Buy Now, Pay Later (BNPL) pioneer Klarna has been handed a SEK7.5 million (£574,000 fine) for violating the EU's General Data Protection Regulation (GDPR) rules.

On Monday, Sweden's Administrative Court of Appeal ruled in favour of the Swedish Authority for Privacy Protection (IMY), formerly the Swedish Data Protection Agency (SDPA), which said in March 2022 that Klarna had not complied with GDPR rule around how it informs users about its handling of their personal data.

The court concluded that Klarna failed to give clients sufficient information about how it would store their personal data and that the privacy notes were unclear or difficult to access. The case specifically related to privacy notes used between March and June 2020, though Klarna has since updated those terms and conditions.

GDPR compels companies to inform users and clients about how and why they handle personal data, including ‘the right to be forgotten' where individuals can make a request for erasure verbally or in writing.

Monday’s ruling restores the fine to the full amount originally sought by the SDPA after a lower court last year reduced the fine to SEK6 million (£459,000).

A spokesperson for the company told Reuters that it was “too early to comment” on the ruling. In response to the original report in 2022 Klarna said that the case revolved around the privacy information provided to clients, and that it had nothing to do with its actual data collection or handling processes.

---