tadamichi - Fotolia

Spotify to update privacy policy after user protest

Some Spotify users are unhappy about new privacy policies that allow access to users’ photos, video, mobile device location, voice controls and contacts

Spotify chief Daniel Ek has been forced to apologise after users said they were leaving because of the music streaming service's new privacy policy.

Some users are unhappy that the privacy policy, introduced on 19 August, allows Spotify to have access to users’ photos, video, mobile device location, voice controls and contacts.

The new policy also states that Spotify may also collect sensor data, including information about the speed of a user’s movements, such as whether a user is running, walking or in transit.

In a blog post, Ek apologised for the “confusion” caused by the new privacy policy, saying that if users do not want to share this kind of information, they do not have to.

“We will ask for your express permission before accessing any of this data – and we will only use it for specific purposes that will allow you to customise your Spotify experience,” he wrote.

Ek said Spotify should have done a better job in communicating what the new policy means and how any information that users choose to share will – and will not – be used.

He promised an "update" to the new policy in “coming weeks” to clarify the company’s intentions.

Ek said Spotify will never access users’ photos without explicit permission. “If you give us permission to access photos, we will only use or access images that you specifically choose to share,” he wrote.

He also said Spotify will never gather or use the location of a mobile device without the user’s explicit permission, will never access a device’s microphone without permission, and will never scan or import contacts without permission.

As regards mobile networks, Ek said some Spotify subscribers sign up through their mobile provider, which means some information is shared with them by necessity.

Read more about online privacy

“We also share some data with our partners who help us with marketing and advertising efforts, but this information is de-identified – your personal information is not shared with them,” he said.

Ironically, Spotify said in a blog post before the roll-out of the new privacy policy that the changes were being made to be as open and transparent as possible about how the company works with advertisers, what information it collects, and what it does with that information.

It will be interesting to see whether the update makes any changes to the policy, and especially whether it changes or explains the sweeping sharing permissions which have raised the most concern.

For many users, “expressly” authorising Spotify to use and share the information provided with other companies in the Spotify group as well as “certain trusted business partners and service providers” may be a step too far.

Spotify says these partners may be located outside the country of the user’s residence, including countries “which do not provide the same level of protection for the processing of personal data” as the user’s country of residence.

Read more on Privacy and data protection

Data Center
Data Management