CHATWITH.IO WORLDWIDE, S.L. – €12,000 Fine (Spain, 2023)

€12,000Agencia Española de Protección de Datos23 September 2023Spain
final
Fine

CHATWITH.IO WORLDWIDE, S.L. was fined €12,000 for not providing clear information about how it uses personal data. The company's cookie banner made it hard for users to refuse cookies, which is against the rules. This case highlights the importance of clear consent mechanisms for website operators.

What happened

CHATWITH.IO WORLDWIDE, S.L. failed to provide adequate information about personal data processing and used a confusing cookie banner.

Who was affected

Website visitors who encountered the misleading cookie banner and were not properly informed about data processing.

What the authority found

The Spanish DPA found that the company violated GDPR rules by not informing users properly and using dark patterns in its cookie consent mechanism.

Why this matters

This ruling emphasizes that companies must be transparent about data use and cannot use confusing designs to manipulate user consent. Website operators should ensure their cookie banners are clear and easy to understand.

GDPR Articles Cited

AI-verified

Art. 13(GDPR)
Art. 5(1)(a) GDPR
View original scraped data
Art. 5(1) a) GDPR
Art. 13(GDPR)

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 22 (2) LSSI
Source verified 5 April 2026
articles corrected
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll CHATWITH.IO WORLDWIDE, S.L. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine of EUR 12,000 on the website operator CHATWITH.IO WORLDWIDE, S.L. During its investigation, the DPA found that the controller had failed to adequately comply with its information obligations under Art. 13 GDPR. For example, there was a lack of detailed information on the purposes of processing personal data on the website. Furthermore, the design of a cookie banner used so-called dark patterns, with the pop-up giving users only the choice between consent and access to the settings page. This meant that it was not possible for users to simply refuse the use of cookies, but that they could only do so via the settings menu and many clicks. The fine is made up of EUR 5,000 for the violation of Art. 5 (1) a) GDPR, EUR 5,000 for the violation of Art. 13 GDPR and EUR 2,000 for the violation of the national law Art. 22 LSSI.

Violations (3)

No Reject Button
critical

Cookie banner does not provide a clear reject/refuse all button at the same level as the accept button.

Art. 7 GDPR

Reject Harder Than Accept
critical

Refusing cookies requires more clicks or steps than accepting them, or the reject option is less visually prominent.

Art. 7 GDPR

Misleading Banner Messaging
critical

The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).

Art. 7 GDPR

Related Enforcement Actions (0)

No other enforcement actions found for CHATWITH.IO WORLDWIDE, S.L. in ES

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

ANSPDCP

2025 · Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

CNIL

2019 · Court of Justice of the European Union

Details

Fine Date

23 September 2023

Authority

Agencia Española de Protección de Datos

Fine Amount

€12,000

Enforcement Tracker ID

ETid-2104

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified
Cookie relevance: 100%

Cite as: Cookie Fines. CHATWITH.IO WORLDWIDE, S.L. - Spain (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: