TikTok Fined $5.4 Million by French Regulator for Violating Cookie Laws

Jan 14, 2023Ravie LakshmananPrivacy / Online Safety

Popular short-form video hosting service TikTok has been
fined €5 million (about $5.4 million) by the French data protection
watchdog for breaking cookie consent rules, making it the latest
platform to face similar penalties after Amazon, Google, Meta ^[1], and Microsoft ^[2]
since 2020.

“Users of ‘tiktok[.]com’ could not refuse cookies as easily as
accepting them and they were not informed in a sufficiently precise
way of the objectives of the different cookies,” the Commission
nationale de l’informatique et des libertés (CNIL) said ^[3]
in a statement.

The regulator said it conducted several audits between May 2020
and June 2022, finding that the ByteDance-owned company did not
offer a straightforward option to refuse all cookies as opposed to
just one click for accepting them. The option to “refuse all”
cookies was introduced by TikTok in February 2022.

“Making the opt-out mechanism more complex is in fact
discouraging users from refusing cookies and encouraging them to
prefer the ease of the ‘Accept All’ button,” the CNIL argued,
calling it a breach of the French Data Protection Act.

It further called out TikTok for not informing users of the
purposes behind depositing such cookies on users’ systems when
visiting tiktok[.]com. The company has since rectified the
issues.

While cookie consent banners have become increasingly common in
the wake of the E.U. General Data Protection Regulation (GDPR ^[4]) in May 2018, it has
been repeatedly ^[5]
observed ^[6]
that companies resort to illegal ^[7]
dark patterns ^[8]
to trick users into sharing more information.

Under the laws, websites are required ^[9]
to withhold all third-party cookies and trackers – which could be
used for behavioral advertising or gathering analytics information
– until explicit permission from users is obtained.

The development also comes weeks after the CNIL penalized ^[10] Apple for not obtaining
iPhone users’ consent in iOS 14.6 prior to using identifiers to
present targeted ads on the App Store in violation of the E.U.
ePrivacy Directive.

Found this article interesting? Follow us on Twitter ^[11] and LinkedIn ^[12] to read more exclusive
content we post.

References

^{^}
Amazon,
Google, Meta (thehackernews.com)
^{^}
Microsoft
(thehackernews.com)
^{^}
said
(www.cnil.fr)
^{^}
GDPR
(en.wikipedia.org)
^{^}
repeatedly
(techcrunch.com)
^{^}
observed
(techcrunch.com)
^{^}
illegal
(techcrunch.com)
^{^}
dark
patterns (techcrunch.com)
^{^}
required
(ico.org.uk)
^{^}
penalized
(thehackernews.com)
^{^}
Twitter 
(twitter.com)
^{^}
LinkedIn
(www.linkedin.com)