TikTok has been fined 5 million euros by the Commission Nationale de l’Informatique et des Libertés (CNIL). According to the French regulator, the Chinese social network made it unnecessarily challenging to refuse cookies on the website, violating French privacy legislation.
CNIL announces the fine through a press release.
Accepting cookies was easier than refusing cookies.
Between May 2020 and June 2022, the French regulator conducted multiple investigations on TikTok’s website. Researchers found during that period that the platform showed a button on the site that made it possible to accept all cookies. On the other hand, a switch to refuse all cookies was nowhere to be found. “It took several clicks to reject all cookies, as opposed to just one to accept them,” said CNIL.
By only offering a button to accept all cookies, TikTok discouraged visitors from rejecting cookies. By doing so, the company is infringing the freedom of consent, which is enshrined in Article 82 of the French data protection law. The regulator also believes that TikTok needed to inform visitors about the data collected by the cookies sufficiently.
French regulator authorized to issue of fines.
The bug has now been rectified. In February 2022, the Chinese social network introduced the option to refuse all cookies at the touch of a button. However, the platform does not escape an administrative fine, and CNIL has determined that a fine of 5 million euros is in order.
For the amount of the amount, the regulator looked at the seriousness of the violations and the number of people involved. The fact that employees of CNIL TikTok pointed out the violation several times also played a role in determining the fine.
Even though TikTok’s headquarters are in Dublin, the French regulator can issue a fine. This is because the penalty does not result from violating the General Data Protection Regulation (GDPR). French data protection law is based on the E-Privacy Regulation, meaning that the one-stop-shop or one-stop-shop mechanism does not apply.
TikTok still needs to respond to CNIL’s fine. It is, therefore, still being determined whether the company will object.
Significant concerns about privacy invasion by TikTok
TikTok has been under fire for quite some time regarding our privacy. Last summer, US Senators asked the Federal Trade Commission (FTC) to investigate the platform. TikTok CEO Shou Zi Chew had just admitted that a limited number of employees had access to the data of American users. The Senators believed that this made TikTok an “unacceptable risk” to the country’s national security.
In August, security researcher Felix Krause discovered that TikTok’s in-app web browser injects JavaScript code that tracks which websites users visit. The code also registers all keystrokes, which means that privacy-sensitive data may end up with the company. Several MPs found this unacceptable. The ChristenUnie was so concerned that it asked State Secretary for Digitization Alexandra van Huffelen to ban the TikTok app in the Netherlands.
Finally, there are concerns about TikTok’s new privacy terms. It states, among other things, that the company has been allowed to share data from Dutch users with China since December 2022. It’s not just profile information, personal messages, other content, or contact information. Under the new terms, TikTok may also collect and share device and location data, IP address, and user search history. This led to significant concerns among various political groups in the House of Representatives.
Dutch foundations are filing mass claims against TikTok.
TikTok can prepare for multiple lawsuits filed by Dutch parties. The Market Information Research Foundation (SOMI) filed a claim against the social network in June 2021. The foundation is claiming damages of 1.4 billion euros for violating European privacy and consumer legislation. SOMI also believes that TikTok does not comply with the transparency obligations arising from the GDPR.
The Take Back, Your Privacy Foundation and the Consumers’ Association took TikTok to court in August 2021. “TikTok has scandalously abused some very young children, and it has misled them, violated their privacy and made gross profits on their backs—pure exploitation, which must be compensated. And in a way that also has a deterrent effect on other companies who do the same thing,” Sandra Molenaar, director of the Consumers’ Association, said about the lawsuit. The organizations demand compensation of more than 2 billion euros in total.
Finally, Stichting Massaschade & Consument believes that TikTok collects too much user data to create user profiles. In this way, the platform wants to serve personalized advertisements. The foundation believes that TikTok violates all national and international laws and regulations. For example, the company needs to be more open and honest about what data it collects and for what purposes. The foundation is therefore demanding compensation of 6 billion euros.
TikTok tried to nip the mass claims in the bud, arguing that its headquarters are in Ireland. Therefore, the Dutch foundations would not be authorized to file a lawsuit. The court of Amsterdam did not agree and ruled that the foundations were indeed allowed to file a mass claim against the company. The substantive hearing is scheduled for next month.
Find more articles here
Follow us on Facebook here