Spotify, which was fined $5.4 million over privacy concerns, will appeal

Music media giant Spotify was fined 58 million Swedish kronor (approximately $5.4 million) by the Swedish Privacy Protection Agency (IMY) for failing to clearly inform users about the use of the user data it collects. Spotify said it would appeal the decision. IMY explained that the reason for the fine was a flaw found after a review of the way Spotify handled customers’ access to their personal data.

Europe’s data protection law, the GDPR, states that users have the right to know what personal data a company holds and uses. IMY notes that while Spotify does provide the data it collects when individuals request it, it is not specific enough about how that data is used. The ambiguity provided by Spotify makes it difficult for individuals to understand how their personal data is processed and to confirm the lawfulness of the way they process it.

IMY added that the deficiencies found were considered low in severity and that the amount of the fine was determined based on Spotify’s subscriber numbers and revenue. It is worth noting that Spotify announced in April this year that its monthly active users have exceeded 500 million, and the number of paid users has reached 210 million.

Spotify disagreed with IMY’s findings, saying the company “provides all users with comprehensive information about how personal data is handled.” Spotify noted in a statement that IMY has only identified a small number of areas where it believes the company needs improvements in its processes, and Spotify does not agree with such a decision and will appeal it. In addition, privacy advocacy group Noyb welcomed the fine but regretted the delay in the decision by the Swedish authorities.