Scores of people received a newsletter sent in error by the ‘buy now, pay later’ firm Klarna earlier this week – despite never knowingly using the service.
Klarna sent a follow-up apology email, claiming the newsletter was sent in ‘human error’ and tried to reassure recipients that they not been added to a marketing database.
But a number of people were baffled as to how the firm had obtained their data, having never used one of Klarna’s ‘pay later’ services.
Some took to Twitter to complain, while the Information Commissioner’s Office (ICO), the independent body that enforces data protection law, received more than 50 complaints about the email in 24 hours. The ICO is now making enquiries into what happened.
Here, Which? explains your data rights and how Klarna collects information on you.
‘I’ve never signed up to Klarna’
Laura Thomas, from London, was shocked to see the email from Klarna in her inbox.
‘I’ve never signed up to Klarna,’ she told us. ‘When I saw the email, I automatically thought it was a scam or that someone had signed up to Klarna in my name – it was quite worrying.’
Laura then received the apology email, but it didn’t calm her concerns.
‘I had no idea how it got my email adress, so I did some research and saw other people were complaining online,’ she recalled. ‘I then realised I must have shopped with a retailer that uses Klarna for upfront payments.’
Klarna doesn’t only offer ‘pay later’ services; some retailers also use Klarna as a payment processor when you pay for items upfront with you debit or credit card. Klarna calls this its ‘checkout technology’.
However, it’s not always made clear at the checkout when an upfront payment is processed by Klarna.
Klarna explained that when shoppers use its ‘checkout technology’, they also agree to its T&Cs and privacy notice.
Laura, however, felt misled that she’d used Klarna and had her data collected without realising.
‘I assumed I was paying the company directly, not using Klarna,’ she said. ‘I’m less likely to save my card details and information when shopping online now, as I don’t know if it will go to a third party.’
Laura said she’d like Klarna to delete her data, but isn’t sure how to go about it.
Klarna told Which?: ‘At no point has customer data been compromised. The data has been used in line with our terms and conditions, and our privacy notice.’
- Read more: how to ask for your data to be erased
When does Klarna collect my data?
Klarna’s privacy notice says shoppers who use their services, either when paying with one of their payment methods, contacting them or using their app, will hand over data.
This includes when you use a ‘pay later’ service, or when you pay upfront from a retailer that uses Klarna as a payment processor.
The data Klarna collects includes contact and identification information, payment information and special categories of data.
If you’re paying for an online order upfront, it’s worth checking if the retailer uses Klarna as a payment processor, so you can be clear on how your data is being used.
You should be able to find this out on the retailer’s payment information page.
Can Klarna send me newsletters?
Under the General Data Protection Regulation (GDPR), companies must ask you to opt in, or give existing customers the opportunity to opt out, before sending any marketing newsletters.
The ICO told Which?: ‘Businesses should only contact individuals for electronic marketing purposes where consent has been provided or, in limited circumstances, where they have an existing relationship with a customer.’
Klarna has apologised and insists that you won’t have been added to a marketing database.
A spokesperson said: ‘In accordance with our internal policies, consumers normally do not receive newsletters unless they have opted in or downloaded our app.
‘We are currently investigating how this happened and are taking action to ensure nothing like this can happen again in the future.’
How to protect your data
1. Find out what data Klarna holds on you
If you’d like to know more about what data Klarna has collected, you can make a subject access request.
You’ll need to write to or email Klarna asking for a copy of all the information it holds on you.
Klarna should provide you with the information without delay and at least within one month of receiving your request.
- Find out more: how to make a subject access request
2. Ask Klarna to amend or delete your data
You have the right to ask Klarna to erase your data.
This request can be done verbally or in writing and Klarna has one month to respond to a request.
Klarna says you can change your profile information at any time, either in the app or by contacting them.
3. Complain to the ICO
If you’re still not happy with how your data has been handled, you can make a complaint to the ICO.
The watchdog is already looking into the incident, but it may also be able to help resolve any issues you might be having.
- Read more: your data rights explained