Changeflow GovPing Data Protection Data Protection Authority Fines iHUNT TECHNOLOG...
Priority review Enforcement Amended Final

Data Protection Authority Fines iHUNT TECHNOLOGY for Privacy Violations

Favicon for www.dataprotection.ro Romania ANSPDCP Press
Filed November 1st, 2025
Detected March 13th, 2026
Email

Summary

The National Supervisory Authority for Personal Data Processing in Romania has fined S.C. iHUNT TECHNOLOGY IMPORT-EXPORT SA 20,000 lei for violating data protection laws regarding cookie consent. The investigation found that the company stored non-essential cookies without user consent.

View original document View source feed page

What changed

The National Supervisory Authority for Personal Data Processing (ANSPDCP) has concluded an investigation into S.C. iHUNT TECHNOLOGY IMPORT-EXPORT SA, issuing a fine of 20,000 lei for violations of Law no. 506/2004 concerning personal data processing and privacy in electronic communications. Specifically, the authority found that the company's website stored cookies that were not technically necessary for users without obtaining their prior express consent and providing complete information, thereby contravening Article 4 paragraph (5) letters a) and b) of the law.

This enforcement action highlights the critical importance of obtaining explicit user consent for non-essential cookies and ensuring transparent information practices. Companies operating in Romania, particularly those with online presences, must review their cookie policies and implementation to ensure compliance with data protection regulations. Failure to do so may result in significant fines and reputational damage. While no specific compliance deadline is mentioned beyond the investigation's conclusion in November 2025, entities should ensure their practices are immediately compliant.

What to do next

  1. Review website cookie practices to ensure compliance with consent requirements.
  2. Verify that only technically necessary cookies are stored without explicit consent.
  3. Ensure clear and complete information is provided to users regarding cookie usage.

Penalties

20,000 lei fine

Source document (simplified)

22.12.2025

Fine for violating Law no. 506/2004

The National Supervisory Authority for Personal Data Processing completed, in November 2025, an investigation at the controller S.C. iHUNT TECHNOLOGY IMPORT-EXPORT SA and found a violation of the provisions of Article 4 paragraph (5) letters a) and b) of Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector.

As such, the controller was fined a fine of 20,000 lei.

The investigation was initiated following a complaint from an individual regarding a possible violation of the provisions of the legislation in the field of personal data protection.

During the investigation, the National Supervisory Authority for Personal Data Processing found that, on the website owned by the controller, cookies were stored that were not technically necessary on the users' equipment, without providing correct and complete information and without the prior express consent of the data subjects.

It was found that the controller allowed the storage of information and the obtaining of access to the information stored on the users’ equipment, when accessing the owned site, through certain cookies modules that were not technically necessary, installed in the user’s terminal before expressing his/her consent option.

As such, the controller was fined for violating the provisions of Article 4 paragraph (5) letters a) and b) of Law no. 506/2004, according to which the storage of information or obtaining access to the information stored in the terminal equipment of a subscriber or user, is permitted only with the cumulative fulfillment of the conditions provided for in this paragraph.

Legal and Communication Department

A.N.S.P.D.C.P

Related changes

Favicon for www.gov.uk Export Licence Transmission Issue Resolved
Routine Mar 14, 2026 ECJU Notices to Exporters Trade & Export
Favicon for www.gov.uk Humanitarian Assistance Exception Notification for Petroleum Products
Priority review Mar 13, 2026 OFSI All Publications Trade & Export
Favicon for www.apra.gov.au APRA Releases Quarterly ADI Statistics for December 2025
Routine Mar 13, 2026 news-and-publications Government
Favicon for www.priv.gc.ca Privacy Commissioner concludes Loblaw loyalty program investigation
Priority review Mar 13, 2026 Canada OPC News & Actions Government
Favicon for www.priv.gc.ca Global Data Protection Authorities Statement on AI Imagery Privacy
Priority review Mar 13, 2026 Canada OPC News & Actions Government
Favicon for www.priv.gc.ca Privacy Commissioner Recommends Bill C-4 Amendments for Political Party Privacy
Priority review Mar 13, 2026 Canada OPC News & Actions Government

Source

Favicon for www.dataprotection.ro
Romania ANSPDCP Press dataprotection.ro/?page=Comunicate_de_presa&lang=en
Data Protection
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Various
Filed
November 1st, 2025
Instrument
Enforcement
Legal weight
Binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies
Geographic scope
National (Romania)

Taxonomy

Primary area
Data Privacy
Operational domain
Compliance
Topics
Consumer Protection Cybersecurity

Browse Categories

Federal Courts 26 State Courts 91 Securities Regulation 6 Financial Regulation 43 Consumer Protection 5 Drug Safety 45 Data Protection 21 Competition 2 Attorneys General 3 Insurance Regulation 5 Trade & Export 36 Legislation 42 Energy Regulation 13 Environment 3 Labor & Employment 2 Tax 1

Get Data Protection alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when Romania ANSPDCP Press publishes new changes.

Free. Unsubscribe anytime.