[onoira]

That's what the investigation aimed to find out before it was cut short. Klarna's general reasoning has been (A) 'because', and (B) 'because it's all in the same system and we have no obligations or confidence in thinning it'.

Any request for data or information regarding their architecture is rejected on the grounds of 'trade secrets'.

[dkersten]

Hmm, that's strange. I did some contract work for Klarna about a year ago and had to go through mandatory on-site training and a big chunk of that was with their legal team about data protection, GDPR, about storing the least amount possible etc. It sounded like they treat it very seriously, so this is surprising to me.

I do know there are various legal requirements to retain certain data for some time (PSD2 for example must be stored for 13 months, I believe), but outside of that, it sounded to me like they tried very hard not to store anything for longer than necessary or without user consent.

I mean, doesn't mean its true, just the impression I got from the training.