Sweden-based Spotify has received an administrative fine of 58 million Swedish kronor from the Swedish Privacy Agency (IMY).
This fine relates to how Spotify provides users with access to personal data that it stores and processes. The General Data Protection Regulation (GDPR), which came into force in 2018, includes individual “rights of access”. This means that companies have the right to know what personal data they collect about you and how that data is used. .
The Swedish Privacy Authority has audited the methods Spotify uses to respect your right to access your personal data. An audit has revealed that Spotify, in fact, discloses personal data processed by the company upon request. However, there is not enough transparency about how the data is used.
IMY believes Spotify should be more specific about how and for what purpose an individual’s personal data is treated. Essentially, it should be easier for users requesting access to their data to understand how companies use their data. IMY officials also pointed out that there are some shortcomings in providing users with clear information about their data in their native language, especially regarding technical information.
How does Spotify organize personal data?
Spotify organizes personal data into several different layers so that Spotify users who request access to their personal data can choose the type of data they would like to access. One layer provides information that Spotify determines is of most interest to the individual, such as the user’s payment and contact details, and the artists the user in question is following.
Users can also request a more detailed view of their personal data provided as part of the second layer. This layer can contain, for example, customer-related technical log files. IMY has determined that Spotify has taken sufficient steps to ensure that individuals are fully informed about this data reduction procedure.
The agency also acknowledged Spotify’s overall commitment to meeting individual access rights requirements. Furthermore, as these recently revealed flaws are not particularly serious, IMY has reviewed Spotify’s turnover and total user count and decided to impose an administrative fine of 58 million Swedish kronor (5 million euros). bottom. It is worth noting that other data protection authorities within the EU were consulted before this decision was taken.