Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Croatia: AZOP imposes fines totaling €35,000 on two unnamed entities for unlawful use of cookies

On April 22, 2024, the Personal Data Protection Agency (AZOP) published a summary of its decisions in which it issued fines of €15,000 and €20,000 on two unnamed entities in the gambling and betting activities sector for violations of the General Data Protection Regulation (GDPR).

Background to the decision

AZOP highlighted that both data controllers unlawfully processed the personal data of respondents through the use of cookies.

Findings of the AZOP

AZOP found, among other things, that:

  • both data controllers collected and processed the personal data of the respondents through cookies without allowing them to give or withdraw their consent, in violation of Articles 6(1)(a) and 7 of the GDPR;
  • neither of the data controller's privacy notices had information about the legal basis, groups/types of cookies, the function/purpose of each cookie, or the cookie storage period, in violation of Articles 13(1) and 13(2) of the GDPR; and
  • the data controller that was fined €20,000 processed the respondents' personal data when the website was loading and when the respondents had not given consent to the collection of individual cookies, in violation of Article 5(1) of the GDPR.


In light of the above, AZOP issued fines of €15,000 and €20,000 on the unnamed entities. 

You can read the summary of the decision, only available in Croatian, here.