France Fines TikTok With $5.4 Million For Cookie Privacy

Due to their difficulty in disabling cookies and inadequate disclosure of their purpose, TikTok UK and TikTok Ireland have been fined $5.4 million by France's data protection regulator (CNIL).

This contravened Article 82 of the French Data Protection Act (DPA), a national rule that complies with the General Data Protection Regulation (GDPR) framework that is in effect in Europe.

TikTok's Cookie Consent Was The Problem All Along

In June 2021, CNIL conducted an inspection of the TikTok website, as stated in the announcement.

Although the platform provided a button for users to instantly accept cookies, it was discovered that rejecting them was more difficult.

With that, CNIL claims that in order to reject all cookies, users would need to make many deliberate clicks.

The procedure was discouraging, which naturally led to the majority of website visitors clicking the "Accept all" box on the TikTok platform.

Bleeping Computer notes that in addition to requiring services to obtain users' consent for the storage of cookies, Article 82 of France's DPA also assumes the users' freedom to do so.

Because of this, the cookie consent dialogs must give the options to the user in a balanced manner, which was not the case on the platform.

It took TikTok until February 2022 to add a "Reject all" button and give it a prominent location in the cookie consent prompt, despite CNIL's repeated warning.

The second infraction, which also violates Article 82 of the DPA, relates to the banner's inadequate statement of the cookies' goals.

Users that clicked on the banner link to learn more, according to CNIL, still did not receive adequate information about the goal of the cookies

Additionally, neither the first-level information banner nor the context of the choice interface available after clicking on a link in the banner adequately disclosed to users the aims (objectives) of the cookies.

Important online platforms frequently employ aggressive data collecting techniques, which the CNIL has punished with hefty fines, including Apple ($8.5 million), Facebook ($68 million), and Google ($170 million).

Read More: FCC Commissioner Praises India's Blocking of TikTok, Sets 'Important Precedent'

The EU Has Called Out Tiktok For Sketchy Projects Before

The CNIL is materially competent to verify and sanction operations related to cookies put by the companies on the terminals of Internet users residing in France.

It can be remembered that Last summer, European Union data protection authorities stepped in to prevent TikTok from citing a claim of legitimate interest as the justification for processing users' data to display "personalized" advertisements.

With that, they warned TikTok that doing so would conflict with the ePrivacy Directive, according to Information Security Buzz.

Although ePrivacy regulations only apply in the regulator's domestic market, these judgments may have far-reaching repercussions.

These findings are related to other procedures covered last year, such as making it easier to reject cookies that are not required and providing greater information about the purposes of certain cookies.

The company's cooperation with the investigation was emphasized by the CNIL, and TikTok continues to place a high priority on user privacy, a TikTok spokesperson says.

Related Article: Software to Remove 'Invisible Body' TikTok Filter Actually Contains Malware

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

Tags TikTok

More from iTechPost

Real Time Analytics