Sweden's Klarna fined $733,000 over insufficient GDPR information

COPENHAGEN (Reuters) -Swedish payments group Klarna must pay a fine of 7.5 million crowns ($733,324) for violating the EU's General Data Protection Regulation (GDPR) by not providing sufficient information to its users, a Swedish court of appeal ruled on Monday.

Klarna had failed to give clients sufficient information about how it would store their personal data, the court said in a statement, adding that the information was unclear or difficult to access.

The case concerned privacy notes used between March and June, 2020, which have since been updated, according to an earlier statement by Klarna, a buy now, pay later financial services company.

"We have just received the court's decision, and it is too early to comment," a company spokesperson told Reuters on Monday.

Under the European Union's GDPR, companies are legally obliged to inform users and clients about how and why they handle personal data, including how they collect it and for how long they store it.

Sweden's Administrative Court of Appeal on Monday raised the penalty back to the 7.5 million crowns originally sought by the Swedish Data Protection Agency (SDPA). A lower court ruled last year that Klarna should pay 6 million crowns.

Klarna has said the case stemmed from an audit by the SDPA of the privacy information provided to clients in 2020, and was not related to how the company collects or handles data.

($1 = 10.2274 Swedish crowns)

(Reporting by Louise Breusch Rasmussen, editing by Terje Solsvik, Kirsten Donovan)