The U.K. Information Commissioner’s Office (ICO) is launching a probe against Sweden’s buy now, pay later (BNPL) startup Klarna over complaints about a recent email marketing campaign, according to a Thursday (Oct. 15) BBC report.
People complained to the data protection watchdog that they had received a marketing email from Klarna containing some personal information even though they had never signed up with the payments firm.
Soon after the first email was sent, people said they got a second email stating the first was sent by mistake. It had assured the recipients they were not in Klarna’s database.
“This was a human error and the email was incorrectly sent for which we are extremely sorry,” read company blog on Monday (Oct. 12). “We are currently investigating how this happened, and are taking action to ensure nothing like this can happen again in the future.”
But people wanted to know how the company got their data. Many people who received the email claim they had never used the Klarna service.
“Now why would Klarna have ‘accidentally’ sent me their newsletter when I have never used their services. Who sold them my email?” Vlogger Christine Armstrong said on Twitter.
Nicole Krystal Crentsil, chief executive of platform Black Girl Fest, tweeted: “Hmmm… how & why do you have access to my email address? I know Klarna is used by some online shops I shopped from, but I’m 100% sure I’ve never used it.”
A spokesperson for Klarna told the BBC that anytime anyone uses Klarna checkout technology they are agreeing to the terms and conditions, which includes getting promotional emails.
“Klarna’s checkout technology is a product some retailers use to process payments on their website. This means that Klarna processes all credit and debit card transactions for these retailers,” according to the company’s blog.
“Consumers normally do not receive newsletters unless they have opted in or downloaded our app,” a Klarna spokesperson said.
He added that the company is investigating the incident to discover how it happened and to make sure it never happens again.
“Businesses should only contact individuals for electronic marketing purposes where consent has been provided or, in limited circumstances, where they have an existing relationship with a customer,” an ICO spokesperson told the BBC.
The Stockholm-based company and FinTech unicorn was founded in 2005 and is valued at $10 billion, double its value in August 2019.