[ad_1]
Over the past few years, the European Union has been the top watchdog when it comes to safeguarding its people’s data. Now, in line with these efforts, the Swedish Authority for Privacy Protection (IMY) has fined Spotify of SEK 58 million ($5.4 million) for allegedly mishandling user data, thereby breaching the General Data Protection Regulation (GDPR).
The complaint, lodged in 2019 by privacy advocacy group Noyb, led by campaigner Max Schrems, stated that Spotify not only failed to provide customer data upon request but also neglected to disclose the purpose of processing such data. Additionally, upon further investigation, the IMY also found that Spotify couldn’t adequately explain how they were using this data, raising some serious concerns.
As a result, the IMY has now ordered Spotify to provide the complete set of requested data and emphasized the need for the company to be transparent about how they handle personal data and the purposes for which they process it.
Stefano Rossetti, a privacy lawyer at Noyb, expressed his satisfaction with IMY finally taking action and stated that it is a basic right for every user to have full information about their processed data. However, he also highlighted the prolonged duration of the case and the need for the Swedish authority to expedite its procedures.
Spotify’s response
While Spotify’s inadequate measures to protect customer data raised some concerns, the IMY considered the violations to be of “low level of seriousness” and recognized that Spotify had taken steps to address the issues. Moreover, the authority also mentioned that they fined Spotify based on its revenue and user count.
In response to the fine, a Spotify spokesperson stated, “Spotify offers all users comprehensive information about how personal data is processed. During their investigation, the Swedish DPA found only minor areas of our process they believe need improvement. However, we don’t agree with the decision and plan to file an appeal.”
[ad_2]
Source link