The streaming platform processes tons of personal data. However, it’s difficult for its users to understand what Spotify needs their information for.
The Swedish Privacy Authority (IMY) has fined the streaming platform 58 million Swedish kronor ($5.4 million) after investigating how Spotify handles customers' right to access their personal data.
According to The General Data Protection Regulation (GDPR) that came into force in 2018, customers have the right to find out what personal data businesses handle and how that information is used.
IMY said Spotify needs to inform its customers clearly about how their data is being used.
Karin Ekström, one of the lawyers in charge of the recent investigation, said Spotify should be more specific.
"It must be easy for the person requesting access to their data to understand how the company uses this data. In addition, personal data that is difficult to understand, such as those of a technical nature, may need to be explained not only in English but in the individual's own language," Ekström said.
Spotify collects a treasure trove of customer data, for example, contact and payment details, favorite artists, and listening history. As per European laws, citizens have the right to access the data of any business process about them. They can ask for the information to be corrected or removed.
In Spotify's case, IMY said the information provided to customers was unclear, and it could have been difficult for individuals to understand how their personal information was processed.
Spotify has over 515 million monthly active users.
More from Cybernews:
Subscribe to our newsletter