Multiple website operators – €178,000 Fine (Czech Republic, 2023)
Multiple website operators in the Czech Republic faced fines for not properly handling cookie consent and tracking users without permission. This is significant because it shows that companies must be clear and honest about how they use cookies. It serves as a wake-up call for website operators to improve their consent practices.
What happened
Multiple website operators were fined for various violations related to cookie consent and tracking user data without proper permission.
Who was affected
Website visitors who encountered misleading cookie banners and tracking practices were affected by these violations.
What the authority found
The Czech data protection authority found that the operators violated GDPR by failing to provide clear and valid consent options for cookies.
Why this matters
This ruling highlights the necessity for website operators to ensure transparency and compliance with cookie consent regulations to avoid hefty fines.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
In the period from January 2023 to July 2023, the Czech DPA imposed fines totaling EUR 178,000, with the highest fine being EUR 36,000. These fines were imposed due to unlawful processing of personal data in relation to cookies. The types of violations vary. Given examples are: Insufficient legal basis, insufficient compliance with information obligations or design issues. The DPA emphasizes that it will not publish individual fines due to the non-public nature of administrative proceedings.
Violations (10)
Cookie banner does not provide a clear reject/refuse all button at the same level as the accept button.
Art. 7 GDPR
Refusing cookies requires more clicks or steps than accepting them, or the reject option is less visually prominent.
Art. 7 GDPR
Cookie consent checkboxes are pre-selected by default, violating the requirement for active, affirmative consent.
Art. 4(11) GDPR
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Tracking cookies remain active or are re-placed even after the user explicitly rejects them.
Art. 6(1) GDPR
Third-party tracking cookies or scripts are loaded without obtaining prior user consent.
Art. 13, 14 GDPR
The cookie banner or cookie policy provides vague, incomplete, or unclear information about what cookies are used and why.
Art. 12, 13 GDPR
The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).
Art. 7 GDPR
Users cannot select or deselect individual cookie categories; consent is presented as all-or-nothing.
Art. 4(11) GDPR
No accessible mechanism exists for users to withdraw previously given cookie consent.
Art. 7(3) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Multiple website operators in CZ
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
2 August 2023
Authority
Úřad pro ochranu osobních údajů
Fine Amount
€178,000
Enforcement Tracker ID
ETid-2592
About this data
Cite as: Cookie Fines. Multiple website operators - Czech Republic (2023). Retrieved from cookiefines.eu
Last updated: