Swedish regulators have fined the company 58 million Swedish kronor ($5.4 million) for violating the European Union’s General Data Protection Regulation (). The issue concerns how Spotify handles access to users’ personal data and customer information.
Advocacy group Noive, led by privacy activist Max Schrems, has filed complaints against Spotify and other big tech companies. In his complaint, Noib alleges, among other things, that Spotify did not provide users with all personal data upon request, nor did it disclose the reasons for processing such information.
The Swedish Privacy Agency (IMY) states that although Spotify provides users with the personal data it processes on request, it “provides sufficiently clear information about how this data will be used by the company. not. Spotify said it should be more transparent about “how and for what purpose an individual’s personal data is treated.” Lack of clarity means that “it is difficult for individuals to understand how their personal data is being processed and to see whether the processing of their personal data is lawful.” IMY added.
The regulator said it deemed the issue “low severity” and noted that Spotify had taken steps to resolve the issue. IMY determined the fine based on Spotify’s revenue and number of users, as well as these factors. The company said it made this decision with the help of other EU data protection authorities, given that Spotify has users in many countries.
The Sweden-based company said, “Spotify provides all users with comprehensive information on how their personal data is handled.” in a statement. The report said the regulator “has only found small areas of our processes that we believe need improvement. However, we disagree with this decision and plan to appeal.”