BORJAMOTOR, S.A. received a complaint from a customer who expressed their objection to the company's processing of their personal data for direct marketing purposes via email. Despite this objection, the customer continued to receive emails with offers from the company, at a reduced frequency. BORJAMOTOR, S.A. was found to have used a deceptive pattern known as "hard to cancel", which made it difficult for customers to cancel their subscription to the company's marketing emails.
Borjamotor, S.A. was fined by the Spanish DPA (AEPD) for violating Article 7 GDPR and Article 21(1) of the Spanish Law on Information Society Services (LSSI). The AEPD enforced a penalty of €4000 for each infringement against the defendant, resulting in a total fine of €8000. However, the defendant opted to take advantage of the reduction for voluntary payment offered by Spanish administrative law and ultimately paid a fine of €4800.
Borjamotor, S.A. and A.A.A (data subject)
Related deceptive patterns
Hard to cancel (aka "Roach Motel") is a deceptive pattern where it is easy to sign up for a service or subscription, but very difficult to cancel it. This typically involves hiding the cancellation option, requiring users to call customer services to cancel, and making the cancellation process overly complex and time-consuming. This can cause users to give up trying to cancel, and continue paying for the service for a longer period.
Valid consent conditions include being freely given, specific, informed, and unambiguous, and the data subject should be able to withdraw it anytime.
Prohibits the sending of commercial communications by email or other electronic means without the prior consent of the recipient.