Spotify fined $5.4 million in Sweden over GDPR violations

Streaming giant Spotify recently faced sanctions from the Swedish Privacy Authority (IMY), receiving a substantial fine of 58 million Swedish kronor ($5.4 million). This decision came after an investigation uncovered deficiencies in the way the music-streaming service handled customers' rights to access their personal data.

Under the General Data Protection Regulation (GDPR) instated in 2018, customers are entitled to know what personal data businesses handle and how that information is used. Spotify, which collects massive amounts of customer data, including contact and payment details and listening histories and preferences, was found to be lacking in this area.

IMY found that Spotify "releases the personal data the company processes when individuals request it, but that the company does not inform clearly enough about how this data is used by the company." Karin Ekström, one of the investigators responsible for the case, said Spotify should be more specific. She further emphasized that any technically complex data should ideally be explained not only in English but in the customer's native language.

If you are a Spotify user and want to understand what happens to your data, read the privacy policy, data rights, and privacy settings.

How to stop Spotify from profiling you

Our Bitdefender Digital Identity Protection users are regularly encouraged and guided to review the privacy settings of the apps they use. Part of the service that monitors their digital identity and data exposure in breaches and data collection, they receive reports, actionable advice, and newsletters after scans.

Here's an example of communications received by our users long before Spotify was fined:

Overview: According to Spotify's privacy policy, the company tracks your name, email address, phone number, date of birth, gender, address (street, country, and other GPS location data), login info, billing info, website cookies, IP address, Facebook user ID, login information, likes, and device information (even some data from other devices on your wifi network).

Action: If you find this too much of an intrusion on your privacy, log in to Spotify's web player on the desktop (not the app) to tune up your privacy settings.

1. Click your user icon -> Account, Go to Edit profile and remove/edit any personal info that you can.

2. Uncheck "Share my registration data with Spotify's content providers for marketing purposes" and save changes.

3. Go to Privacy settings and turn off:

- "Process my personal data for tailored ads" (you'll still get ads, but your personal data will no longer be used to deliver you targeted ads).

- "Process my Facebook data." This will stop Spotify from using your Facebook account data.

If you find this useful together with having a tool that continuously monitors your digital identity, provides 360 view of your digital footprint and knowledge of how to reduce it, alerts you in case of breaches, and shows how well you are protecting your privacy compared to others, check out Bitdefender Digital Identity Protection plans.