A Swedish data authority Datainspektionen has opened an investigation into Spotify’s handling of user data.
The GDPR’s (General Data Protection Regulation) right to access rule is the primary reason for the investigation. The Swedish Data Inspection Authority sent Spotify several questions concerning their practices for providing access to consumer data. Spotify has until July 1 to respond to the request, which does not address individual complaints.
The data authority is looking into how the streaming giant handles requests for data access in three different areas. That includes what information is provided to customers, which information is copied by the company and how the information is handled after collection.
“The authority has become aware that there may be some shortcomings in how the company handles registry extracts, including that the extracts are not complete, and that the information is not sufficiently clear,” explained its announcement.
“Because Spotify handles a large amount of data on a very large number of users, it is important that the users’ request for registry extracts be handled correctly,” said lawyer Karin Ekström. “You have the right to turn to a company or authority that processes your personal data and through a registry extract to know what the information is. You should also get information about how the data is used described with a clear and simple language.”
This is generated by last year’s GDPR legislation in Europe, which gives people stronger rights to request and checks for the data held on them by digital services.
Statement by the Spotify
Spotify says it will cooperate with the request, “Spotify takes data integrity and our obligations to our users very seriously. Nordic spokesperson Fredrik Westin told ComputerSweden, we welcome Datainspektionen’s questions about the processes we have in place to ensure that users receive the information they are looking for and are entitled to under the GDPR.”
Back in January, the streaming company was hit with complaints concerning GDPR violations from a privacy organisation in Austria. The pro-privacy group None of Your Business made ten complaints against major tech companies. Amazon Prime, Apple Music, DAZN, Netflix, Soundcloud, Spotify, and YouTube were all included in that complaint.
You can read the questions posed to Spotify by the authority in this PDF. It’s in Swedish, but you can download it and then upload to Google and translate.