Slovenčina 
Čeština 
Shqiptare 
Österreich 
België 
български 
Bosanski 
Українська 
Eesti 
Македонски 
Türkçe 
Deutsch 
Dansk 
Español 
Français 
Suomi 
Ελληνικά 
Hrvatski 
Magyar 
Schweiz 
Italiano 
Lietuvių 
Latviešu 
Nederlands 
Norsk 
Polski 
Português 
Română 
Srpski 
Slovenščina 
Svenska 
The record penalty highlights growing regulatory pressure on major digital platforms to respect user privacy rights and obtain proper consent before tracking online behavior.
What SHEIN Did Wrong
The CNIL found that several cookies, particularly with advertising purposes, were placed on the devices of users visiting “shein.com” as soon as they arrived on the site, even before they interacted with the information banner to express a choice.
The violations included multiple serious consent failures:
- Automatic Cookie Placement: Advertising cookies were installed on users’ devices immediately upon visiting shein.com, before any consent could be given.
- Inadequate Consent Banners: Two interfaces related to the management of cookies were displayed on the “shein.com” website, but both were incomplete. The first banner had three buttons labelled “Cookie settings”, “Reject all” and “Accept” but did not contain any information about the advertising purpose of cookies.
- Broken Opt-Out Mechanism: When a user visiting the “shein.com” website clicked on the “Refuse all” button in the banner, or when they decided to withdraw their consent to the registration of cookies on their device, new cookies were still placed and others, already present, continued to be read.
- Missing Third-Party Information: No information on the identity of third parties likely to place cookies was provided at this second level of information, accessible by clicking on the “Cookie settings” button.
Record-Breaking Penalties
The record penalties target two platforms with tens of millions of French users, marking among the heaviest sanctions the regulator has imposed. CNIL also fined Google €325 million for similar violations, making these among the largest cookie-related fines ever issued.
The French data protection watchdog justified the exceptional nature of the fine imposed on Shein by the fact that the legislation on which this decision is based is already in force, indicating companies should have known better.
SHEIN’s Response
Shein has updated its systems to comply with the CNIL’s requirements under French and European law since the investigation. It told AFP that it would appeal the fine, which it said was “totally disproportionate given the nature of the alleged grievances” and its “current compliance” with the legislation.
Broader Context
This fine adds to SHEIN’s mounting legal troubles in France. At the beginning of July, the platform was fined 40 million euros for misleading commercial practices by France’s Repression des Fraudes, for, among other things, marking up certain prices before applying a discount.
The company faces additional scrutiny as Shein symbolizes, according to its detractors, all the ills of “ultra fast fashion.” French legislators are considering regulations specifically targeting fast fashion with advertising bans and environmental impact requirements.
What This Means for Businesses
The CNIL has stepped up its scrutiny of their use, part of “a general strategy of bringing (market players) into line over the past five years, targeting especially sites and services that receive a lot of traffic”
The massive fines send a clear message: companies can no longer treat cookie consent as an afterthought. Proper implementation requires:
- Obtaining explicit consent before placing any advertising cookies
- Providing clear, complete information about cookie purposes
- Ensuring “reject all” buttons actually work
- Transparently listing all third-party cookie providers
- Making it easy for users to withdraw consent
For e-commerce platforms and digital marketers, this case demonstrates that regulatory authorities are willing to impose severe financial consequences for cookie compliance failures, regardless of company size or revenue.
