He tweeted a link to Wired’s article this morning accompanied by the message “Spotify confirmed evil.” He then tweeted the company directly: “.@Spotify Hello. As a consumer, I’ve always loved your service. You’re the reason I stopped pirating music. Please consider not being evil.” before revealing that he had cancelled his account.
Ek responded a few minutes later: “Have you read our blog? We explicitly will ask when using camera or GPS. However both changing playlist image and running feature” – referring to potential uses for those two permissions.
There followed a rapid-fire exchange of views – Storified in full below – with Notch suggesting that the new policy was “Feature creep for privacy invasion. I want NONE of those features. I want to stream music”, while Ek replied that “And again it’s *if* you use those features that we’ll ask permissions for it.”
Ek also compared Spotify’s move to Twitter’s app’s request for access to people’s photos: “Twitter doesn’t need your photos. But it’s nice that I can post a photo. Similarly, I’d argue it’s a nice thing that I can upload a photo to my playlist to personalise it.”
Notch was unmoved, drawing attention to Spotify’s relationship with Facebook, and closing with a tart “But I do understand how easy it is to make up small features to require access to the entire phone so you can sell your customers.”
For Spotify, it’s true that the company will still have to ask people’s permission for access to all this information. On iOS devices that will happen as individual pop-up permissions dialogues as people try to use new features – for example, they’ll be asked for photo access if they try to upload a new pic for a playlist.
Notch makes some important points, however. Once Spotify has been granted access to someone’s location for running features, will it be using that data for other purposes in the future – sharing them with advertisers for example – and if so, will it explain this to people so that they can revoke the permission if they disagree?
As things stand, you should be able to opt out of sharing your photos, contacts, location and sensor data with Spotify and continue just streaming music. But it’s reasonable for people to worry about whether this will be the case, and to expect more clarification from Spotify about its intentions.
In fact, it’s a good thing that people are talking publicly about data permissions in apps of all kinds, not just Spotify. A default position of ‘why do you need access to this information / phone feature?’ and ‘what else might you do with the data?’ feels pretty sensible in 2015. And, if you want to get deeper: ‘How are you storing my data, how long are you storing it for, and how secure is it?’ too.
Calling Spotify “creepy” or “evil” is over-dramatising this important debate: but it is no bad thing that the company is under the same pressure to provide clear answers to those questions as any popular app.