The French data protection authority CNIL said it has fined Google 100 millions euros (USD 121 million) and Amazon 35 million euros (USD 42 million) for violations of EU privacy rules on advertising cookies.

The watchdog confirmed the fines on Thursday morning, publishing the decision on its website.

The CNIL said in a statement that the French websites of both companies did not request prior consent from internet users about trackers, or cookies, that were automatically saved on computers for advertising purposes.

It said Google and Amazon also failed to provide clear information to users about the purposes of these cookies and how they might refuse them.

The CNIL noted that both companies made changes to their websites in September, yet said efforts were not sufficient to be in line with French rules.

A report on Politico issued on December 9 quoted an Amazon spokesperson as saying, “Protecting the privacy of our customers has always been a top priority for Amazon. We continuously update our privacy practices to ensure that we meet the evolving needs and expectations of customers and regulators and fully comply with all applicable laws in every country in which we operate.”

In the case of Google, it noted it had derived significant profits from the advertising income indirectly generated from data collected by the cookies and said that the practices affected almost fifty million users. The CNIL the size of the fines was justified by the seriousness of the breaches.

The watchdog gave Google and Amazon three months to change the way they tell consumers how their data is used and how they can reject cookies. Otherwise, they will face an additional fine of 100,000 euros (USD 121,095) for each day of delay.

Both the giant corporations are expected to file appeals, which are likely to put pressure on the CNIL’s competency to impose fines.