Cyber Security

Jan 14, 2023Ravie LakshmananPrivacy / Online Safety

Popular short-form video hosting service TikTok has been fined €5 million (about $5.4 million) by the French data protection watchdog for breaking cookie consent rules, making it the latest platform to face similar penalties after Amazon, Google, Meta, and Microsoft since 2020.

“Users of ‘tiktok[.]com’ could not refuse cookies as easily as accepting them and they were not informed in a sufficiently precise way of the objectives of the different cookies,” the Commission nationale de l’informatique et des libertés (CNIL) said in a statement.

The regulator said it conducted several audits between May 2020 and June 2022, finding that the ByteDance-owned company did not offer a straightforward option to refuse all cookies as opposed to just one click for accepting them. The option to “refuse all” cookies was introduced by TikTok in February 2022.

“Making the opt-out mechanism more complex is in fact discouraging users from refusing cookies and encouraging them to prefer the ease of the ‘Accept All’ button,” the CNIL argued, calling it a breach of the French Data Protection Act.

It further called out TikTok for not informing users of the purposes behind depositing such cookies on users’ systems when visiting tiktok[.]com. The company has since rectified the issues.

While cookie consent banners have become increasingly common in the wake of the E.U. General Data Protection Regulation (GDPR) in May 2018, it has been repeatedly observed that companies resort to illegal dark patterns to trick users into sharing more information.

Under the laws, websites are required to withhold all third-party cookies and trackers – which could be used for behavioral advertising or gathering analytics information – until explicit permission from users is obtained.

The development also comes weeks after the CNIL penalized Apple for not obtaining iPhone users’ consent in iOS 14.6 prior to using identifiers to present targeted ads on the App Store in violation of the E.U. ePrivacy Directive.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.