Loading

Blog details

CNIL fines TikTok over cookie consent violations

CNIL fines TikTok over cookie consent violations

TikTok was recently hit with a fine of 5 million euros from CNIL of France over cookie consent violations.

 

Following a series of investigations on the TikTok.com website between May 2020 and June 2022, TikTok has been hit with a €5 million fine for cookie consent violations. CNIL concluded that the refusal mechanism for cookies on TikTok.com was comparatively more difficult than the mechanism in place to accept all cookies. The Authority found that this situation discouraged users from refusing cookies and encouraged them to make use of the “Accept all” button for the sake of ease. This is a violation of Article 82 of the French data protection act.

 

CNIL found that TikTok’s cookie consent practices were non-compliant, as it was comparatively more difficult to refuse cookies than to accept them.

 

CNIL’s investigation into the cookie consent practices on TikTok revealed that when users visited the website, the refusal of cookies was not designed to be as easy as the acceptance of cookies. The website offered a button allowing immediate acceptance of cookies, however refusing cookies was a relatively more difficult process. The CNIL concluded this to be a breach of the law, as the means of collecting consent made the refusal mechanism more complex than that for acceptance, which in turn is likely to discourage users from refusing consent. This remained the case until the implementation of a “Reject all” button in February 2022

 

CNIL imposed a fine on TikTok for 5 million euros.

The French Data Protection Authority (CNIL) fined TikTok 5 million euros for failing to secure its users’ consent. The activities being fined in this case are covered under the scope of the “ePrivacy” directive, transposed in Article 82 of the French Data Protection Act. The amount of this fine was decided upon based on the breaches identified, the number of people concerned – many of whom are minors – as well as the numerous previous communications from the CNIL stating the fact that it must be as simple to refuse cookies as to accept them.

Does your company have all of the mandated safeguards in place to ensure the safety of the personal data you collect or process? Aphaia can help. Aphaia also provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.

Personal data buyers
Prev post
Personal data buyers must be disclosed to data subjects
January 17, 2023
Next post
ICO urges developers to make privacy a priority
January 24, 2023