It’s a mark of how seriously Spotify took the criticism that CEO Daniel Ek was at the forefront of its response: initially on Twitter in a public discussion with fellow Swedish founder Markus ‘Notch’ Persson (the creator of Minecraft) and then in a blog post clarifying the new policy and apologising for the initial communication around it.
The key, as we pointed out on Friday morning, was that while Spotify’s policy mentioning accessing people’s photos, contacts, location and microphone has to be accepted, those individual permissions will be asked for again at the point when they are needed – and users will be able to reject them individually. “Let me be crystal clear here: If you don’t want to share this kind of information, you don’t have to,” wrote Ek.
“We will ask for your express permission before accessing any of this data – and we will only use it for specific purposes that will allow you to customise your Spotify experience.” So, no scanning a user’s entire photo library, but rather enabling them to upload photos for playlist cover art or a new profile pic; no recording users’ every utterance, but rather voice controls for Spotify’s app; and so on. “We should have done a better job in communicating what these policies mean and how any information you choose to share will – and will not – be used.”
Ek’s blog post was certainly clear, although it sets Spotify a high bar for the future. One of Notch’s comments – “I do understand how easy it is to make up small features to require access to the entire phone so you can sell your customers” – is worth remembering. The way mobile permissions work (now on iOS and soon on Android too) is that an app asks for access to a particular type of data – location, photos etc – once, and then has that access until it’s revoked by the user.
If Spotify is ever caught using the data it accesses for the specific features mentioned by Ek, for other purposes, the company will be hammered in the media all over again. But this time with justification. But again, as we pointed out on Friday, this applies to all digital music companies (and, indeed, all apps/tech companies) not just Spotify.