The French data protection watchdog fined TikTok €5 million (approximately $5.4 million) for violating cookie consent regulations. This makes TikTok the latest platform since Amazon, Google, Meta, and Microsoft all received similar fines in 2020.
According to a statement released by the Commission nationale de l’informatique et des libertés (CNIL), “Users of ‘tiktok[.]com’ could not refuse cookies as easily as they accepted them and they were not informed in a sufficiently precise manner of the objectives of the different cookies.”
Between May 2020 and June 2022, the regulator said it did several audits and found that the ByteDance-owned company didn’t provide a simple way to reject all cookies instead of just one click to accept them. TikTok made it possible to “refuse all” cookies in February 2022.
The CNIL argued, citing a violation of the French Data Protection Act, that “Making the opt-out mechanism more complex is in fact discouraging users from refusing cookies and encouraging them to prefer the ease of the ‘Accept All’ button.”
In addition, it criticised TikTok for failing to inform users of the purposes for which these cookies are stored on their systems when they visit tiktok[.]com. The problems have since been fixed by the business.
In spite of the fact that cookie consent banners have become more common since the EU General Data Protection Regulation (GDPR) was implemented in May 2018, it has been repeatedly observed that businesses use illegal dark patterns to trick users into providing additional information.
Websites are required by law to withhold all third-party cookies and trackers that could be used for behavioural advertising or analytics data collection until explicit user permission is obtained.
Additionally, this development comes just a few weeks after Apple was penalised by the CNIL for violating the E.U. ePrivacy Directive when it used identifiers to display targeted ads on the App Store without first obtaining consent from iPhone users in iOS 14.6.