The Information Commissioner's Office (ICO) has opened an enquiry into Klarna after receiving complaints that the company sent marketing emails to people that had never used the service.
The UK's data protection regulator told IT Pro that "some members of the public" have made it aware of a marketing email, which Klarna has said was sent out "incorrectly".
A number of people have taken to Twitter to state that they had received from the Swedish fintech firm confirming the mistake.
"We are extremely sorry," the message read. "You may have just received our newsletter without expecting it. The email was sent incorrectly and you should not have received it. We apologise for the inconvenience.
"Please rest assured, you have not been added to a marketing database, and you will not receive any further marketing communication unless you opt in or download our app at a later date."
However, many have questioned how Klarna had their email address in the first place. Some have suggested that the error has revealed that retail data is being passed on illegally.
"A number of people (including myself) have received a promo email from Klarna, despite never having used the service... no explanation as to where they got the data from," tweeted one receipient of the email. "My guess is retailers are passing on data which surely is not ethical or GDPR compliant?!"
The company has apologised in a blog post but it still hasn't specifically revealed how it has access to non-user email addresses.
The firm works with retailers such as Asos and Topshop providing technology services that allow consumers to pay for their goods in 30 days or with a credit or debit card that is processed by Klarna software on behalf of the retailer.
"The email was sent to Klarna consumers who have recently used one of Klarna's products or services including Klarna's checkout technology," the firm said. "Klarna's checkout technology is a product some retailers use to process payments on their website. This means that Klarna processes all credit and debit card transactions for these retailers."
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
Cyber attacks have rocked UK retailers – here's how you can stay safeNews Following recent attacks on retailers, the NCSC urges other firms to make sure they don't fall victim too
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
“Limited resources” scupper ICO probe into EasyJet breachNews The decision to drop the probe has been described as “deeply concerning” by security practitioners
-
Surge in workplace monitoring prompts new ICO guidelines on employee privacyNews Detailed guidance on how to implement workplace monitoring could prevent data protection blunders
-
TikTok could be hit with £27m fine for failing to protect children's privacyNews Social media firm issued with a notice from the ICO for potential violations of UK data protection laws
-
What is AdTech and why is it at the heart of a regulation storm?In-depth The UK data regulator has come under heavy fire for consistently delaying much-needed action, privacy groups say
-
ICO crackdown on AI recruitment part of three-year vision to save businesses £100 millionNews ICO25 outlines a fresh approach that involves releasing learning materials, advice, and a new ICO-moderated discussion forum for businesses
-
Clearview AI fined £7.5m over improper use of UK dataNews Australian facial recognition firm collected 20 billion images from the internet without consent in order to build its database
