Sensitive data

Background

Certain personal data is by its nature particularly sensitive and therefore it has stronger protection under the GDPR. This type of data, called special categories of data or sensitive personal data, is data that concerns racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union, health, a person’s sex life or sexual orientation, genetic data and biometric data that uniquely identifies a person.

In general, processing of sensitive data is prohibited. There are however a number of exceptions; e.g. if the subject has consented to the processing of sensitive personal data. Do however note that there are specific requirements in relation to a valid consent under the GDPR.

In the cooperation between Klarna and the merchant, each party will process certain personal data. That processing is by each party done in the capacity of a data controller, being responsible for its own processing. However, the parties will also share certain personal data with each other.

Data sharing with Klarna

If you are processing personal data which could be categorized as sensitive data, you have to make sure not to share that data with Klarna. As information regarding what goods the consumer has purchased normally is shared with Klarna, you have to make sure that names of goods are anonymized before that information is shared with Klarna.

Examples (non-exhaustive)

  1. You are a merchant running a pharmacy. The goods you are selling within your store may normally include goods which can reveal the health or sex life of a person. Hence instead of providing line item data stating that aspirin was purchased by the customer, you should blank out the name of the goods, or as a suggestion state simply that ‘pharmacy goods’ was purchased.

  2. You are a merchant providing adult movies. Instead of sending Klarna information on the title of the movie purchased/rented, you should blank the information out or state just ‘movie’.

  3. You are a merchant running a shop currently not providing any goods which you think could include the processing of sensitive data, but start selling non-prescription based medical goods such as condoms and aspirin. You will then find out a way of deleting or anonymize the goods prior to sharing the line item with Klarna.