The Commission Nationale de l’Informatique et des Libertés (CNIL), a government body charged with enforcing consumer data protection, said Shein’s website failed to comply with regulations in collecting consumers’ data without consent.
When users browsing Shein’s French site opted out of cookies – small files that allow websites and advertisers to identify individual users and track their browsing habits – some were still found to be placed on the user’s computer regardless, the commission said in a statement detailing a test it conducted on the site in August 2023.
Under the European Union’s General Data Protection Regulation, cookies are considered personal data because they are used to identify shoppers and target them with ads, and websites must obtain consent to use them.
“The size of this fine takes into account the fact the company has ignored several obligations by depositing cookies without users’ consent, not respecting their choices and not correctly informing them,” the CNIL said in a statement.
Shein’s scale also fed into the decision, the commission added, saying 12 million French residents visited the site every month.
