Hotel – €45,000 Fine (Croatia, 2024)

€45,000Agencija za zaštitu osobnih podataka13 September 2024Croatia
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Two hotels in Croatia were fined for using cookies to collect personal data without proper consent. This ruling is important because it reinforces the need for businesses to obtain clear permission before tracking users online. Hotels must ensure they inform guests about cookie usage to comply with data protection laws.

What happened

The Croatian DPA fined two hotels for unlawfully processing personal data through cookies without obtaining consent.

Who was affected

Guests who interacted with the hotels' websites were affected by the cookie tracking.

What the authority found

The DPA ruled that the hotels violated GDPR by not providing clear information about their cookie practices and failing to obtain consent before placing cookies.

Why this matters

This case serves as a reminder for all businesses to ensure they have proper consent mechanisms in place for cookie usage. Companies should review their cookie policies to avoid similar penalties.

GDPR Articles Cited

AI-verified

Art. 5(1)(e) GDPR
Art. 6(1) GDPR
Art. 12(1) GDPR
Art. 13(1)(c) GDPR
Art. 13(2)(a) GDPR
Art. 13(2)(b) GDPR
Art. 28(3) GDPR
Art. 32(1)(b) GDPR
Art. 33(1) GDPR
Art. 38(1) GDPR
View original scraped data
Unknown

Original data from scraper before AI verification against source document.

Source verified 4 April 2026
articles corrected
amount discrepancy
scope corrected
Croatia enforcementAgencija za zaštitu osobnih podataka actionsAll Hotel actions
Full Legal Summary
Detailed

The Croatian DPA (AZOP) has imposed a fine of EUR 45,000 on two hotels for unlawfully processing personal data through the use of cookies.

Violations (2)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Unclear Cookie Information
high

The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.

Art. 12, 13 GDPR

Related Enforcement Actions (2)

Other enforcement actions involving Hotel in HR

Fine
Sept 2023· Agencija za zaštitu osobnih podataka

A data subject wanted to book accommodation in an hotel, the controller, which offered three options to do so on its website: through an external serv...

€15K
Fine
Sept 2023· Agencija za zaštitu osobnih podataka

The Croatian DPA (AZOP) has imposed of fine of EUR 15,000 to a hotel. The hotel was collecting personal data from guests in excess of what would have ...

€15K
Current
Sept 2024

Fine

€45K

Similar Cases

Enforcement actions with similar violations

Minister for Legal Protection

2022 · DPA RbOverijssel

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

CNIL

2019 · Court of Justice of the European Union

Details

Fine Date

13 September 2024

Authority

Agencija za zaštitu osobnih podataka

Fine Amount

€45,000

Enforcement Tracker ID

ETid-2496

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Hotel - Croatia (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: