With GDPR laws in place, many tech companies are running afoul of privacy groups and data authorities.
Case in point: a Swedish data authority has opened an investigation into Spotify’s handling of consumer’s rights to access their data.
The GDPR’s right to access rule is the primary reason for the investigation. The Swedish Data Inspection Authority sent Spotify several questions concerning their routines for providing access to data to consumers. Spotify has until July 1st to respond to the request, which does not address individual complaints.
Instead, the data authority is looking into how Spotify handles requests for data access in three different areas. That includes what information is provided to customers, which information is copied by Spotify, and how the information is handled after collection.
Back in January, Spotify was hit with complaints concerning GDPR violations from a privacy organization in Austria. The pro-privacy group None of Your Business made ten complaints against major tech companies. Amazon Prime, Apple Music, DAZN, Netflix, Soundcloud, Spotify, and YouTube were all included in that complaint.https://noyb.eu/access_streaming/
The chart below reveals how woefully unprepared these tech companies are complying with the new EU law.
The Swedish Data Inspection Authority is also attempting to understand how well Spotify complies with specific GDPR requests.
Many services set up automated systems to respond to access requests from customers, with no intention of providing the data every user has a right to see.
Peter Steinberger chronicled his experience getting data from Spotify on Twitter. Spoiler alert: The process is long and lengthy and Spotify collects tons of data about you. Spotify even knows which headset you use to listen to music most often and when you connect a new device.
Even after he obtained his data from Spotify, the files needed to be parsed to be readable. Steinberger is a backer of the original Austrian non-profit that brought the issue to the world’s attention in January.