Multiple website operators – €178,000 Fine (Czech Republic, 2023)

€178,000Úřad pro ochranu osobních údajů2 August 2023Czech Republic
final
Fine

Multiple website operators in the Czech Republic were fined a total of EUR 178,000 for various cookie-related violations. This ruling signals that companies must improve their cookie consent practices to avoid penalties.

What happened

Website operators were fined for failing to provide clear cookie consent options and using misleading banners.

Who was affected

Website visitors who encountered these cookie practices were affected.

What the authority found

The Czech DPA found that the operators did not comply with GDPR requirements for cookie consent and transparency.

Why this matters

This case emphasizes the need for clear and user-friendly cookie consent mechanisms. Website operators should review their cookie policies to ensure they are compliant with privacy laws.

Source verified 3 April 2026
articles corrected
national law identified
amount discrepancy
Czech Republic enforcementÚřad pro ochranu osobních údajů actionsAll Multiple website operators actions
Full Legal Summary
Detailed

In the period from January 2023 to July 2023, the Czech DPA imposed fines totaling EUR 178,000, with the highest fine being EUR 36,000. These fines were imposed due to unlawful processing of personal data in relation to cookies. The types of violations vary. Given examples are: Insufficient legal basis, insufficient compliance with information obligations or design issues. The DPA emphasizes that it will not publish individual fines due to the non-public nature of administrative proceedings.

Violations (10)

No Reject Button
critical

Cookie banner does not provide a clear reject/refuse all button at the same level as the accept button.

Art. 7 GDPR

Reject Harder Than Accept
critical

Refusing cookies requires more clicks or steps than accepting them, or the reject option is less visually prominent.

Art. 7 GDPR

Pre-ticked Consent Boxes
high

Cookie consent checkboxes are pre-selected by default, violating the requirement for active, affirmative consent.

Art. 4(11) GDPR

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Cookies Persist After Rejection
critical

Tracking cookies remain active or are re-placed even after the user explicitly rejects them.

Art. 6(1) GDPR

Third-Party Cookies Without Consent
critical

Third-party tracking cookies or scripts are loaded without obtaining prior user consent.

Art. 13, 14 GDPR

Unclear Cookie Information
high

The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.

Art. 12, 13 GDPR

Misleading Banner Messaging
critical

The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).

Art. 7 GDPR

No Granular Cookie Choice
high

Users cannot select or deselect individual cookie categories; consent is presented as all-or-nothing.

Art. 4(11) GDPR

Cannot Withdraw Cookie Consent
critical

No accessible mechanism exists for users to withdraw previously given cookie consent.

Art. 7(3) GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Multiple website operators in CZ

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

unknown (claimant)

2021 · DPA OLGLinz

Details

Fine Date

2 August 2023

Authority

Úřad pro ochranu osobních údajů

Fine Amount

€178,000

Enforcement Tracker ID

ETid-2592

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified
Cookie relevance: 100%

Cite as: Cookie Fines. Multiple website operators - Czech Republic (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: