How unusual is the approach to cookie compliance that TikTok took?
The backdrop to this case is that:
- A 2021 study suggests that including a ‘refuse all’ button decreases cookie acceptance rate by 15% – this was referenced in the CNIL decision notice.
- It is rare that formal enforcement action is taken in relation to cookie compliance (TikTok has arguably been singled out and could consider themselves unlucky here, a pitfall of their website’s success) – typically regulators are tipped off by an unhappy complainant and organisations are told to make changes ‘or else’.
In light of the above, a number of organisations take a commercially balanced view that obtaining valuable data about the users of their website is worth the risks of getting caught, noting that they are normally provided with the option of making a change by a regulator before facing fines.
To put it another way, whilst there is a black and white distinction between compliance and non-compliance in cookie legislation organisations have, in practice, introduced a sliding scale of greys, preferring to obtain as much data as possible and accepting minor breaches of the legislation in doing so.