Spotify now officially even worse than the NSA
It wants to know who you know, where you are and what you like
New terms and conditions popping up on Spotify users screens give the music-streaming company sweeping new rights.
The “What we collect” section of the new terms seems scary enough:
But dig down and that additional information turns out to be pretty comprehensive:
If you connect to the Service using credentials from a Third Party Application (as defined in the Terms and Conditions of Use) (e.g., Facebook), you authorise us to collect your authentication information, such as your username and encrypted access credentials. We may also collect other information available on or through your Third Party Application account, including, for example, your name, profile picture, country, hometown, email address, date of birth, gender, friends’ names and profile pictures, and networks.
If you want to keep the intrusion down you really, really should not connect your Spotify account to your Facebook one:
But it’s not just stuff in your Facebook account. The app will hunt around in your phone for more information about you:
Depending on the type of device that you use to interact with the Service and your settings, we may also collect information about your location based on, for example, your phone’s GPS location or other forms of locating mobile devices (e.g., Bluetooth). We may also collect sensor data (e.g., data about the speed of your movements, such as whether you are running, walking, or in transit).
And it’s well broadcast:
Certain information may always be publicly available to others and other information is made publicly available to others by default. And if you share information to a Third Party Application, that information is viewable on Spotify, regardless of how you set your privacy settings.
If you are a premium user and choose to defer the decision to accept Spotify will give you thirty days to acquiesce. Decide against trading your data for access to the service you'll no longer be able to use it but will still get charged unless you separately cancel your subscription.
The Swedish biz told The Register:
"Spotify is constantly innovating and evolving its service to deliver the best possible experience for our users. This means delivering the perfect recommendations for every moment, and helping you to enjoy, discover and share more music than ever before. The data accessed simply helps us to tailor improved experiences to our users, and build new and personalised products for the future. Recent new features include Spotify Running, which matches the BPM of your music to the pace of your run, or the new Discover Weekly feature, which curates a weekly playlist based on your tastes.
"Throughout, the privacy and security of our customers' data is – and will remain – Spotify's highest priority. We will always ask for individual permission or clearly inform you of the ability to opt out from sharing location, photos, voice and contacts."
The company says it wants access to your photos because it is testing the ability for users to change their profile pictures or add a picture to personalise their playlists. Trawling your address book comes from "looking for ways to more easily find your friends on Spotify to discover music through your social circles".
Some users on the Spotify forum have already said they will decamp to Deezer as result of the new rules. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Privacy Sandbox
- Trusted Platform Module
- Zero trust