On August 6, 2025, the Cluj Tribunal dismissed a complaint from a company in the healthcare sector. The company had been fined by the Romanian Data Protection Authority (DPA) and was contesting this fine.
As a background, the DPA had fined the company approximately EUR 2,000 (in RON equivalent) for storing cookies on users’ devices via its website without obtaining their prior explicit consent and without providing proper information about the use of these cookies. Additionally, the DPA had issued a reprimand to the company for failing to provide complete information to data subjects whose personal data was collected and processed through the website.
Moreover, the company was also required to take specific corrective actions. These included actively implementing measures to obtain users’ explicit consent and inform them clearly before placing cookies on their devices. Additionally, the DPA required the company to provide clear and easy-to-understand information about how personal data is used throughout its website, mainly in the local language.
The court’s detailed reasoning for its decision is not yet available. It is also worth noting that this decision can still be challenged before the Cluj Court of Appeals.
