New Fines for Violation of Cookie Rules in the Czech Republic

Sep 7, 2023

Since the beginning of this year, the Czech Data Protection Authority has issued fines totaling CZK 4,443,000 (approx. 185.000 EUR) to various website providers for breaches of the GDPR and national implementation of the ePrivacy Directive in connection with the processing of personal data via cookies.

The highest enforceable fine of CZK 898,000 was imposed on a company operating in the field of electronic communications, primarily for uploading cookies, which were used to process personal data for marketing purposes, to end users’ devices without their consent.

The most frequent or most significant violations of the GDPR identified by the Authority included:

  • Uploading cookies to end users’ devices without their consent (in the case of cookies, which are not covered by the exemption under ePrivacy Directive);
  • Shortcomings in consent to the processing of personal data (e.g. in terms of sufficient information to users);
  • Insufficient fulfilment of the information obligation (insufficient classification of individual cookies or information available only in English);
  • The impossibility (or significant complication) of withdrawing consent to the processing of personal data through cookies;
  • Placement of options for “consent” and “opt-out” with the processing of personal data through cookies in different layers within the cookie banner, whereby the visitor is influenced to give consent (so-called DDP – Deceptive Design Pattern);
  • The cookie banner either does not react or does not react sufficiently to the individual settings of the processing of personal data via cookies.

Recent news

EFDPO Conference. 13 & 14 May 2025, Berlin

EFDPO Conference. 13 & 14 May 2025, Berlin

One of EFDPO’s goals is to create a European network of national associations for the exchange of information, experience and methods, and to improve the quality of training and professional practice.

read more
EFDPO session at Privacy Days Prague 2024

EFDPO session at Privacy Days Prague 2024

2024We would like to invite you to the 8th year of the traditional privacy conference organized by the Czech Data Protection Association. The conference is divided into two days, the first day will be held only in English (EFDPO session), the second day exclusively in...

read more