TikTok Fined Over $5m for Cookie Violations

Written by

TikTok has been fined €5m ($5.4m) by the French data protection regulator for failing to provide users with enough information on the purpose of cookies on its site or give them an easy way to decline those cookies.

The Commission Nationale de l'Informatique et des Libertés (CNIL) said the multimillion-dollar fine was levied at TikTok UK and TikTok Ireland for failing to comply with Article 82 of the French Data Protection Act. That law is essentially a national version of the EU’s “ePrivacy directive.”

It claimed first that TikTok had violated consumers’ “freedom of consent” by making it difficult to reject cookies on the site.

“During the inspection carried out in June 2021, the CNIL noted that although the companies TikTok UK and TikTok Ireland did offer a button allowing immediate acceptance of cookies, they did not put in place an equivalent solution (button or other) to allow the internet user to refuse their deposit as easily. Several clicks were required to refuse all cookies, as opposed to just one to accept them,” it explained.

“The restricted committee considered that making the refusal mechanism more complex actually discouraged users from refusing cookies and encouraged them to prefer the ease of the ‘accept all’ button.”

The regulator also argued that users were not informed “in a sufficiently precise manner” about the purpose of cookies on TikTok – “either on the first-level information banner or in the context of the choice interface accessible after clicking on a link in the banner.”

The fine was calculated based on the number of breaches identified, “the number of people concerned – including minors – and the numerous previous communications from the CNIL” about the need to make cookies as easy to reject as to accept.

Cookies are a contentious topic for regulators and tech companies. Back in December, CNIL fined Microsoft €60m ($64m) after finding that, like TikTok, its Bing search engine failed to offer users a simple way to reject third-party tracking.

Editorial credit icon image: Ascannio / Shutterstock.com

What’s hot on Infosecurity Magazine?