Klarna Faces $733,000 Fine for GDPR Information Shortcomings

Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.

A Swedish court of appeal has ruled that Klarna, a Swedish payments group, has been fined 7.5 million crowns ($733,324) for violating the EU’s General Data Protection Regulation (GDPR). The court stated that Klarna had failed to provide sufficient information to its clients, regarding how the platform would store their data, adding that the data was difficult and unclear to access.

Klarna Faces Penalties For Privacy Note Issues

According to an earlier statement by Klarna, the case pertained to privacy notes utilized between March and June 2020, which have subsequently been updated to a buy now, pay later financial services firm.

A spokesperson from the Klarna told Reuters on Monday that the firm had just received the court’s verdict, and it was too early to provide any comment.

Under the European Union’s GDPR, firms are officially obliged to inform clients and users about why and how they handle personal data, alongside its collection process and for how long it can be stored.

On Monday, Sweden’s Administrative Court of Appeal raised the penalty to the initial amount of 7.5 million crowns, initially required by the Swedish Data Protection Agency (SDPA). In the previous year, Klarna was ruled by a lower court, which imposed that the firm should pay 6 million crowns.

The GDPR’s Broad And Rigorous Nature Makes Compliance Challenging

Klarna highlighted that the case originated from an audit by the SDPA regarding the privacy data provided to clients in 2020, and was not associated with how the firm collects and manages data.

The General Data Protection Regulation (GDPR), passed and drafted by the European Union (EU), is the toughest security and privacy law in the globe. It also imposes obligations on entities targeting or collecting data related to individuals in the EU.

Established on May 25, 2018, the GDPR imposes severe fines on individuals who violate its security and privacy standards, with penalties amounting to millions of Euros.

With the GDPR, Europe is indicating its solid stance on data security and privacy during a period where more individuals are entrusting their personal information with cloud services.

The regulation is fairly light on specifics, far-reaching, and large, making GDPR compliance a discouraging prospect, mostly for small and medium-sized enterprises (SMEs).

With the advancement of technology and the invention of the Internet, the EU recognized the necessity for modern safeguards. So in 1995, it approved the European Data Protection Directive, setting up minimum data security and privacy standards, upon which each associate state based its legislation.


Ali is a professional journalist with experience in Web3 journalism and marketing. Ali holds a Master's degree in Finance and enjoys writing about cryptocurrencies and fintech. Ali’s work has been published on a number of leading cryptocurrency publications including Capital.com, CryptoSlate, Securities.io, Invezz.com, Business2Community, BeinCrypto, and more.