Sweden demands answers from Spotify over its data practices

Spotify may potentially enter troubled waters in its home country, Sweden. Datainspektionen, the Swedish data-protection authority, has launched a review of Spotify with regards to how it handles requests from people seeking to know the information it holds of them.

“The authority has become aware that there may be some shortcomings in how the company handles registry extracts, including that the extracts are not complete and that the information is not sufficiently clear,” read the official report published on the data protection authority’s website.

The Swedish authority said that it is looking into Spotify as the company is handling a large volume of users and data. It wants to ensure that Spotify is handling user’s requests for registry extracts correctly.

Probes such as this have primarily stemmed from last year’s GDPR legislation in Europe. As GDPR laws are all about giving people right and control over their data, it is essential that requests from users are addressed sufficiently.

“You have the right to turn to a company or authority that processes your personal data and through a registry extract to know what the information is. You should also get information about how the data is used described with a clear and simple language,” said Karin Ekström, a lawyer at the Data Inspection.

Here are the five questions posed by the Data Inspectorate to Spotify. It is asked to address these questions in writing and reply back by July 1st.  While the questions are abridged for brevity, one can find the full version here:

1. How does Spotify ensure that the data subject gets a share of the information to be provided that is under Article 15 (1)(a) to (h) and 15(2)? Format, specifications of the information provided and through what means.
2. Spotify is asked to attach information of such a request with connection to the above question must be attached in an unidentified state.
3. How does Spotify ensure that a person receives all the personal details upon a request? Is there any category of data excluded when you share personal details, or do you share everything?
4. Spotify is asked to attach an example copy of personal data.
5. How does Spotify ensure that all the details shared with the user is concise, clear, understandable and easily accessible? The Data Inspectorate primarily inspects various tech companies and services that deal with personal data and ensures that strict privacy and data protection is enforced. Spotify may be the first of many such tech giants to face probes.