Mr. A.A.A. (Claimant) v. Just Landed, S.L.

Just Landed, a Spanish entity, has been fined by the Spanish DPA for having a privacy policy written only in English and not providing a mechanism to accept, reject or manage cookies.

The Spanish DPA has fined the entity behind the URL.1 website for violating GDPR and LOPDGDD regulations. The website's privacy policy was written only in English, despite the entity being located in Spanish territory which amounts to language discontinuity. Additionally, the website did not have a banner or notice related to the existence of cookies, and there was no link or mechanism for users to accept, reject or manage cookie installation. Cookies were loaded automatically without any prior action, amounting to forced action. These deceptive patterns violate article 13 of the GDPR, which requires the provision of information to interested parties at the time of data collection.

The outcome is a €3,000 sanction for improper use of data storage and recovery devices without consent. JUST LANDED, SL must include a Spanish "privacy policy" and information on cookies, with a mechanism for users to manage preferences. They must also ensure cookies are not installed unnecessarily. Failure to comply may result in a €30,000 fine.

Mr. A.A.A. (Claimant) and Just Landed, S.L.