Point-of-sale lender Klarna, a global company worth $10.6B, is in hot water with a U.K. privacy watchdog over unsolicited emails it sent to some consumers encouraging them to use the point-of-sale loan offering despite never having used it.

Why should we care?
Klarna is currently Europe’s most valuable fintech company. While Klarna provides point-of-sale lending services for brands, it also enables digital retailers to send and receive payments, and collects personal information to make that happen. It’s through this method that Klarna, apparently in error, accessed consumer information and subsequently sent a portion of these consumers unsolicited marketing emails. The U.K. Information Commissioner’s Office received more than 90 complaints regarding this misuse of data; it says that under the EU’s General Data Protection Regulation, companies can’t collect data without the consent of the consumer. The issue highlights challenges with brands’ desire to cross-sell and personalize communications using customer data. For its part, Klarna said it won’t repeat the error, but despite its assurances, the oversight agency is investigating the incident to determine the cause of the breach.