Spotify fined - for data protection violations
News + Trends

Spotify fined - for data protection violations

Livia Gamper
14-6-2023
Translation: machine translated

The streaming service Spotify has to pay a fine. The reason: Spotify was not transparent enough with user data.

The Swedish supervisory authority has fined Spotify SEK 58 million - around five million euros. After a lengthy back and forth, the authorities found that the company had violated the General Data Protection Regulation (GDPR). Specifically, Spotify was fined for how it handled customer data and how customer access to this data was organised.

Swedish authorities remained inactive for a long time

As the online portal "Golem" writes, the responsible data protection authority in Sweden had initially been inactive for several years. At the beginning of 2019, the Austrian data protection association Noyb filed a complaint against Spotify. As Spotify is based in Sweden, the complaint was forwarded to the authorities there - whereupon there was no response for a long time. The main points of the complaint from Austria were that Spotify did not provide customers with sufficient personal data upon request in accordance with the GDPR and did not disclose the reasons for this.

Because of this inaction Noyb filed another lawsuit in the summer of 2022 - this time not against Spotify, but against the Swedish data protection authority IMY. Noyb was proved right and the Swedish authority had to investigate the complaints.

This led
led to IMY finding that Spotify provided the data, but did not provide clear enough information about how the data was used by the company. The authority demanded that it be made transparent "how and for what purposes users' personal data is processed". Spotify was therefore in breach of Article 15 of the GDPR. In addition to the reprimand, IMY also fined the streaming service five million euros.

"Unfortunately, the case took more than four years"

Stefano Rossetti, data protection lawyer at Noyb, commented on the decision from Sweden to Golem as follows:

We are pleased that the Swedish authorities have finally acted. It is a fundamental right of every user to receive complete information about the data that is processed about him or her. Unfortunately, the case took more than four years and we had to sue IMY to get a decision.
Stefano Rossetti, Datenschutzjurist Noyb

The Swedish IMY did not classify Spotify's offence as serious. The authority explained that the streaming service corrected the errors - which is one of the reasons why the fine is correspondingly low. Spotify made a profit of 131 million euros in 2022.

Noyb now wants to investigate whether the Swedish authorities have sufficiently enforced users' rights. So it remains exciting.

Cover photo: Shutterstock / Mats Wiklund

19 people like this article


User Avatar
User Avatar

Testing devices and gadgets is my thing. Some experiments lead to interesting insights, others to demolished phones. I’m hooked on series and can’t imagine life without Netflix. In summer, you’ll find me soaking up the sun by the lake or at a music festival.


These articles might also interest you

Comments

Avatar