Sweden

Klarna Bank AB

720,000 €

GDPR enforcement action by Data Protection Authority of Sweden on 2022-03-28.

Rank · Sector

#40

of 322 in Finance, Insurance and Consulting

Rank · Sweden

#13

of 46

Rank · All fines

#208

of 3,050

Case details

Authority: Data Protection Authority of Sweden
Date: 2022-03-28
Controller / Processor: Klarna Bank AB
Sector: Finance, Insurance and Consulting
Quoted Articles: Art. 5 (1) a) GDPR, Art. 5 (2) GDPR, Art. 12 (1) GDPR, Art. 13 (2) f) GDPR, Art. 14 (2) g) GDPR
Type of violation: Insufficient fulfilment of information obligations

Summary

The Swedish DPA has imposed a fine of EUR 720,000 on Klarna Bank AB.
Klarna is a financial company that processes a large number of personal data in various ways.

As part of its investigation, the DPA found that Klarna had not properly complied with its information obligations.

For example, Klarna did not provide sufficient information on its website about the purpose and legal basis for the processing of personal data.

In addition, with regard to the transfer of data to Swedish and foreign credit agencies, Klarna provided incomplete information about the recipients of the personal data.

Klarna also failed to provide information about third countries where personal data is transferred to.

Finally, the DPA found that Klarna insufficiently informed data subjects about their rights under the GDPR.