, , , , ,

Klarna Email Blunder – Is it a breach of GDPR?

, , , , ,

What has just happened?

Multiple individuals have reported receiving marketing emails from Klarna, a ‘buy now, pay later’ service, despite never having signed up.

The Information Commissioners Office (ICO) have announced that they will make enquiries into Klarna, as many people complained after receiving the email.[1]

What does this mean?

Klarna is a Swedish financial company that allows people to make a purchase now but pay for it in 30 days’ time. Klarna is available on many sites, including beauty stores, fashion, footwear and even animal and pet supplies. They are available on some market giants, such as ASOS and Topshop.

When we as consumers sign up to a new service, we grudgingly accept the (often unwanted) marketing emails that come with the territory, but the idea that a company that we have never signed up to has access to our emails is a cause for concern.

Companies having access to our email without consent is a GDPR issue, which begs the question, if they have access to non-customer emails, what other information of ours do they have access to?

One twitter user asked “who sold them my email”[2], and many have questioned whether someone has sold or given access to Klarna to non-consenting individuals’ information.

In terms of privacy issues, how can we as consumers protect ourselves from this sort of thing?

What does this mean for the legal sector?

Klarna apologized and said “the email was sent to Klarna consumers who have recently used one of Klarna’s products or services including checkout technology”[3]

They later addressed the claims of those who stated that they had never used Klarna and still received the email, stating “we are currently investigating how this happened, and will take all necessary action to ensure nothing like this can happen again in the future”.[4]

This does not really answer the question of how they gained the personal information of people who have never used Klarna, but the ICO investigation may uncover some information on this.

The ICO told the BBC that “businesses should only contact individuals for electronic marketing purposes where consent has been provided or, in limited circumstances, where they have an existing relationship with a customer”.[5]

This recent fiasco could lead to potential lawsuits, if it is uncovered that a company sold or gave the data to Klarna without consumer consent, this leaves them liable to lawsuits for data breaches.

This could potentially damage the reputation of Klarna, a company currently valued at $10 billion[6], and could possibly expose a breach of privacy laws.

If Klarna has breached general data protection regulation, they could face a very large fine. The fine could be up to $29.6 million.[7

Klarna is already under investigation from the Advertising Standards Authority due to claims “its marketing drives young people into debt without making them aware of the risks involved”.[8]

Despite Klarna not conceding that there had been any unlawfully processed customer data, this large fine combined with the other existing investigation could be potentially fatal for the company.

The ICO investigation should remind companies that consumers are becoming more and more vigilant in ensuring that their data is used properly. “This incident speaks to wider issues about the security of data processing and transparency”.[9]

In this era, we as consumers have limited control over where our data ends up, but with the recent introduction of the Data Protection Act 2018, consumers are more entitled to question the holding, protection and exploitation of their personal information, including marketing emails such as the one in question.

Written by Lucy Stone

Assessing Firms:

Bird and Bird LLP, Bristows LLP, Dentons, Fieldfisher, Hunton Andrews Kurth LLP, Linklaters LLP, Allen and Overy LLP, Baker McKenzie, Covington and Burling LLP, DLA Piper, Eversheds Sutherland (International) LLP, Hogan Lovells International LLP, Latham and Watkins, PwC LLP, Taylor Wessing LLP.

References:

[1] Dearbail Jordan ‘Privacy Watchdog to probe Klarna after email backlash’ (BBC News, 13th October 2020) < https://www.bbc.co.uk/news/business-54521820>

[2] Tweeted by Christine Armstrong (@CArmstrongLDN) on October 12th

[3] Dearbail Jordan ‘Privacy Watchdog to probe Klarna after email backlash’ (BBC News, 13th October 2020) < https://www.bbc.co.uk/news/business-54521820>

[4] Ibid

[5] Dearbail Jordan ‘Privacy Watchdog to probe Klarna after email backlash’ (BBC News, 13th October 2020) < https://www.bbc.co.uk/news/business-54521820>

[6] https://www.klarna.com/international/press/klarna-announces-650m-funding-round-to-further-accelerate-global-growth/

[7] Ruby Hinchliffe ‘Klarna under investigation by UK regulator for “unsolicited” emails’ (Fintech Futures, 15th October 2020)

[8] Ibid 8

[9] Caroline Boyle ‘Klarna Marketing Mishap’ (Briefed.pro 15th October 2020)

Disclaimer: This article (and any information accessed through links in this article) is provided for information purposes only and does not constitute legal advice.