France: National Commission on Informatics and Liberty fined Shein EUR 150 million over unauthorised cookie placement and inadequate consent mechanisms

On 1 September 2025, the National Commission on Informatics and Liberty (CNIL) fined Infinite Styles Services Limited, the Irish subsidiary of the Shein group, EUR 150 million for breaches of rules on cookies. The fine was imposed following an inspection in August 2023, which determined that cookies, particularly for advertising, were being placed on users’ devices without consent, that information provided through banners was incomplete or misleading, and that mechanisms for refusing or withdrawing consent were ineffective. The CNIL noted that around 12 million people in France visited the website each month, amplifying the scale of the infringement, and stressed that Shein failed to respect choices made by users and did not adequately inform them of the identity of third parties placing cookies. While Shein made changes to its website during the proceedings, the CNIL’s committee considered the violations serious enough to warrant a substantial fine but did not issue compliance orders.