TikTok has been accused by the French data protection authority of violating consent rules for using cookies, TechCrunch reports.

The €5 million penalty announced by the CNIL relates to the cookie consent stream that TikTok was using on its website until early last year – in which the regulator found that it wasn’t as easy for users to decline cookies as it was to accept them – so it essentially manipulated consent by making it easier for site visitors to accept tracking than to opt out.

The CNIL found that the entertainment platform did not inform users clearly enough about the purpose of the cookies – both on the information banner presented on the first level of cookie consent and within the “choice interface” that is accessible after clicking on a link presented on the banner. Several breaches of Article 82 are therefore established.

French enforcement is undertaken under the European Union’s ePrivacy Directive. Unlike the General Data Protection Regulation (GDPR), it does not require complaints affecting users across the bloc to be referred to a lead data protection supervisory authority in the EU country where the principal place of business is (if the company claims such status – as TikTok claims for Ireland under the GDPR).