(022) 820 801 centru@datepersonale.md
DP header logo
img mobile menu img close mobile menu
ROENРу
ico search toggle
datepersonale.md
/
Comunicate
/
Administrative fine in the amount of EUR 724 000 applied by Swedish Authority for Privacy Protection to Klarna Bank AB for the infringement of the rights of the data subject and principles relating to processing of personal data

Administrative fine in the amount of EUR 724 000 applied by Swedish Authority for Privacy Protection to Klarna Bank AB for the infringement of the rights of the data subject and principles relating to processing of personal data

img 719 Views

The National Center for Personal Data Protection (NCPDP), for information and application purposes, communicates about the administrative fine in the amount of EUR 724 000 applied by Swedish Authority for Privacy Protection (IMY) to Klarna Bank AB for the infringement of the rights of the data subject and principles relating to processing of personal data.

Klarna Bank is a financial company that processes personal data about many people and in many different ways. It is important that the information that Klarna Bank provides about how the company processes personal data is correct and as complete as possible. During the investigation, Klarna Bank has continuously changed the information provided on how the company handles personal data. The IMY’s decision concerns the information provided in the spring of 2020. Following the investigation, Klarna Bank did not provide information on the purpose and the legal basis for which personal data was processed in one of the company’s services. The company also provided incomplete and misleading information about who were the recipients of different categories of personal data when data was shared with Swedish and foreign credit information companies. Furthermore, Klarna Bank did not provide information on to which countries outside the EU/EEA personal data were transferred or on where and how individuals could obtain information on the safeguards that applied to the transfer to third countries.

In this context, IMY found that the company provided incomplete information about the data subjects’ rights, including the right to delete data, the right to data portability and the right to object to how one’s personal data is processed, violating the Articles 5 (1) (a), 5.2, 12.1, 13.1 c, e-f and 13.2 a-b, f and 14.2 g of GDPR.

The NCPDP, as national supervisory authority for personal data processing, emphasizes the responsibility of personal data controllers to comply with the provisions of legal framework on personal data protection and to ensure that personal data processing operations are in accordance with the legislation in force.

img
Protocol amending Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, published in the Official Gazette

       The National Center for Personal Data Protection (NCPDP), for information purposes, communicates about the ratification, by Law 36/20.03.2026 and the publication in the Official Gazette of the Republic of Moldova, of the Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.       […]

img 23 Views
img
Representatives of the National Center for Sustainable Energy trained in the field of personal data protection

       On April 10, 2026, the National Center for Personal Data Protection (NCPDP) organized a training course in the field of personal data protection for representatives of the National Center for Sustainable Energy (NCSE), at their request.        The objective of the training was to strengthen the theoretical knowledge and develop […]

img 26 Views
img Video gallery
img Information