Mon | Jan 16, 2023 | 3:28 PM PST

The uber popular short-form video sharing platform has been fined 5 million euros for its cookie policies, and no, we're not talking about chocolate chip or oatmeal raisin.

On December 29, 2022, the French data protection authority (CNIL) imposed a fine of €5 million on TikTok for violations of the French Data Protection Act. The company was found to have made it more difficult for users to refuse cookies than to accept them, and to have not provided sufficient information about the purposes of different cookies.

The CNIL conducted several online investigations between May 2020 and June 2022 on the TikTok website and on documents requested from the company. The inspections were carried out only on the website, in an unlogged session, and not on the mobile application.

The restricted committee, the CNIL body responsible for issuing sanctions, considered that TikTok Information Technologies UK Limited (TikTok UK) and TikTok Technology Limited (TikTok Ireland) had failed to comply with the obligations set out in Article 82 of the French Data Protection Act.

Here's what it found:

"During the inspection carried out in June 2021, the CNIL noted that although the companies TIKTOK UK and TIKTOK IRELAND did offer a button allowing immediate acceptance of cookies, they did not put in place an equivalent solution (button or other) to allow the Internet user to refuse their deposit as easily. Several clicks were required to refuse all cookies, as opposed to just one to accept them.

The restricted committee considered that making the refusal mechanism more complex actually discouraged users from refusing cookies and encouraged them to prefer the ease of the 'accept all' button."

The CNIL also found that users were not informed about the purposes of the cookies. The restricted committee therefore found several breaches of Article 82 of the Data Protection Act.

The amount of the fine was decided on the basis of the breaches identified, the number of people concerned—including minors—and the numerous previous communications from the CNIL on the fact that it must be as simple to refuse cookies as to accept them. 

Related articles:

Hackers Spread Malware Thanks to TikTok's 'Invisible Challenge' Trend

Follow SecureWorld News for more stories related to cybersecurity.
 
Comments