PhotoOver the weekend, the music-streaming service Spotify introduced – and then hastily clarified – a new privacy policy which critics largely interpreted as “If you use our service, you won't have any privacy.”

Some loss of privacy is unavoidable with any online or streaming service. In the case of Spotify (which offers two tiers of service: a free subscription with advertising, or $9.99 per month ad-free), it's practically a tautology that if you listen to music through the service, it therefore knows what sort of music you listen to.

But on August 19, Spotify upped the ante with a revised privacy policy that was instantly, and near-universally, despised: Wired called it “eerie,” Forbes called it “creepy,” and CNN Money dubbed it “super-creepy.”

Privacy changes

What changes inspired such impassioned responses? Here's a sampling: “With your permission, we may collect information stored on your mobile device, such as contacts, photos, or media files. Local law may require that you seek the consent of your contacts to provide their personal information to Spotify, which may use that information for the purposes specified in this Privacy Policy.”

So the music-streaming service wanted access to users' email contacts and personal photos. And that's not all. Spotify also wanted information connected to users' Facebook pages (if applicable), including “your username ... and other information that may be available on or through your Facebook account, including your name, profile picture, country, hometown, e-mail address, date of birth, gender, friends' names and profile pictures and networks.”

Depending on the type of device subscribers used to listen to Spotify, “we may also collect information about your location based on, for example, your phone’s GPS location or other forms of locating mobile devices (e.g., Bluetooth). We may also collect sensor data (e.g., data about the speed of your movements, such as whether you are running, walking, or in transit).” The location-and-speed monitoring was specifically for users of Spotify Running, which automatically matches music to the pace at which you're traveling.

Spotify users who didn't like the new policies were offered the following helpful suggestion: “If you don't agree with the terms of this Privacy Policy, then please don't use the Service.”


The almost-instant backlash inspired Spotify CEO Daniel Ek to respond to critics in a blog post titled “SORRY”:

In our new privacy policy, we indicated that we may ask your permission to access new types of information …. Let me be crystal clear here: If you don’t want to share this kind of information, you don’t have to. We will ask for your express permission before accessing any of this data – and we will only use it for specific purposes that will allow you to customize your Spotify experience.

To be fair, it's possible that the entire controversy was merely a misunderstanding. Fast Company, for example, said that “Spotify's privacy gaffe was poor messaging, not bad policy.”

And Ek's apologetic blog post seemed to agree; he repeatedly stressed that these proposed policy changes would only be implemented with users' permission. “We will never access your photos without explicit permission …. We will never gather or use the location of your mobile device without your explicit permission …. We will never access your microphone without your permission …. ”

Furthermore, as Wired later pointed out, Spotify's policy actually isn't different from those of other music services, including Pandora, Tidal, Google Play, and Beats Music. (Tom Warren, editor at The Verge, dismissed the controversy as a “typical overreaction to reading a privacy policy. Go read a bunch of other policies and you'll never use the Internet again.”)

Share your Comments