SPAIN Trends and Developments Contributed by: Alfonso López-Ibor, Pablo Henriquez de Luna, Virginia Jover and Carmen Serrano, López-Ibor DPM
completing a sale). Courts often interpret participation in such schemes as evidence of the consumer’s lack of caution. Case law supporting the trend To illustrate this shift are several recent rulings from various Provincial Courts, particularly the Audiencia Provincial of A Coruña, which has shown support for financial institutions. • Judgment No 377/2024, 3rd Section, A Coruña, 17 July 2024: “Negligence is the absence of due care. Clicking on a fraudulent link and entering personal credentials is undeniably negligent. The legal debate centres on whether such negligence can be deemed ‘gross,’ and in this case, the answer must be affirmative[...].”Judgment No 155/2025, 9th Section, Madrid, 8 April 2025: compilation of multiple rulings, including: (a) No 398/2022 (A Coruña): gross negligence found where the consumer directly provided the scammer with card and banking creden- tials; (b) No 249/2022 (Barcelona): lack of due care in downloading an app via a fraudulent email; (c) No 305/2021 (Badajoz): gross negligence in responding to a suspicious email and failing to safeguard credentials; and (d) No 112/2023 (A Coruña): gross negligence where the consumer allowed third-party access to their computer and online banking while knowing authentication codes were being sent to a compromised phone. Although the Supreme Court has yet to directly address the concept of gross negligence under RD Law 19/2018, Provincial Courts appear to be form- ing a consistent line demanding a minimum level of diligence from consumers in digital communications and transactions. From a practical perspective, this evolution in judicial reasoning requires both financial institutions and con- sumers to adopt a more preventive and educational approach. Banks are now prioritising customer aware- ness campaigns, emphasising the risks of sharing cre- dentials or interacting with unverified digital channels. At the same time, consumers must assume an active
role in safeguarding their data, understanding that the use of online platforms entails inherent responsibili- ties. This new paradigm highlights the importance of digital literacy and shared accountability, aiming to strength- en confidence in electronic payment systems while reducing the overall incidence of cyber fraud. New developments in ADR mechanisms affecting these proceedings Before concluding, it is important to mention the recent enactment of Organic Law 1/2025, of 2 Janu- ary, on efficiency measures for the Public Justice Service. Its Seventh Additional Provision introduces flexibility in satisfying the procedural requirement to attempt ADR prior to filing a claim. According to this provision, in consumer-related pro- ceedings, it is sufficient to show that the consum- er submitted a prior out-of-court complaint to the company or professional without receiving a timely response, as required under the applicable special legislation. In practice, this requirement is typically met through a burofax sent by the consumer or by an association on their behalf. Courts are not overly strict in assessing compliance. Therefore, it is sufficient for such a complaint to be sent by any reliable means that confirms delivery, without the need for specific formats or content. This allows phishing-related claims to be processed more efficiently, reducing litigation and shortening the time- frames for judicial recourse. Conclusion The aim of this article has been to present, in a didac- tic way, how a change has been detected in the pre- vailing trend to date – a trend of attributing responsi- bility to banking institutions in almost all cases, in the form of a quasi-objective liability. Although the Supreme Court has not formally con- firmed this change, the authors view it as both nec- essary and positive. While consumer protection laws favour the weaker party in legal relationships,
1063 CHAMBERS.COM
Powered by FlippingBook