Website operator – €1,000 Fine (Spain, 2023)

€1,000Agencia Española de Protección de Datos26 April 2023Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A website operator in Spain was fined EUR 1,000 for not following privacy rules. They failed to provide clear cookie information and allowed cookies to be placed before getting user consent. This case highlights the importance of having a transparent privacy policy and proper consent mechanisms on websites.

What happened

The Spanish DPA fined a website operator for not complying with privacy policy requirements.

Who was affected

Website visitors who encountered misleading cookie banners and unclear information were affected.

What the authority found

The authority found that the website operator did not meet the requirements of Article 13 of GDPR regarding user consent and cookie information.

Why this matters

This ruling emphasizes that website operators must ensure clear communication about cookies and obtain consent before tracking users. It serves as a reminder for all online businesses to review their privacy practices.

GDPR Articles Cited

AI-verified

Art. 13(GDPR)
View original scraped data
Art. 13(GDPR)

Original data from scraper before AI verification against source document.

Source verified 16 March 2026
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll Website operator actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine of EUR 1,000 on a website operator for failing to ensure that the privacy policy on its website complied with the requirements of Art. 13 GDPR.

Violations (4)

No Reject Button
critical

Cookie banner does not provide a clear reject/refuse all button at the same level as the accept button.

Art. 7 GDPR

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Unclear Cookie Information
high

The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.

Art. 12, 13 GDPR

Misleading Banner Messaging
critical

The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).

Art. 7 GDPR

Related Enforcement Actions (7)

Other enforcement actions involving Website operator in ES

Fine
Jul 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) fined a website operator EUR 500 due to the fact that its privacy policy did not comply with the requirements of Art. 13 GDPR.

€500
Fine
Sept 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has imposed a fine of EUR 9,000 on the controller of a website. A person had filed a complaint with the DPA due to the fact tha...

€9K
Fine
Jan 2022· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) imposed a fine of EUR 2,000 on a website operator for the lack of a privacy policy on its website, in violation of Art. 13 GDPR...

€2K
Fine
Apr 2022· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has imposed a fine on the operator of the website link During its investigation, the DPA found numerous deficiencies on a websi...

€2K
Current
Apr 2023

Fine

€1K

Fine
May 2023· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine of EUR 5,000 on a website operator for failing to ensure that the privacy policy on its website complied with the r...

€500
Fine
Apr 2024· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine of EUR 600 on a website operator for failing to ensure that the privacy policy on a website complied with the requi...

€600
Fine
Jun 2024· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine on the operator of a website for storing data of a data subject for an excessively long period of time and contrary...

€180

Similar Cases

Enforcement actions with similar violations

Minister for Legal Protection

2022 · DPA RbOverijssel

Details

Fine Date

26 April 2023

Authority

Agencia Española de Protección de Datos

Fine Amount

€1,000

Enforcement Tracker ID

ETid-1792

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Website operator - Spain (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: