News
NEW
Spotify hit with €5M fine in Sweden for GDPR violation
Spotify hit with 5M fine in Sweden for GDPR violation

Published June 20, 2023
by Yes We Trust

min read

Summary

    Spotify, the music streaming company, is facing a fine of 58 million Swedish Crown (around €5M or $5.4M), for failing to fully comply with the right of access held under the General Data Protection Regulation (GDPR).

    Under the GDPR, businesses are required not only to provide ways for users to request access, deletion, or modification of their personal data that has been collected, but also to be specific about how this information is handled, and for what purpose, something that Spotify has apparently failed to do according to the Swedish Data Protection Authority (IMY): 

    "It must be easy for the person requesting access to their data to understand how the company uses this data. In addition, personal data that is difficult to understand, such as those of a technical nature, may need to be explained not only in English but in the individual’s own, native language. In these parts, we have seen certain shortcomings."

    - Karin Ekström, IMY lawyer (source: Sweden Postsen)

    The original complaint dates back to 2019 and was filed by Max Schrems' noyb, when Spotify did not provide adequate details in response to a personal data request. The case was originally filed in Austria, before being sent to the Swedish DPA, where Spotify is based. In a recent statement, noyb mentions the significant time it took for the complaint to be addressed:

    "We are glad to see that the Swedish authority finally took action. It is a basic right of every user to get full information on the data that is processed about them. However, the case took more than 4 years and we had to litigate the IMY to get a decision. The Swedish authority definitely has to speed up its procedures."

    - Stefano Rossetti, privacy lawyer at noyb (source: noyb)

    Data Subject Access Requests (DSARs) can be handled with the appropriate technological solutions and processes. To learn more about these requests, what they entail, and how to get ready, head to this educational piece covering everything you need to know:

    Learn everything you need to know about DSARs

    Related Articles
    Our freshest data privacy content for you
    • News

    NOYB challenges Meta with GDPR complaint over controversial subscription model │ Yes We Trust

    November 29, 2023 by Jivika Lillaney

    NOYB challenges Meta with GDPR complaint over controversial subscription model

    Read Article

    • News

    Adtech company Criteo hit with €40M fine by French DPA | Yes We Trust

    June 27, 2023 by Yes We Trust

    Adtech company Criteo hit with €40M fine by French DPA

    Read Article

    • News

    Norway bans Meta from using behavioral ads without user consent | Yes We Trust

    July 18, 2023 by Yes We Trust

    Norway bans Meta from using behavioral ads without user consent

    Read Article

    • News

    Expect to give up your data as a trade-off for using a Fitbit│Yes We Trust

    September 4, 2023 by Jivika Lillaney

    Giving up your data: a fair trade-off for using a Fitbit?

    Read Article

    • News

    Meta to launch ad-free subscription plans in Europe | Yes We Trust

    November 2, 2023 by Jivika Lillaney

    Meta to launch ad-free subscription plans in Europe

    Read Article

    • News

    Google's Bard is now available - unless you're in the EU or Canada | Yes We Trust

    May 16, 2023 by Yes We Trust

    Read Article