Aviziero SRL, a Romanian online platform serving property owners’ associations, has been sanctioned by the country’s data protection regulator for failing to obtain proper user consent before deploying cookies on its website.
Romania’s National Supervisory Authority for Personal Data Processing (ANSPDCP) issued a 5,000 RON fine against the PropTech company for violations related to cookie usage and information disclosure. The infraction represents a breach of fundamental data protection principles that have become increasingly scrutinized across Europe.
Details of the Violation
The regulatory action centers on Aviziero’s unauthorized storage of user information and access to data stored on visitors’ devices when accessing the company’s website. According to ANSPDCP’s findings, the operator permitted such data collection practices in contravention of Romanian data protection law.
The authority stated in its decision: “The operator was found to have permitted the storage of information and access to information stored on users’ devices at the moment of accessing the website it operates, in violation of the provisions of Article 4, paragraph (5), letters a) and b) of Law No. 506/2004,” as communicated by ANSPDCP.
Regulatory Context
The fine underscores the importance of cookie consent mechanisms that have become standard compliance requirements following the implementation of the ePrivacy Directive across the European Union. Romanian law, which incorporates these European standards, mandates explicit user consent for non-essential cookies before any data collection takes place.
The distinction between essential and non-essential cookies remains critical for digital services. While essential cookies may function without prior authorization, those used for analytics, marketing, or user tracking require affirmative consent from website visitors. The violation suggests Aviziero deployed such tracking mechanisms without adequate disclosure or permission mechanisms in place.
Broader Implications
The case reflects a broader pattern of enforcement actions targeting digital platforms that underestimate data protection obligations. Across the European startup ecosystem, companies operating digital services face mounting regulatory scrutiny regarding cookie policies and user consent implementations. Similar enforcement actions have been documented in other EU member states, where fines have ranged substantially higher for comparable violations.
For Romanian startups and the broader PropTech sector, the Aviziero case serves as a reminder of the importance of embedding data protection compliance into product development from inception. Implementing compliant cookie consent tools, maintaining transparent privacy policies, and obtaining explicit user authorization have transitioned from optional best practices to fundamental legal requirements.
The incident also highlights how regulatory bodies across Europe are actively monitoring digital platforms to ensure they meet established privacy standards, regardless of company size or sector specialization.