Update: Spotify’s CEO Daniel Ek has apologized for being invasive. They’re going to try to figure out how to word all this better.
It looks like Spotify is trying to give users a good reason to switch to Apple Music. As first reported in Forbes, Spotify’s new privacy policy is particularly invasive. Here are some of the more egregious sections:
3.3 Information Stored on Your Mobile Device
With your permission, we may collect information stored on your mobile device, such as contacts, photos, or media files. Local law may require that you seek the consent of your contacts to provide their personal information to Spotify, which may use that information for the purposes specified in this Privacy Policy.
3.4 Location and sensor information
Depending on the type of device that you use to interact with the Service and your settings, we may also collect information about your location based on, for example, your phone’s GPS location or other forms of locating mobile devices (e.g., Bluetooth). We may also collect sensor data (e.g., data about the speed of your movements, such as whether you are running, walking, or in transit).
Spotify seems to want to peer into much of your personal data: contacts, photos, media files. To be fair, this section doesn’t mean that it’s going to scan your entire device; it may simply mean that it will need permission to access your contacts to allow you to search for users based on their email addresses, or that it needs access to your photos to allow you to choose a photo for your profile. However, the privacy policy does not specify this, and it would be a good idea for Spotify to make such things clearer. And media files? Well, it can play back files that you’ve synced to your device, so there’s nothing invasive about that.
The sensor data – your pace – is needed for Spotify’s new feature of playlists that match your running speed. The location data is a bit more worrisome; I really don’t want Spotify to track where I am.
Spotify also wants to monetize you. And that’s what’s invasive.
3.8 Spotify service providers and partners
We may also receive information about you from our service providers and partners, which we use to personalise your Spotify experience, to measure ad quality and responses to ads, and to display ads that are more likely to be relevant to you.
5.2.1 Marketing and advertising
We may share information with advertising partners in order to send you promotional communications about Spotify or to show you more tailored content, including relevant advertising for products and services that may be of interest to you, and to understand how users interact with advertisements. The information we share is in a de-identified format (for example, through the use of hashing) that does not personally identify you.
So they want to spam you.
Finally, they want to use and share your payment data, even with companies that may be outside the country you live in, and even if it is, according to local law, information that is not allowed to be shared:
BY ACCEPTING THE PRIVACY POLICY, YOU EXPRESSLY AUTHORISE SPOTIFY TO USE AND SHARE WITH OTHER COMPANIES IN THE SPOTIFY GROUP, AS WELL AS CERTAIN TRUSTED BUSINESS PARTNERS AND SERVICE PROVIDERS, WHICH MAY BE LOCATED OUTSIDE OF THE COUNTRY OF YOUR RESIDENCE (INCLUDING COUNTRIES WHICH DO NOT PROVIDE THE SAME LEVEL OF PROTECTION FOR THE PROCESSING OF PERSONAL DATA AS THE COUNTRY OF YOUR RESIDENCE), THE INFORMATION PROVIDED BY YOU TO SPOTIFY, EVEN IF SUCH INFORMATION IS COVERED BY LOCAL BANKING SECRECY LAWS. YOU ACKNOWLEDGE AND AGREE TO THE IMPORTANCE OF SHARING SUCH INFORMATION FOR THE PROVISION OF THE SPOTIFY SERVICE AND ALSO AGREE THAT, BY ACCEPTING THIS PRIVACY POLICY, WHERE APPLICABLE AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, YOU EXPRESSLY WAIVE YOUR RIGHTS UNDER SUCH BANK SECRECY LAWS WITH REGARD TO SPOTIFY, ANY COMPANY IN THE SPOTIFY GROUP, AND ANY TRUSTED BUSINESS PARTNERS AND SERVICE PROVIDERS, WHICH MAY BE LOCATED OUTSIDE YOUR COUNTRY OF RESIDENCE. THIS CONSENT IS GIVEN FOR THE DURATION OF YOUR RELATIONSHIP WITH SPOTIFY.
(Sorry for the all caps; that’s how it appears in Spotify’s privacy policy.)
Finally, Spotify reserves the right to sell your personal data:
5.2.5 Other sharing
In addition to the above, we may also share your information with third parties for these limited purposes:
to allow a merger, acquisition, or sale of all or a portion of our assets;
Most people will simply ignore this. But if you do care about privacy, it might be time to check out that free Apple Music trial.