wordpress blog stats
Connect with us

Hi, what are you looking for?

Swedish Privacy Authority Slaps Spotify With $5.3 Million Fine for Providing Insufficient Information on Data Processing

Spotify does not clearly inform its users about how it handles the personal data of its users, the Swedish data protection authority said.

Spotify does not clearly inform its users about how it handles the personal data of its users, said the Swedish data protection authority as it slapped a $5.3 million administrative fine (or 58 million Swedish Kroner) on the streaming service on Wednesday.

This violates the right of access, which empowers individuals to find out what personal data businesses handle and how they use it, held under the European Union’s privacy law, the General Data Protection Regulation.

However, a press release acknowledged that “Spotify has taken several measures with the aim of meeting the requirements for individuals’ right to access, and the deficiencies that have been discovered are considered overall to be of a low level of seriousness.” Spotify may appeal the decision.

STAY ON TOP OF TECH POLICY: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!

What did Spotify do wrong? The information provided by Spotify to users on how their information is handled should be more specific, said Karin Ekström, one of the leads in the long-drawn investigation into the company. “It must be easy for the person requesting access to their data to understand how the company uses this data,” Ekström added. “In addition, personal data that is difficult to understand, such as those of a technical nature, may need to be explained not only in English but in the individual’s own, native language.”

Without this information, it is difficult for customers to check if Spotify’s data processing is lawful or not.

And where did it get things right? The Swedish authority’s investigation also examined how Spotify divides customers’ personal data into different layers—such as information deemed to be of greater interest to an individual, like their listening history, payment details, and more. Technical information like the log files linked to a customer form another layer and can also be requested by customers.

“There is no obstacle to dividing the copy of personal data into different layers as long as the right to access is satisfied,” Ekström explained. “In some situations, on the contrary, it can make it easier for the data subject to take in the information if it is presented in different parts, at least when it is a question of an extensive amount of information. It is important that the individual understands what information is in the various layers and how it can be requested. Here we believe that Spotify has done enough.”

How did this investigation start? The investigation was initially sparked by a 2019 complaint filed by privacy rights non-profit ‘noyb’ led by Max Schrems—which alleged that Spotify hadn’t provided adequate details in response to a request for personal data. The company didn’t provide information on the purpose of processing, and on international data transfers, among other concerns. Originally filed in Austria, the petition was later transferred to Sweden, Spotify’s main EU hub.

This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.

Read more

Written By

I'm interested in stories that explore how countries use the law to govern technology—and what this tells us about how they perceive tech and its impacts on society. To chat, for feedback, or to leave a tip: aarathi@medianama.com

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...


Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...


RBI Deputy Governor Rabi Shankar called for self-regulation in the fintech sector, but here's why we disagree with his stance.


Both the IT Minister and the IT Minister of State have chosen to avoid the actual concerns raised, and have instead defended against lesser...


The Central Board of Film Certification found power outside the Cinematograph Act and came to be known as the Censor Board. Are OTT self-regulating...

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ