France’s data protection regulator, the Commission Nationale de l’Informatique et des Libertés (CNIL), has slapped Shein, the China-founded fast-fashion e-commerce giant, with a record €150 million fine for placing tracking cookies without user consent on its French website.
Why Shein Was Penalized
An investigation conducted in August 2023 found that Shein continued to place advertising cookies—even when users explicitly opted out, Reuters reported.
This practice violated the EU’s General Data Protection Regulation (GDPR), which classifies cookies as personal data requiring explicit consent.
The CNIL noted several specific failings:
- Cookies were placed before users could engage with consent banners.
- Consent-management banners lacked clarity about advertising purposes and third-party identities.
- Users who clicked “Refuse all” still had cookies placed or read on their devices.
- Shein’s massive reach—averaging 12 million monthly visitors in France—was a key factor in the fine’s magnitude.
Shein’s Response
In reply, Shein strongly contested the fine, calling it “wholly disproportionate” and implying political motivations behind the decision. The company said it has cooperated fully with CNIL since August 2023 and has enacted proactive corrective measures to improve its data protection practices.
Notably, the fine represents about 2% of Shein’s 2023 revenue in Europe (€7.684 billion), as reported by its Ireland-registered entity.
Regulatory Context: Italy’s Greenwashing Fine
This is not Shein’s first regulatory blow in Europe. In August 2025, Italy’s competition authority (AGCM) fined the company €1 million for misleading environmental claims—a form of greenwashing.
AGCM’s investigation found that Shein’s messaging around sustainability—particularly its “evoluSHEIN by Design” collection—used vague, overly emphatic, or misleading language.
Claims suggesting products were fully recyclable or sustainably manufactured were either false or confusing. Even emissions-reduction pledges (e.g., GHG cuts by 2030, net zero by 2050) contradicted a documented increase in emissions during 2023–2024.
Impacts and Key Takeaways
Data Privacy Enforcement: France’s fine underscores the increasing rigor of GDPR compliance enforcement, especially around consent and tracking across major online platforms.
Italy’s greenwashing penalty underscores the close scrutiny of sustainability claims, especially in high-impact sectors like fast fashion.
Risks to Reputation and Expansion: Shein now faces combined fines of €151 million across two jurisdictions, drawing global eyes to its compliance gaps.
Moreover, French lawmakers are pushing legislation that could potentially ban Shein from advertising in France.
