CNIL, the French data watchdog, found that the social platform's mechanism to refuse cookies was so hard, most users were discouraged from doing so.
ADVERTISEMENTFrance on Thursday fined TikTok €5 million for shortcomings linked to the short video platform's handling of online tracking known as "cookies," which the ByteDance-owned company said it had now addressed.
French data protection watchdog CNIL said that its investigation only concerned the website tiktok.com and not the service's much more heavily used smartphone applications.
The CNIL found that for tiktok.com's users, it was not as easy to refuse online trackers as to accept them even though the guidelines, based on EU's rules, require it since 2020.
"Making the refusal mechanism more complex actually discouraged users from refusing cookies and encouraged them to prefer the ease of the 'accept all' button," explained the authorities in the statement.
They also found that Internet users were not sufficiently informed about TikTok's use of cookies.
Under European Union rules, websites must clearly ask for the prior consent of Internet users for any use of cookies - small pieces of data stored while navigating on the web.
"These findings relate to past practices that we addressed last year, including making it easier to reject non-essential cookies and providing additional information about the purposes of certain cookies," a spokesperson for TikTok said.
"The CNIL itself highlighted our cooperation during the course of the investigation and user privacy remains a top priority for TikTok," the spokesperson added.
Tech giants on the hot seat
TikTok is the latest tech giant to be penalised by the CNIL as part of a major control campaign launched in spring 2021.
Google, Meta, Amazon, Microsoft, and most recently Apple have all been sanctioned by the authority for a total amount of around €400 million.
French authorities are not the only ones to have their eyes on them. The Irish Data Protection Authority (DPA) has informed its European counterparts of two draft sanctions aimed at breaches concerning the processing of personal data of minors and data transfers to China.
These sanctions could be imposed in the first half of 2023.
TikTok Chief Executive Shou Zi Chew met with met several European officials during his visit to Brussels on Tuesday.
"I count on TikTok to fully execute its commitments to go the extra mile in respecting EU law and regaining trust of European regulators. There cannot be any doubt that data of users in Europe are safe and not exposed to illegal access from third-country authorities," said Věra Jourová, vice-president for values and transparency in the EU Commission.
