Betting company – €30,000 Fine (Croatia, 2023)
Another betting company in Croatia was fined €30,000 for similar violations regarding cookie consent. This case further highlights the importance of obtaining clear consent from users before collecting their data. Businesses should take note and ensure they have proper mechanisms in place for cookie consent to avoid hefty fines.
What happened
The betting company processed personal data from website visitors using cookies without obtaining valid consent.
Who was affected
Website visitors who accessed the betting company's site were affected by the unauthorized data collection.
What the authority found
The Croatian DPA ruled that the company violated GDPR by failing to provide clear information and options for consent regarding cookie usage.
Why this matters
This ruling reinforces the need for businesses to have transparent cookie consent practices. Companies must ensure users can easily manage their cookie preferences to comply with data protection laws.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Croatian DPA (AZOP) has imposed a fine of EUR 30,000 on a company engaged in gambling and betting activities due to three identified violations of the GDPR. As noted by AZOP, the controller collected and processed personal data of data subjects, i.e. website visitors through cookies without a valid legal basis, thereby violating Art. 6 (1) GDPR. Furthermore, the controller also failed to provide data subjects with appropriate information or enable data subjects to provide or withdraw consent voluntarily, thereby violating Art. 7 GDPR. AZOP noted that the visitor should give separate consent for each type of cookie according to their functionality, that is, consent cannot be given for „all types of cookies“. In these cases, there was no option for separate granting or revocation of consent for each type of cookie. Lastly, it was determined that the controller did not adequately inform data subjects (website visitors) about the processing of personal data, particularly regarding data processing through cookies, thereby violating Art. 13 (1), (2) GDPR. The controller did not inform transparently on matters such as the legal basis, the function of each cookie, and the cookie retention period.
Violations (5)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Third-party tracking cookies or scripts are loaded without obtaining prior user consent.
Art. 13, 14 GDPR
The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.
Art. 12, 13 GDPR
Users cannot select or deselect individual cookie categories; consent is presented as all-or-nothing.
Art. 4(11) GDPR
No accessible mechanism exists for users to withdraw previously given cookie consent.
Art. 7(3) GDPR
Related Enforcement Actions (3)
Other enforcement actions involving Betting company in HR
Fine
€30K
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
14 September 2023
Authority
Agencija za zaštitu osobnih podataka
Fine Amount
€30,000
Enforcement Tracker ID
ETid-2062
About this data
Cite as: Cookie Fines. Betting company - Croatia (2023). Retrieved from cookiefines.eu
Last updated: