Natural Person – €10,000 Fine (Romania, 2026)

€10,000Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal30 January 2026Romania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Romanian individual was fined €10,000 for running a website that published sensitive personal data without proper consent. This case is important because it shows that individuals can also be held accountable for privacy violations. Anyone operating a website must ensure they handle personal data responsibly and comply with privacy laws.

What happened

The individual operated a website that published identity cards containing sensitive personal information without a legal basis.

Who was affected

Individuals whose personal data, including sensitive information, was published on the website.

What the authority found

The Romanian DPA ruled that the individual failed to have a valid legal basis for processing the data and did not respond to deletion requests.

Why this matters

This ruling highlights that website operators must take data protection seriously. It sets a precedent that individuals can face significant fines for mishandling personal data.

GDPR Articles Cited

AI-verified

Art. 5(GDPR)
Art. 6(GDPR)
Art. 9(GDPR)
Art. 10(GDPR)
Art. 13(GDPR)
Art. 14(GDPR)
Art. 12(3) GDPR
Art. 17(1) GDPR
Art. 58(1) GDPR
View original scraped data
Art. 5(GDPR)
Art. 6(GDPR)
Art. 9(GDPR)
Art. 10(GDPR)
Art. 12(3) GDPR
(4) GDPR
Art. 13(GDPR)
Art. 14(GDPR)
Art. 17(1) GDPR
Art. 58(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 14 March 2026
articles corrected
amount discrepancy
Romania enforcementAutoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal actionsAll Natural Person actions
Full Legal Summary
Detailed

The Romanian DPA has imposed a fine of EUR 10,000 on a natural person. The controller operated a website on which identity cards containing personal data, including special category data, possible criminal convictions, data on the intimate lives of data subjects and possible debts, were published. The processing of this data was not based on a sufficient legal basis, and the controller did not ensure that the data was correct, complete or transparent. Furthermore, the controller did not adequately respond to requests by data subjects to delete their data. Furthermore, the DPA found that the controller did not provide the necessary information on its website, nor did it respond to requests from the DPA.

Related Enforcement Actions (1)

Other enforcement actions involving Natural Person in RO

Fine
Feb 2021· Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

The Romanian DPA (ANSPDCP) started an investigation after receiving a complaint against an individual who held the office of Secretary-General in a su...

€500
Current
Jan 2026

Fine

€10K

Details

Fine Date

30 January 2026

Authority

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal

Fine Amount

€10,000

Enforcement Tracker ID

ETid-3014

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Natural Person - Romania (2026). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: