In a recent ruling, a Swedish court of appeal has mandated Klarna, to pay a substantial fine of nearly three quarters of a million dollars for breaching the European Union’s General Data Protection Regulation (GDPR). The fine, totaling SEK 7.5 million ($733,000), stems from Klarna’s failure to adequately inform customers about its handling of personal data, as mandated by GDPR.
The Swedish Authority for Privacy Protection (IMY) imposed the initial fine in March 2022 after finding that Klarna had not provided sufficient information to users regarding the storage of their personal data. The violations were related to privacy notices utilized by Klarna between March and June 2020. Despite the penalty, Klarna contested the decision, asserting that the language in the privacy notes was ambiguous.
Initially, a lower court had reduced the fine to SEK 6 million. However, the Administrative Court of Appeal has now reinstated the original penalty of SEK 7.5 million, aligning with the initial demand by IMY. Klarna has yet to issue a formal response to the recent ruling, with a company spokesperson indicating that it is “too early to comment” on the matter.
This ruling underscores the importance of compliance with GDPR regulations, which aim to safeguard the privacy and data rights of individuals within the European Union. As data protection regulations continue to evolve and enforcement actions increase, companies operating within the EU must prioritize comprehensive data governance and transparency to avoid costly penalties and maintain consumer trust.