Betting company – €30,000 Fine (Croatia, 2023)
A betting company in Croatia was fined €30,000 for violating GDPR rules related to cookie consent. This is significant because it shows that companies must obtain clear consent from users before collecting data through cookies. Not doing so can lead to hefty fines and damage to reputation.
What happened
The betting company collected personal data from website visitors through cookies without obtaining valid consent.
Who was affected
Website visitors whose data was collected through cookies without proper consent mechanisms.
What the authority found
The Croatian Data Protection Authority found the company violated GDPR by not providing clear options for users to consent to cookie usage.
Why this matters
This case highlights the need for businesses to implement clear cookie consent practices. Companies should review their cookie policies to ensure compliance with GDPR requirements.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Entities Involved
The Croatian DPA (AZOP) has imposed a fine of EUR 30,000 on a company engaged in gambling and betting activities due to three identified violations of the GDPR. As noted by AZOP, the controller collected and processed personal data of data subjects, i.e. website visitors through cookies without a valid legal basis, thereby violating Art. 6 (1) GDPR. Furthermore, the controller also failed to provide data subjects with appropriate information or enable data subjects to provide or withdraw consent voluntarily, thereby violating Art. 7 GDPR. AZOP noted that the visitor should give separate consent for each type of cookie according to their functionality, that is, consent cannot be given for „all types of cookies“. In these cases, there was no option for separate granting or revocation of consent for each type of cookie. Lastly, it was determined that the controller did not adequately inform data subjects (website visitors) about the processing of personal data, particularly regarding data processing through cookies, thereby violating Art. 13 (1), (2) GDPR. The controller did not inform transparently on matters such as the legal basis, the function of each cookie, and the cookie retention period.
Violations (5)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Third-party tracking cookies or scripts are loaded without obtaining prior user consent.
Art. 13, 14 GDPR
The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.
Art. 12, 13 GDPR
Users cannot select or deselect individual cookie categories; consent is presented as all-or-nothing.
Art. 4(11) GDPR
No accessible mechanism exists for users to withdraw previously given cookie consent.
Art. 7(3) GDPR
Related Enforcement Actions (3)
Other enforcement actions involving Betting company in HR
Fine
€30K
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
14 September 2023
Authority
Agencija za zaštitu osobnih podataka
Fine Amount
€30,000
Enforcement Tracker ID
ETid-2062
About this data
Cite as: Cookie Fines. Betting company - Croatia (2023). Retrieved from cookiefines.eu
Last updated: