CHATWITH.IO WORLDWIDE, S.L. – €12,000 Fine (Spain, 2023)

€12,000Agencia Española de Protección de Datos23 September 2023Spain
final
Fine

CHATWITH.IO WORLDWIDE, S.L. was fined for not providing clear information about how it uses personal data on its website. The company made it difficult for users to refuse cookies, which is important for user consent. This case shows that businesses must be transparent and user-friendly in their data practices.

What happened

The company failed to inform users properly about the purposes of processing personal data and used misleading cookie banners.

Who was affected

Website visitors who encountered the confusing cookie consent options.

What the authority found

The Spanish authority found that the company violated GDPR by not providing adequate information and using dark patterns in its cookie consent.

Why this matters

This fine highlights the need for clear and straightforward consent mechanisms. Companies should review their cookie practices to ensure compliance with data protection laws.

GDPR Articles Cited

AI-verified

Art. 13(GDPR)
Art. 5(1)(a) GDPR
View original scraped data
Art. 5(1) a) GDPR
Art. 13(GDPR)

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 22.2 LSSI
Source verified 5 April 2026
articles corrected
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll CHATWITH.IO WORLDWIDE, S.L. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine of EUR 12,000 on the website operator CHATWITH.IO WORLDWIDE, S.L. During its investigation, the DPA found that the controller had failed to adequately comply with its information obligations under Art. 13 GDPR. For example, there was a lack of detailed information on the purposes of processing personal data on the website. Furthermore, the design of a cookie banner used so-called dark patterns, with the pop-up giving users only the choice between consent and access to the settings page. This meant that it was not possible for users to simply refuse the use of cookies, but that they could only do so via the settings menu and many clicks. The fine is made up of EUR 5,000 for the violation of Art. 5 (1) a) GDPR, EUR 5,000 for the violation of Art. 13 GDPR and EUR 2,000 for the violation of the national law Art. 22 LSSI.

Violations (3)

No Reject Button
critical

Cookie banner does not provide a clear reject/refuse all button at the same level as the accept button.

Art. 7 GDPR

Reject Harder Than Accept
critical

Refusing cookies requires more clicks or steps than accepting them, or the reject option is less visually prominent.

Art. 7 GDPR

Misleading Banner Messaging
critical

The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).

Art. 7 GDPR

Related Enforcement Actions (0)

No other enforcement actions found for CHATWITH.IO WORLDWIDE, S.L. in ES

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

ANSPDCP

2025 · Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

CNIL

2019 · Court of Justice of the European Union

Details

Fine Date

23 September 2023

Authority

Agencia Española de Protección de Datos

Fine Amount

€12,000

Enforcement Tracker ID

ETid-2104

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified
Cookie relevance: 100%

Cite as: Cookie Fines. CHATWITH.IO WORLDWIDE, S.L. - Spain (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: