IMAGE: Solen Feyissa/Unsplash

France fines TikTok €5 million for not offering ‘refuse all’ button on website’s cookie banner

TikTok has been issued a fine of €5 million (about $5.4 million) by the French data protection regulator because it made it difficult for users to opt out of being tracked on its website – a breach of data protection laws.

The CNIL (Commission nationale de l’informatique et des libertés) announced the penalty on Thursday, although it said the sanction itself was issued on December 29.

According to the regulator, the fine was imposed over two shortcomings on the TikTok website and was not related to the ongoing privacy concerns regarding its mobile app.

The regulator said that while tiktok.com’s cookie banner offered a single-click option for users to accept all cookies, there was no single-click option to refuse them.

Cookie consent pop-ups have become an industry tactic to cope with the European Union’s ePrivacy Directive and its General Data Protection Regulation (GDPR), which were intended to empower the bloc’s citizens to withdraw their consent from being tracked and profiled across the web by advertisers.

The directive requires websites to withhold all marketing cookies and trackers from users’ browsers until they have received explicit permission from those users. Sites are not allowed to pre-tick boxes or ‘consent toggles’ to make it easier to consent than to decline to cookies, although in practice this is rarely followed.

There is an exemption for “strictly necessary” or functional cookies — for instance ensuring page content loads quickly, counting visitors (without profiling them) and remembering the items that online shoppers have placed in their baskets.

In addition, the CNIL said that visitors to the tiktok.com website were not sufficiently informed of the purposes of the cookies that they would be accepting.

The CNIL said that it carried out several inspections of the company's website between May 2020 and June 2022 and that the option to "refuse all" cookies was not introduced until February 2022.

“The amount of this fine was decided in view of the shortcomings identified, the number of people concerned – in particular minors – and the numerous previous communications from the CNIL on the fact that it must be as simple to refuse cookies as to accept them,” the regulator said.

A spokesperson for TikTok said: “These findings relate to past practices that we addressed last year, including making it easier to reject non-essential cookies and providing additional information about the purposes of certain cookies. The CNIL itself highlighted our cooperation during the course of the investigation and user privacy remains a top priority for TikTok.”

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Alexander Martin

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.