Klarna fined over £570,000 for GDPR violations

Buy Now, Pay Later (BNPL) pioneer Klarna has been handed a SEK7.5 million (£574,000 fine) for violating the EU's General Data Protection Regulation (GDPR) rules.

On Monday, Sweden's Administrative Court of Appeal ruled in favour of the Swedish Authority for Privacy Protection (IMY), formerly the Swedish Data Protection Agency (SDPA), which said in March 2022 that Klarna had not complied with GDPR rule around how it informs users about its handling of their personal data.

The court concluded that Klarna failed to give clients sufficient information about how it would store their personal data and that the privacy notes were unclear or difficult to access. The case specifically related to privacy notes used between March and June 2020, though Klarna has since updated those terms and conditions.

GDPR compels companies to inform users and clients about how and why they handle personal data, including ‘the right to be forgotten' where individuals can make a request for erasure verbally or in writing.

Monday’s ruling restores the fine to the full amount originally sought by the SDPA after a lower court last year reduced the fine to SEK6 million (£459,000).

A spokesperson for the company told Reuters that it was “too early to comment” on the ruling. In response to the original report in 2022 Klarna said that the case revolved around the privacy information provided to clients, and that it had nothing to do with its actual data collection or handling processes.



Share Story:

Recent Stories


The human firewall: Activating employees to safeguard financial data
As financial services increasingly embrace SaaS and cloud-based technologies, they face emerging threats to safeguard sensitive customer data. While comprehensive IT security measures are essential, the active involvement of employees across organisations is pivotal in ensuring the protection of sensitive data.

Building a secure financial future for instant payments: The convergence of ISO 20022 and fraud detection
The financial landscape is rapidly evolving its approach to real-time transactions under the ISO 20022 standard, and financial institutions must take note. With examples such as the accelerated adoption of SEPA Instant Credit Transfers in Europe and proposed New Payment Architecture (NPA) programme in the UK, the need for swift and effective fraud detection is more crucial than ever.

Data Streaming and Consumer Duty: Transforming customer experience in banking
Introduced at the end of July, the Consumer Duty is a game-changing new set of rules and guidance for financial services institutions in the UK, and companies must look to modernise their systems in adherence with it in mind to create the best customer experience possible.

From insight to action: Empowering financial institutions through advanced technology and collaborative information sharing
The use of Information sharing in enhancing financial crime prevention has been universally agreed as being beneficial. However no-one has been able to agree on how information can be shared safely without breaching data protection laws or having the right systems to facilitate this, Information sharing has re-emerged as a major consideration for financial institutions (FIs) ahead of the Economic Crime and Corporate Transparency Bill being made into law in the UK.