Website operator – €1,800 Fine (Spain, 2022)

€1,800Agencia Española de Protección de Datos18 April 2022Spain
reduced
Fine

A website operator was fined €1,800 for processing visitor data without consent and lacking a privacy policy. This ruling stresses that website operators must clearly communicate how they use visitor data and obtain consent before tracking.

What happened

The website operator processed visitor data without explicit consent and failed to provide a privacy policy.

Who was affected

Visitors to the website whose data was processed without their consent were affected.

What the authority found

The Spanish Data Protection Authority found that the website operator violated GDPR by not obtaining consent and lacking necessary information about data processing.

Why this matters

This case serves as a reminder for website operators to ensure they have clear consent mechanisms and privacy policies in place to protect user data.

GDPR Articles Cited

AI-verified

Art. 13(GDPR)
Art. 6(1) GDPR
View original scraped data
Art. 6(1) GDPR
Art. 13(GDPR)

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 22.2 LSSI
Source verified 7 April 2026
articles corrected
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll Website operator actions
Full Legal Summary
Detailed

The Spanish DPA (AEPD) has imposed a fine on the operator of the website link During its investigation, the DPA found numerous deficiencies on a website operated by the controller. For example, the controller processed data from visitors to the website without their explicit consent. In addition, the website did not contain any type of privacy policy. The DPA therefore found that the controller violated its duties set out in Art. 13 GDPR. Furthermore, the DPA found deficiencies in cookie use. The original fine of EUR 3,000 was reduced to EUR 1,800 due to immediate payment and acknowledgement of guilt.

Violations (3)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Unclear Cookie Information
high

The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.

Art. 12, 13 GDPR

Misleading Banner Messaging
critical

The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).

Art. 7 GDPR

Related Enforcement Actions (7)

Other enforcement actions involving Website operator in ES

Fine
Jul 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) fined a website operator EUR 500 due to the fact that its privacy policy did not comply with the requirements of Art. 13 GDPR.

€500
Fine
Sept 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has imposed a fine of EUR 9,000 on the controller of a website. A person had filed a complaint with the DPA due to the fact tha...

€9K
Fine
Jan 2022· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) imposed a fine of EUR 2,000 on a website operator for the lack of a privacy policy on its website, in violation of Art. 13 GDPR...

€2K
Current
Apr 2022

Fine

€2K

Fine
Apr 2023· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine of EUR 1,000 on a website operator for failing to ensure that the privacy policy on its website complied with the r...

€1K
Fine
May 2023· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine of EUR 5,000 on a website operator for failing to ensure that the privacy policy on its website complied with the r...

€500
Fine
Apr 2024· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine of EUR 600 on a website operator for failing to ensure that the privacy policy on a website complied with the requi...

€600
Fine
Jun 2024· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine on the operator of a website for storing data of a data subject for an excessively long period of time and contrary...

€180

Similar Cases

Enforcement actions with similar violations

Minister for Legal Protection

2022 · DPA RbOverijssel

CNIL

2019 · Court of Justice of the European Union

Details

Fine Date

18 April 2022

Authority

Agencia Española de Protección de Datos

Fine Amount

€1,800

Enforcement Tracker ID

ETid-1135

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified
Cookie relevance: 80%

Cite as: Cookie Fines. Website operator - Spain (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: