…in order to keep people
informed, it is of interest to present this found in one site dedicated to
computer protection, cuz many people find, sometimes and very often, difficulties
they cannot solve by themselves, yet they could be computer engineers. Why? Cuz
to solve problems (of the algorithmic type) a user needs time and they,
computer engineers, do not have it cuz it is used to build programs, software,
applications and even security applications, they must install some security apps
cuz of the above said, imagine a simple computer user …and that’s why the below
is published as is. Permit me to add this is not an advertisement, it is a concern
of things going on the internet, a highway to freely travel even to the confine
of the universe if you can.
Below, as is:
TikTok dances to the tune of $5.4m cookie fine
Posted: January 16, 2023 by Christopher Boyd
The big social media fines just
keep coming. Hot on the heels of Meta experiencing a $277m fine from the Irish Data Protection Commission,
it’s now TikTok’s turn in the spotlight thanks to a cookie crumble. Can you
walk into a huge fine in 2023 for making it difficult to refuse a cookie as
easily as it might be to accept it? As it happens, you absolutely can, as
TikTok is now finding out.
Commission nationale de l'informatique et des
libertés (CNIL)
in France has fined TikTok UK and TikTok Ireland €5M ($5.4M)
for failing to comply with obligations set out in Article 82 of the French Data
Protection Act.
While some of us may consider cookies to be a bit
boring, there’s a lot more to it than complaining about those pop ups on every
website. You can guarantee the accountants looking at the latest fines stacking
up at their business are very interested indeed.
A fine old time
From the CNIL announcement:
"During the inspection carried out in June
2021, the CNIL noted that although the companies TIKTOK UK and TIKTOK IRELAND
did offer a button allowing immediate acceptance of cookies, they did not put
in place an equivalent solution (button or other) to allow the Internet user to
refuse their deposit as easily. Several clicks were required to refuse all
cookies, as opposed to just one to accept them."
When it came to light that this mechanic was in
place for cookies, the CNIL stance was that this process discouraged
individuals from opting out or refusing. Instead, users chose the path of least
resistance and agreed to what was put in front of them. This, in combination with
information about the purpose of the cookies not being sufficiently accurate,
was enough to incur the wrath of the CNIL.
Playing the waiting game
According to Bleeping Computer, TikTok received
several warnings about this issue, with initial findings coming from a report in June 2021.
Despite this, a proper reject all button was not implemented, nor given a
“prominent position”, until February 2022.
This is one of many large fines dished out by CNIL,
and this is definitely something we’ll be seeing more of down the line. In
terms of the cookie notification/consent issues themselves, it all feels a bit
like a Roach Motel from
the Dark Pattern playbook. This is a common marketing or advertising tactic
where you make it easy to get in, but much harder to get out.
The dark patterns of cookie consent
Dark patterns are very much relevant to the subject
of cookie disclosure and notification. Some of the biggest fines handed out in recent years have
been cookie related, and some even mention the dark pattern aspect in relation
to cookies. If you have one button to accept but multiple buttons to reject,
it’s quite possible the CNIL will be paying you a visit.
TikTok is now joining an increasingly less
exclusive club which already includes the likes of Facebook and
Google. Whether caught by the ePrivacy Directive or the GDPR, one
thing is for certain: Social media giants need to ensure they’ve done a full
sweep of their cookie cupboards. Regulators aren’t shy about handing out fines.
The real question is, how big will they have to become before social media
sites take the kind of pre-emptive action which causes fines not to be issued
in the first place?
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
RELATED ARTICLES
University suffers leaks, shutdowns at the hands of Vice
Society
January 17, 2023 - We take a look at the devastating impact of a
ransomware attack on a University which includes leaks and network destruction.
Web skimmer found on website of Liquor Control Board of
Ontario
January 17, 2023 - LCBO account holders are under advice to schange
their passwords and monitor their credit card statements after a web skimmer
was found on the webiste
Fighting technology's gender gap with TracketPacer: Lock
and Code S04E02
January 16, 2023 - This week on Lock and Code, we speak with Lexie
Cooper, the owner behind the TikTok account TrackerPacer, about the vitriol she
faced online after talking about the gender gap in technology.
Google to support the use of Rust in Chromium
January 16, 2023 - Google has announced that it will support the use of
third-party Rust libraries in Chromium which is a step forward in memory safety
for the browsers.
A week in security (January 9—15)
January 16, 2023 - The most interesting security related news from the
week of January 9—15.
ABOUT THE AUTHOR
Christopher Boyd
Lead Malware Intelligence Analyst
Former Director of Research at
FaceTime Security Labs. He has a very particular set of skills. Skills that
make him a nightmare for threats like you.
No comments:
Post a Comment