Court case Us I-4570/2023-5 – Court Ruling (Croatia, 2026)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Croatian court case involved a company that used CCTV without proper signage to inform people. This is significant because it reinforces the need for clear communication about surveillance practices.
What happened
The company used CCTV without displaying required notices to inform individuals about the surveillance.
Who was affected
People entering the company's premises who were unaware of the CCTV monitoring.
What the authority found
The court found that the company did not comply with legal requirements for video surveillance notification.
Why this matters
This case highlights the importance of transparency in surveillance practices, urging companies to ensure proper signage is in place.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The DPA had found that the controller had infringed Article 27 ZPOUZP by using CCTV inside and outside its premises without displaying a video-surveillance notice at the latest upon entry into the recording perimeter. ZPOUZP is the Croatian Act on the Implementation of the GDPR. Article 27 of this Act specifically regulates processing of personal data via video surveillance.The contested decision had further found that the controller had failed to display all relevant information required under Article 27(2) ZPOUZP, namely information about the controller and contact details through which data subjects could exercise their rights. The DPA imposed a fine €3,500 to the controller. The controller appealed this decision before the Administrative Court of Zagreb. The controller contested the legality of the DPA’s decision and requested its annulment. It argued that, as the DPA itself had acknowledged, there were several notices informing data subjects of the existence of video surveillance in the area. Therefore, according to the controller, it was incorrect to conclude that the notices were not visible upon entry into the recording perimeter. Regarding the contact point through which data subjects could exercise their rights, the controller further argued that it had clearly and sufficiently indicated that another entity, acting as processor, had been entrusted with the processing of the relevant personal data on its behalf. It pointed out that the processor’s phone number and email address had been provided. The DPA argued that it had correctly applied the law to the facts of the case. It acknowledged that several CCTV notices existed, but emphasised that the indication that the building was under video surveillance had to be visible no later than upon entry into the recording perimeter. In the controller’s case, the DPA considered that the first video-surveillance notice had been placed in such a way that data subjects would already be within a camera’s field of view
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case Us I-4570/2023-5 in HR
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case Us I-4570/2023-5 - Croatia (2026). Retrieved from cookiefines.eu
Last updated: