Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This document establishes Klarna's data collection, processing, and sharing practices for users of its payment, shopping, and buy-now-pay-later services. The policy authorizes Klarna to collect financial history, shopping behavior, and device data, and to use this information to perform automated credit assessments that determine service eligibility. The policy permits data sharing with merchants, credit reference agencies, marketing partners, and other third parties, and establishes data subject rights including access, correction, deletion, and restriction requests through Klarna's privacy request portal for residents of the EU, UK, and California.
This document is Klarna's consumer-facing privacy policy, governing the collection, use, storage, and sharing of personal data across Klarna's payment, buy-now-pay-later, shopping, and banking services, with legal bases including contractual necessity, legitimate interest, legal obligation, and consent depending on the processing activity. The policy states that Klarna collects a broad range of data categories including identity, financial, transactional, device, behavioral, location, and social media information, and the terms authorize sharing this data with merchants, credit bureaus, financial partners, marketing partners, and government authorities. Notably, the policy discloses that Klarna conducts automated decision-making including credit assessments that produce legal or similarly significant effects on users, a practice that under GDPR carries specific rights obligations including the right to human review, explanation, and to contest the decision. The policy engages GDPR as the primary framework for EU and UK users, CCPA and state privacy laws for California and US residents, and financial services regulations including those applicable to licensed payment institutions and credit providers across multiple jurisdictions. Material compliance considerations include the breadth of legitimate interest claims used to justify marketing and profiling activities, the adequacy of consent mechanisms for cookie-based and behavioral advertising, and the cross-border data transfer arrangements Klarna relies upon for transfers from the EU to third countries including the US.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trial4 important changes detected
4 versions captured · Last updated: June 2026
Klarna's privacy policy was reorganized on April 16, 2026 to add section numbering and expand collapsed sections using 'Show more' links. The substantive language about how data is collected and …
View change record →Klarna removed structural formatting elements ('Show more' expandable sections) from its Privacy Policy on March 19, 2026, and reorganized how it presents data collection methods. The policy previously listed data …
View change record →This new provision explicitly discloses cookie-based tracking for behavioral advertising and provides user control mechanisms, addressing increased regulatory focus on tracking technologies.
This new provision clarifies merchant data sharing scope and purpose, reducing ambiguity from the previous generic 'Data Sharing with Retail Merchants' provision.
This provision was replaced by the more specific 'Cookie-Based Behavioral Advertising' provision with explicit consent and withdrawal mechanisms.
This standalone provision was integrated into other provisions, particularly 'Data Sharing with Credit Reference Agencies' and 'Data Retention' which now explicitly mention fraud prevention.
This U.S.-specific provision was removed and replaced with the more globally inclusive 'Consumer Data Rights and Access Mechanisms' that applies based on jurisdiction.
Previous version had no excerpt; current version now provides detailed explanation of credit reference agency data sharing including fraud prevention and payment default consequences.
Previous generic provision renamed and expanded to explicitly mention profiling and marketing with added emphasis on user right to object.
Previous version had no excerpt; current version adds specific detail about standard contractual clauses and explicitly mentions United States as transfer destination.
Previous version had no excerpt; current version renamed to 'Automated Decision-Making for Credit Assessments' with detailed explanation of credit assessment and service eligibility impacts.
Previous version had no excerpt; current version now specifies fraud prevention and dispute resolution as legitimate grounds for extended retention.
Monitoring
Klarna has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Automated Credit Decision-Making and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.