Swedish authorities announced on Tuesday that music streaming giant Spotify was fined 58 million kronor ($5.4 million) for failing to properly inform users about how the data it collected was being used.
Spotify said it plans to appeal the decision.
The Swedish Privacy Agency (IMY) has announced that it has considered “how Spotify handles access rights to customers’ personal data”.
“As a result of the deficiencies identified, IMY fined the company 58 million kronor,” the official said.
Under the provisions of the European data protection law GDPR, users have the right to know what data companies hold about individuals and how that data is used, the regulator said. It pointed out.
IMY said Spotify provided the data it held in response to requests from individuals, but was not specific enough about how that data would be used.
“The information provided by Spotify is unclear, making it difficult for individuals to understand how their personal data is being processed and to verify whether the processing of their personal data is lawful. I did,” said IMY.
It added that “the flaws found are generally considered to be of low severity,” adding that the amount of the fine was based on Spotify’s user count and revenue.
The New York Stock Exchange-listed streaming giant announced in April that it had surpassed 500 million monthly active users and surpassed 210 million paying subscribers.
Spotify has rejected IMY’s findings, saying in an emailed statement to AFP that it “provides all users with comprehensive information about how their personal data is processed.” .
IMY “only found small areas of the process that we felt needed improvement. However, we disagree with this decision and plan to appeal,” Spotify said.
In a separate statement, privacy activist group Noive said it welcomed the decision but lamented the authorities’ slowness, saying the fine had been imposed following complaints from the group and subsequent lawsuits.
“This case took more than four years and we had to go to IMY to get a decision. The Swedish authorities definitely need to speed up the process,” said Stefano Rossetti, a privacy attorney in Neuve. said in a statement.
Related: Meta Fined $1.3 Billion and Ordered to Stop Sending European User Data to the US
Related: France punishes Clearview AI for unpaid fines