a page turner, it is not


For this blog post, I am looking at Spotify’s privacy policy to see if there are any strange things lurking there and see how my data is being used whenever I listen to music. I’m looking at Spotify because I use it so much and have never thought about its privacy policy much.

As far as things go, the Spotify privacy agreement is not as long and complicated as some other ones (I’m looking at you iTunes), but there is a lot going on nonetheless. It is made clear that just about every interaction you have on Spotify generates data that they can use to “to provide and personalize the Spotify Service”. Additionally any interactions with third parties that go through the site are also recorded. This means that they can access some of your data from advertisers as well as any other accounts you have linked to your Spotify account (ex. Facebook).

The collection of data on how you use the service is not very surprising, but it is worth noting that they also collect information such as your IP address (which also provides general location) and in some instances even your specific location. Additionally any use of the voice search feature can be recorded and kept; they say this is to help develop and improve the feature.

The privacy policy also lays out what rights the listener has (not that there are too many). The listener has the right to be informed of the personal data Spotify has about them, as well as the right to request access to and a copy of the data. The user can also request that Spotify update their data about an individual if it is in some way inaccurate, and can even request for Spotify to delete their data entirely. I was surprised that users have the right to have their data deleted, though I’m not sure if I may be misinterpreting the language of the agreement. It says that the listener has the right to request that the data is deleted, etc. not that the listener has the right to have the data deleted. I’m not sure if there’s any significance to that or not but I did feel it was worth noting. 

It was interesting to read the policy since I usually just click “accept” to the terms and conditions without reading them, something that seems to be the norm for most people. Below is a clip of an American teenager explaining whether or not he reads privacy policies.

“Weirdly enough, the only privacy policy I’ve read is Snapchat’s. Snapchat does a good job of sort of escaping all the legal sort of structure and language and speaking colloquially so it’s easy to comprehend and understand, and it’s also pretty short. But that’s the only one I’ve read because most of the time they’re extremely long; people make it part of the process of signing up for something and you want to do that fairly quickly”

As with the individual explaining above, I hadn’t read many privacy policies so I found it interesting to see what was in this one. All in all I didn’t find the policy too surprising since I generally act under the assumption that my data is being taken and used for all manner of nefarious things at all times, but I was somewhat pleasantly surprised by the enumerated rights of the listener. The service does collect a lot of data, but it doesn’t have the ability to collect as much as some other apps/services, since it only collects data while it is actively being used. It is certainly not able to collect as much data as the Google Home Mini smart speakers that Spotify delivered for free to its Premium users recently*. Those have the ability to listen 24/7, catalog what apps you use and how, and record what is being said at all times. Perhaps I’ll read the privacy policy for that next time, but quite frankly I’m scared to know the full extent to which my speaker is listening in on my life.




Leave a Reply

Your email address will not be published. Required fields are marked *