Swedish authorities fined Spotify 58 million kronor ($5.4 million) on Tuesday for failing to adequately educate users about how data collected on them was used.
Spotify stated that it intended to appeal the ruling.
The Swedish Data Protection Authority (IMY) stated that it had evaluated “how Spotify handles customers’ right of access to their personal data.”
“As a result of the shortcomings identified, IMY is imposing a fine of 58 million kronor on the company,” the authority stated.
According to the regulations of the European data protection legislation GDPR, users have the right to know what data a corporation has on a person and how that data is used, according to the regulator.
IMY claimed that, while Spotify did provide data upon request, the firm had not been sufficiently specific about how that data was being utilised.
“Because Spotify’s information has been ambiguous, it has been difficult for individuals to understand how their personal data is processed and to determine whether the processing of their personal data is lawful,” IMY added.
The “shortcomings discovered are considered, overall, to be of low severity,” it noted, justifying the level of the fine based on Spotify’s user numbers and revenue.
The streaming behemoth, which is publicly traded on the New York Stock Exchange, claimed in April that it had 500 million monthly active users and 210 million paid subscribers.
Spotify dismissed the IMY conclusions, telling AFP that it “provides all users with comprehensive information about how personal data is processed.”
IMY “discovered only minor areas of our process that they believe require improvement.” “We disagree with the decision and intend to file an appeal,” Spotify added.
In a second statement, the privacy advocacy organisation Noyb noted that the fine was the result of the group’s complaint and subsequent litigation, and that while they appreciated the verdict, they bemoaned the authorities’ slowness.
“The case took over four years to resolve, and we had to litigate the IMY to get a decision.” “The Swedish authorities must definitely speed up their procedures,” Stefano Rossetti, a privacy lawyer at Noyb, was quoted in the statement as saying.