Klarna has been ordered to pay a fine of approximately 7.5 million SEK (around $733,000) for breaching the EU’s General Data Protection Regulation (GDPR), as determined by a Swedish court of appeal.
The Swedish Authority for Privacy Protection (IMY) initially imposed the fine in March 2022, citing Klarna’s failure to adequately inform customers about how their personal data is stored. At that time, Klarna announced its intention to appeal, arguing that the privacy notices in question—used between March and June 2020—were “ambiguous.”
Subsequently, a court reduced the penalty to 6 million SEK, but the Administrative Court of Appeal has now reinstated the original fine of 7.5 million SEK as requested by the IMY. A spokesperson for Klarna stated to Reuters that it is “too early to comment” on the recent ruling.