Popular “fast fashion” app Shein has landed in some regulatory trouble in the EU, as France’s data regulator CNIL has issued a €150 million GDPR fine due to failure to obtain cookie consent.
The GDPR fine was assessed to Infinite Styles Services Co. Ltd., the Ireland-based subsidiary of Shein. The penalty stems from an August 2023 inspection of the Shein website by CNIL that found that cookies were being placed on user devices upon arrival, before they had an opportunity to interact with the cookie consent banner.
Shein GDPR fine factored in France’s base of 12 million users, prior violations by other companies
Shein was found to have engaged in multiple violations of the French Data Protection Act (Article 82), all centered on cookie consent and transparency requirements. When Shein users arrived at the website, the inspection found that “several” cookies were placed even before the user consent banner was loaded. The banner was also found to be wanting in terms of necessary detail, with an insufficient explanation of the advertising purpose of cookies and a follow-up button prompting users to accept the cookies having no useful information attached to it either. The CNIL inspectors also noted that when users opted to press the “reject all” button, the Shein website would nevertheless place some new cookies and continue to read those that had already been placed.
When Google was hit with the same penalty in late 2021 for its own cookie consent issues, it was among the largest GDPR fines ever issued. Those numbers have since gone significantly up, but the €150 million fine is a big blow to Shein as it represents about 2% of the company’s total European revenue. CNIL says that similar prior penalties, such as the Google fine, were a factor in determining the amount; also factored in was the large Shein user base in France (about 12 million people) and the fact that the company appeared to willfully ignore privacy obligations.
For its part, Shein has said that it will contest the GDPR fine and believes it is “politically motivated” and disproportionate to the violation. The company is currently based in Singapore but was founded in China and sources products from there, and is one of several “fast fashion” marketplaces currently embroiled in a separate legal battle in France that could end with it being barred from advertising. A draft law tied to concerns about carbon emissions and the generally poor quality of goods in the market would prevent “fast fashion” services like Temu and Shein from engaging in any sort of advertising in the country, something spurred to a great degree by the use of social media influencers in promotion campaigns and the posting of “hauls” of purchases. That law could go into effect in 2026.
CNIL remains highly active in cookie consent policing
When it comes to GDPR fines and cookie consent issues, CNIL has been one of Europe’s most aggressive agencies since the comprehensive privacy laws went into effect in 2018. The Shein fine was paired with a similarly large fine for Google, which was tagged for both failing to obtain proper consent during the new account signup process and sandwiching ads in between emails in Gmail. CNIL previously went after Google for cookie consent issues in December of both 2020 and 2021, for placing cookies without proper consent on its search engine page and having an inadequate cookie refusal process both there and at YouTube.
Shein has found itself embattled in Europe as of late, with a particular collection of difficulties in France. Though Shein is not being specifically targeted, the whole of the “fast fashion” app-based industry could find itself legally unable to advertise in the country as of 2026. The exact shape of the law remains under debate, but one of the more stringent proposals would see companies like Shein, Temu and Zara disallowed from running ads or paying influencers to promote them. The law is rooted in concern about cheap China-manufactured product flooding the market, and attendant environmental concern about clothes that are designed to last as little as a matter of weeks before degrading to the point that they are no longer wearable.
Shein is also facing pressure from the European Commission over alleged misleading discount offers, high-pressure sales tactics that employed deception by listing fake deadlines, and hidden contact details for customer support and return queries among other items. The company was given a month to correct these issues or face the possibility of fines. It is also facing a complaint from consumer group BEUC of use of “dark patterns” to prompt users to purchase more than originally intended, something that ties into existing tensions in France over its environmental impact.
