Spotify hits back over ‘creepy’ data-collecting claim



In June, we wrote a piece in our Music Ally report noting the trend for technology companies to be greeted with growing suspicion every time they asked for more data from their users.

It was focused on companies like Google and Facebook, but this week it’s Spotify under the microscope for its updated terms and conditions of use, as well as a new privacy policy.

“We may ask for customer permission to collect information from new sources, such as address book, location, and sensor data from the mobile device to improve the customer experience and inform product decisions,” explained Spotify in a blog post earlier this week.

But by yesterday, this was being reported on Forbes with the headline: ‘Location, Sensors, Voice, Photos?! Spotify Just Got Real Creepy With The Data It Collects On You’. The thrust of the Forbes piece is essentially: Why would a music app need any of this data?

To which Spotify’s response – provided to Music Ally – includes the claim that “the data accessed simply helps us to tailor improved experiences to our users, and build new and personalised products for the future… Throughout, the privacy and security of our customers’ data is – and will remain – Spotify’s highest priority.”

The difficulty being that, with these being unannounced future features, Spotify isn’t giving any more detail that might assuage privacy fears.

Spotify could ask for access to users’ photos to enable them to change their profile picture or even send snaps to friends with songs through its Inbox feature. It could ask for access to their address book to connect them with friends as an alternative to a Facebook login.

It could ask for access to the microphone to use voice commands while, say, driving: “Ok Spotify, play me ‘Cuddly Toy’ by Roachford…” Or it could ask for location data to add some kind of geo-recommendations feature, or expand its Running section with actual run-tracking.

The key phrase in all this is “ask for access”. It’s true that users have no choice but to accept the new terms and conditions, as if they don’t within 30 days their access to Spotify will be blocked. But they will be able to decline these individual requests: on iPhone, for example, they’d get a pop-up prompt to grant or block access to location, the microphone etc.

(Update – as reader Doug Davis pointed out on Twitter: “Apple users can say no. Android users cant till Q4 when Android M is released.”)

This isn’t Big Brother, then, but the Forbes piece does serve to show that Spotify and other streaming music services are under the same privacy spotlight as the biggest tech firms.

We talk a lot about the need for more transparency around streaming royalties, but transparency around what user data these services are accessing and how they use and share it is also an important issue.

Providing that transparency while avoiding announcing specifics of future product roadmaps to the world will be the challenge. But it’s one that mustn’t be dodged.

Written by: Stuart Dredge