←back to thread

Klarna users are being signed in to random accounts

(twitter.com)
475 points danielstocks | 8 comments | 27 May 21 10:28 UTC | HN request time: 0s | source | bottom
Show context
ecmascript ◴[27 May 21 11:10 UTC] No.27301525[source]
Time to GDPR my account on klarna then.
replies(1): >>27302679 #
1. onoira ◴[27 May 21 13:14 UTC] No.27302679[source]
You can't—at least in Sweden—remove much from Klarna.

Your marketing profile is tied in with their accounting system. The law requires them to store accounting data for at least 7 years, with no obligation to actually remove it once that time is up. Since the accounting laws supersede the GDPR: they can hoard data pretty effectively.

The Swedish 'Data Protection Authority' tried to launch (yet another) investigation for their shady practices, but Klarna strategically applied for bank status and now the reach and power of the data authority is cripplingly limited.

replies(4): >>27303048 #>>27303534 #>>27304218 #>>27341856 #
2. elliekelly ◴[27 May 21 13:47 UTC] No.27303048[source]
Whats Klarna’s argument for the data in a customer’s marketing profile being necessary for accounting purposes? You can’t just store data in your accounting system and wipe your hands of GDPR.
replies(1): >>27303614 #
3. chopin ◴[27 May 21 14:26 UTC] No.27303534[source]
You can forbid Klarna sharing the accounting data with anyone. I doubt there is a legal sharing permission overriding GDPR for accounting data aside from tax authorities.
replies(1): >>27303708 #
4. onoira ◴[27 May 21 14:32 UTC] No.27303614[source]
That's what the investigation aimed to find out before it was cut short. Klarna's general reasoning has been (A) 'because', and (B) 'because it's all in the same system and we have no obligations or confidence in thinning it'.

Any request for data or information regarding their architecture is rejected on the grounds of 'trade secrets'.

replies(1): >>27303982 #
5. onoira ◴[27 May 21 14:40 UTC] No.27303708[source]
That's correct, but the data still stays with Klarna. I interpreted the OP as wanting to remove the data Klarna stores, or remove the 'account' pages. Neither of these are completely possible.
6. dkersten ◴[27 May 21 15:04 UTC] No.27303982{3}[source]
Hmm, that's strange. I did some contract work for Klarna about a year ago and had to go through mandatory on-site training and a big chunk of that was with their legal team about data protection, GDPR, about storing the least amount possible etc. It sounded like they treat it very seriously, so this is surprising to me.

I do know there are various legal requirements to retain certain data for some time (PSD2 for example must be stored for 13 months, I believe), but outside of that, it sounded to me like they tried very hard not to store anything for longer than necessary or without user consent.

I mean, doesn't mean its true, just the impression I got from the training.

7. speapr ◴[27 May 21 15:26 UTC] No.27304218[source]
I believe you that Klarna are shady about how they manage data, however, my understanding was that they got a banking license because they want to fund themselves via brokered deposits? A banking license means that they can get money from anyone in the EU and it will be insured up to €100,000. Without this, almost no one would want to deposit with them.

If you have other information about other reasons they might have become a bank, I would be genuinely interested in hearing them.

8. ecmascript ◴[31 May 21 08:57 UTC] No.27341856[source]
Sure but there is probably a lot of meta data that can be removed and it will send a signal to them that this is not ok.