TikTok has been fined $5.4 million by France’s data protection regulator over violations of cookie rules.
The fine came against TikTok’s failure to ensure that users could refuse cookies as easily as they could opt for them. Cookies are online trackers that enable a website to remember information from the previous visit and make the subsequent experience of visiting the same website easier. They can be used for a range of purposes, including examining the analytics and targeting personalised advertisements.
Most websites clearly lay out the options for users to choose whether they want to opt for cookies or not.
In case of TikTok, the investigation conducted by the French watchdog CNIL found that the short-form video app made it relatively difficult for users to reject cookies. Additionally, users were not provided with sufficient information or clarity about the purposes of different cookies.
The probes were carried out between May 2020 and June 2022 on the TikTok website (tiktok.com). The regulators concluded that TikTok UK and TikTok Ireland had failed to comply with the obligations concerning cookies in the French Data Protection Act.
“The amount of this fine was decided on the basis of the breaches identified, the number of people concerned – including minors – and the numerous previous communications from the CNIL on the fact that it must be as simple to refuse cookies as to accept them,” the official statement says, adding that TikTok violated consumers’ freedom of consent by making the refusal of cookies difficult on the website.
It was noted in the inspection conducted in June 2021 that TikTok offered a button for immediate acceptance of cookies, but the platform did not provide users with the option to refuse them just as easily. In order to refuse all cookies, users had to make several clicks, which was markedly different from the swift mechanism for the acceptance of cookies. Hence, the complex procedure discouraged users from opting out of cookies as it was more convenient for them to “Accept All”.
The EU guidelines require tech companies to provide clear solutions for choice of cookies on their internet-based platforms and the websites must clearly ask users for prior consent before storing their data.
“It [CNIL] also found that they are jointly responsible since they both determine the purposes and means of the use of cookies,” ruled the CNIL, referring to TikTok UK and TikTok Ireland.
In response to the ruling, a TikTok spokesperson said, “These findings relate to past practices that we addressed last year, including making it easier to reject non-essential cookies and providing additional information about the purposes of certain cookies.”
TikTok has been facing increased regulatory scrutiny both in the UK and US. According to latest reports, access to TikTok has been banned from government devices in more than half of US states, with some lawmakers vehemently calling for a national ban on the popular app. Concerns are being raised that TikTok’s parent company ByteDance (based in Beijing) might be forced into handing over sensitive data of specific US users to the Chinese government under the country’s strict laws. TikTok has, however, repeatedly attempted to allay the security concerns with promises of properly protecting confidential user information.
