I once received e-mails from Klarna that I suspected to be spam since they mentioned another person. At some point I decided to be brave and open the PDF that was supposedly a credit contract.
Turns out the e-mails were indeed legit, just that I had received some Bavarian lady’s personal data and details about a coffee table she’d purchased buy now, pay in instalments.
I contacted customer support (which was hard enough) and told them there was a mix-up and that I would prefer not to receive someone else’s personal details and information about their online shopping habits. They said alright, we’ll see to it.
A couple weeks later, I received more e-mails. The lady had apparently purchased clothes she couldn’t afford to pay in cash. That’s when I contacted Klarna again (via letter this time) and demanded for them to tell me what happened and to tell the other person that their data had leaked to me. Turns out that I had once or twice paid with Klarna in the past and they therefore had my mobile phone number from back then. I hadn’t had that number for years after switching contracts and getting a new number, but it turns out that the woman in Bavaria had apparently been assigned that number. She used it for her Klarna payments and that’s why Klarna sent her data to my e-mail.
Since I consider their incompetence a violation of GDPR laws, I made a complaint with German authorities, who handed the case over to Sweden. It’s been two years and I’m still waiting to hear what happens of it. I still get regular “We’re still working on it” correspondence from Berlin, though.
Is there a single case of real, actual punishment for GDPR violations done by non-giants (Google, Facebook, etc.)? I could use some good justice porn right now.
I once received e-mails from Klarna that I suspected to be spam since they mentioned another person. At some point I decided to be brave and open the PDF that was supposedly a credit contract. Turns out the e-mails were indeed legit, just that I had received some Bavarian lady’s personal data and details about a coffee table she’d purchased buy now, pay in instalments. I contacted customer support (which was hard enough) and told them there was a mix-up and that I would prefer not to receive someone else’s personal details and information about their online shopping habits. They said alright, we’ll see to it. A couple weeks later, I received more e-mails. The lady had apparently purchased clothes she couldn’t afford to pay in cash. That’s when I contacted Klarna again (via letter this time) and demanded for them to tell me what happened and to tell the other person that their data had leaked to me. Turns out that I had once or twice paid with Klarna in the past and they therefore had my mobile phone number from back then. I hadn’t had that number for years after switching contracts and getting a new number, but it turns out that the woman in Bavaria had apparently been assigned that number. She used it for her Klarna payments and that’s why Klarna sent her data to my e-mail.
Since I consider their incompetence a violation of GDPR laws, I made a complaint with German authorities, who handed the case over to Sweden. It’s been two years and I’m still waiting to hear what happens of it. I still get regular “We’re still working on it” correspondence from Berlin, though.
I’m genuinely curious how this will end.
Is there a single case of real, actual punishment for GDPR violations done by non-giants (Google, Facebook, etc.)? I could use some good justice porn right now.