TikTok fined $5.4 Million for using cookie opt-out features

France’s Data Protection Authority (CNIL), has issued a EUR5,000,000 fine to TikTok UK, and TikTok Irish for making it hard for platform users to reject cookies or not adequately informing them.

The design behavior of this individual was deemed to be a violation Article 82 (DPA) of France’s data privacy laws. This national regulation is in compliance with the EU GDPR framework.

The severity of violations was considered when determining the EUR5million fine. This includes the number and age of impacted persons, children included, as well as the frequency at which CNIL repeated its warnings to TikTok about the necessity to follow France’s Data Protection Act.

CNIL explains that it inspected TikTok’s website in June 2021. The platform had a button that allowed users to accept cookies immediately, but it was difficult to reject them.

Instead, CNIL stated that users would need to make several clicks in order to reject all cookies. This was discourageing, and most TikTok visitors clicked on the button “Accept all”.

France’s DPA Article 82 requires that services obtain users consent to the storage of cookies. However, it also presumes users freedom to consent to this consent. The cookie consent dialogs should be balanced in how they present the choices to users, as this was not the case with TikTok.

Despite repeated warnings from CNIL to TikTok it took them until February 2022 for a button to reject all requests and to place it prominently in the consent prompt.

Insufficient information about the goals of cookies displayed on banners is another violation of Article 82. CNIL claims that users clicked the banner link to find out more didn’t receive enough information about the cookie’s purpose.

Noting is important that many major internet platforms use aggressive data collection strategies, with severe fines. , Facebook $68M and Google $170M.

BleepingComputer was contacted by a TikTok representative regarding the CNIL fine.

These findings are related to previous practices we dealt with last year. They include making it easier for people to refuse non-essential cookie and giving more information on the purpose of cookies.

The CNIL highlighted the cooperation of TikTok during the investigation. Privacy remains a priority for TikTok.”