Swedish data-protection authority launches Spotify GDPR investigation
There may be trouble brewing for Spotify in its home country, with the Swedish data-protection authority (Datainspektionen) launching a review of how Spotify handles requests for people to see what information it holds about them.
“The authority has become aware that there may be some shortcomings in how the company handles registry extracts, including that the extracts are not complete, and that the information is not sufficiently clear,” explained its announcement.
This is sparked by last year’s GDPR legislation in Europe, which gives people stronger rights to request and see the data held on them by digital services.
“Because Spotify handles a large amount of data on a very large number of users, it is important that the users’ request for registry extracts be handled correctly,” said lawyer Karin Ekström. “You have the right to turn to a company or authority that processes your personal data and through a registry extract to know what the information is. You should also get information about how the data is used described with a clear and simple language.”
You can read the questions posed to Spotify by the authority in this PDF. It’s in Swedish, but you can download it and then upload to Google Translate for a sense of what’s being asked. Spotify must reply in writing to Datainspektionen by 1 July with its answers.