Changeflow GovPing Data Privacy & Cybersecurity Fine 15,000 Lei for Violation of Law 506/2004 (...
Priority review Enforcement Amended Final

Fine 15,000 Lei for Violation of Law 506/2004 (Cookies)

Favicon for www.dataprotection.ro Romania ANSPDCP
Detected
Email

Summary

Romania's National Supervisory Authority for Personal Data Processing (ANSPDCP) issued a fine of 15,000 Lei against a controller for violating Law 506/2004, Romania's national transposition of the EU ePrivacy Directive, specifically concerning cookie usage requirements. The enforcement action was published on 11 September 2025 and represents an active penalty for non-compliance with electronic communications data protection obligations.

Why this matters

Organisations with Romanian-facing websites or online services should audit their cookie consent workflows against Law 506/2004 requirements: consent must be freely given, specific, informed, and unambiguous; pre-ticked boxes are not permitted; users must be able to withdraw consent as easily as they gave it. The 15,000 Lei fine — approximately €3,000 at current exchange rates — represents a moderate sanction for a first enforcement action on cookies, suggesting the ANSPDCP calibrates penalties to the nature and scale of the violation rather than applying a fixed schedule.

AI-drafted from the source document, validated against GovPing's analyst note standards . For the primary regulatory language, read the source document .
Published by ANSPDCP on dataprotection.ro . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .
View original document View source feed page

What changed

The ANSPDCP imposed a monetary fine of 15,000 Lei on a data controller for violations of Law 506/2004, Romania's law implementing the EU ePrivacy Directive (2002/58/EC) as regards the processing of personal data and the protection of privacy in electronic communications. The specific conduct constituting the violation is not detailed in the announcement.\n\nOrganisations operating websites, apps, or online services that target Romanian users should ensure their cookie consent mechanisms, cookie banners, and privacy notices meet the requirements of Law 506/2004. The fine amount signals that the ANSPDCP applies meaningful financial penalties for cookie non-compliance, even for first-time enforcement actions of this nature. Controllers should review whether they have lawful bases for cookie placement and whether user consent — where required — meets the standards applied by the Romanian authority.

Archived snapshot

Apr 20, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

The National Supervisory Authority For Personal Data Processing

Mentioned entities

General Data Protection Regulation

Related changes

Favicon for www.dataprotection.ro Roumasport Fined €10,000 for GDPR Breach
Urgent Apr 20, 2026 Romania ANSPDCP Data Privacy & Cybersecurity
Favicon for www.dataprotection.ro CJEU Rules Online Marketplaces Are GDPR Data Controllers
Routine Apr 20, 2026 Romania ANSPDCP Data Privacy & Cybersecurity

Get daily alerts for Romania ANSPDCP

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.dataprotection.ro
Romania ANSPDCP dataprotection.ro/index.jsp?page=Home&lang=en
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from ANSPDCP.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
ANSPDCP
Instrument
Enforcement
Branch
Executive
Legal weight
Binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology
Activity scope
Cookie consent practices Online tracking compliance
Geographic scope
RO RO

Taxonomy

Primary area
Data Privacy
Operational domain
Compliance
Compliance frameworks
GDPR
Topics
Consumer Protection Telecommunications

Browse Categories

Agriculture & Food Safety 73 Banking & Finance 406 Consumer Protection 89 Courts & Legal 411 Data Privacy & Cybersecurity 89 Defense & National Security 53 Education 55 Energy 100 Environment 151 Gaming 2 Government & Legislation 430 Healthcare 15 Healthcare & Life Sciences 375 Immigration 10 Insurance 75 Labor & Employment 132 Pharma & Drug Safety 21 Professional Licensing 7 Real Estate & Housing 77 Securities & Markets 153 Tax 78 Telecom & Technology 50 Trade & Sanctions 141 Transportation 91

Get alerts for this source

We'll email you when Romania ANSPDCP publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!