In Sweden, music streaming platform Spotify was fined about $5.4 million for violating data access rights of European Union (EU) users. TechCrunch reports that allegations have been made that the company failed to properly disclose the personal data it processed when responding to individual requests. This violation falls under Article 15 of the General Data Protection Regulation (GDPR).
The complaint was filed in early 2019 by noyb, a non-profit organization focused on privacy rights.
The complaint alleges Spotify’s failure to comply with all requested personal data, its failure to provide information about the purposes and recipients of data processing, and its failure to disclose details of international money transfers. there is
The complaint was originally filed in Austria, but was redirected to Sweden due to the GDPR’s one-stop-shop mechanism, which aims to simplify the handling of cases involving cross-border data processing. Spotify’s main EU presence is in Sweden.
The complaint remained unresolved for several years because noyb claims Swedish authorities conducted another ex-officio investigation without involving the complainants. This measure goes against the GDPR requirement that the data controller respond to access requests within her one month. As a result, noyb sued the Swedish Data Protection Authority (IMY) for lack of judgment.
Last year, noyb successfully challenged IMY’s position that the complainant was not a party to the proceedings. The Stockholm Administrative Court ruled that the complainant has the right to seek a decision six months after filing the complaint, as stated in the report. Spotify, meanwhile, announced a corporate restructuring that included laying off 200 employees, or 2% of its podcast division.