL carried out several online investigations on the Yahoo.com website and the Yahoo! Mail messaging service.
On the basis of the findings made during the investigations, the restricted committee – the CNIL body responsible for issuing sanctions – considered that YAHOO EMEA LIMITED had failed to comply with the obligations provided for in Article 82 of the French Data Protection Act.
In order to determine the amount of the fine, the restricted committee took into account the fact that the company did not respect the choice of Internet users regarding cookies and that it put in place measures to dissuade them from withdrawing their consent to the deposit of cookies.
Read more at CNIL.