The French data protection authority (“CNIL”) has imposed two fines totalling €5 million on TikTok for violating the country’s data processing law.
Between May 2020 and June 2022, the authority conducted audits at the company’s headquarters and its website tiktok.com. The CNIL found that while TikTok provided a one-click mechanism for accepting the use of cookies, it did not allow an equally easy mechanism for refusing their use. The authority noted that in order to decline the use of cookies, the user had to ‘click through’ the TikTok’s website in search of the correct options. Making the refusal mechanism more complex discouraged users from opting out of the use of cookies and encouraged them to accept the storing of cookies on the devices they used. Furthermore, CNIL stressed that users were not informed in a sufficiently precise manner about the purposes of the use of cookies.
In calculating the fine, CNIL took into account the nature of the infringements, the number of persons affected, including their age (they were mainly very young).Source