I was asked to help conduct this research & write a report on 'Privacy in the EU and US: Consumer experiences across three global platforms' reviewing Amazon, Netflix & Spotify. It's only scratched the surface https://eu.boell.org/en/2019/12/11/privacy-eu-and-us-consumer-experiences-across-three-global-platforms I've mainly used Twitter to comment on it https://twitter.com/PrivacyMatters/status/1205221211350933507?s=20 but intend to use Mastodon more
Spotify engages in a lot of behavioural tracking/profiling in the name of making your account / content more personalised & advertising. It's quite something.
Here's 'Spotify For Brands'https://spotifyforbrands.com/en-US/audiences/…
"We’ve found that how people stream actually tells us a lot about who they are. Our data team has identified five key streaming habits that can help you understand your audience, & better inform your planning"
It is unclear precisely what personal data is obtained from what 3rd parties & the legal basis (consent or LI). Spotify publishes an Art 15 notice that is insufficient IMHO https://support.spotify.com/uk/account_payment_help/privacy/gdpr-article-15-information/
I note the Swedish DPA is querying Spotify on Art 15 matters & that very much reflects my own challenges of unsuccessful attempts to obtain supplemental information from Spotify as per Art 15 of the GDPR. https://www.datainspektionen.se/globalassets/dokument/ovrigt/skrivelse-till-spotify.pdf & https://musically.com/2019/06/13/swedish-data-protection-spotify-gdpr-investigation/
"Spotify analyzed the distinctive streaming habits of Spotify listeners, identifying variations across demographics, platforms, dayparts, music tastes, and behavioral audience segments (sourced from internal first-party data"
"To supplement this analysis, first- and third-party attributes were merged to understand how streaming habits are related to branding measures and purchase behaviors. "
Not only is there Spotify for Brands, but also the Spotify Ads Studio https://adstudio.spotify.com for real time interest and context based advertising.
"Every swipe, skip, and shuffle helps power our targeting solutions so your message can be heard by the right listeners."
When you install the app, Spotify sets a 'privacy' default to ON for cookie tracking, hidden in 'SHOW ADVANCED SETTINGS' (bottom of settings page).
Privacy should be the default not an advanced setting.
See next Toot.
The desktop app 'Privacy' setting is hidden in 'show advanced settings' (& that individuals are not told about in any transparent way), states, "Block all cookies for this installation of the Spotify desktop app; read more details here [links to https://www.spotify.com/us/legal/privacy-policy/]." .. BUT
That 'privacy' default enables cookie tracking via a greyed out slider button. I wonder how many people might think as it's greyed out it's not on and so no tracking taking place? #SpotifyPrivacy
But that's NOT all. From within the desktop app profile, click 'account' - this will open a web browser. Or simply log-into your account via a browser. On the left menu, click the 'apps' option - a 'Spotify Advertising Cookie' is automatically set to 'enable Spotify [tailored] ads'. This is done without an individual enabling 'access'. Consent? No.
The language of normalising surveillance "we want to give you the best possible experience to ensure that you enjoy our service today, tomorrow, and in the future. To do this we need to understand your listening habits so we can deliver an exceptional and personalized service specifically for you." However, ⬇️
There's extreme ambiguity over what is considered & necessary to provide 'personalised service' and what is behavioural advertising or technical functionality ... #SpotifyPrivacy
I'll toot more later this week ... also on Amazon and Netflix.
@Privacymatters I wonder if premium users who pay and therefore do not get shown ads is still served this tracking cookie.
@michel_slm Individuals that pay are also subject to tracking - yes.
By "may negatively impact your experience", in which way this could actually be the case for the user ? As i knew, I've already had the reflex of tweaking it on all my previous Spotify installations and i haven't notice anyjdifference as an ex-3 years user.
@poorpocketsmcnewhold Indeed. It isn't explained. IMHO such language is used to dissuade an individual from taking an action that is not in the company's interest.
@Privacymatters Hi Pat - I haven't read the report yet but quickly skimmed through. Are there significant differences regarding Spotify between gratis/paid-for-subscription users?
@hugo Not that I could determine.
@Privacymatters OK thanks. The report looks really good by the way - easy to navigate and well summarized - well done.
@hugo Thank you. All thanks to TACD and the Heinrich Boll EU office for asking me & the invaluable support of some folks.
@hugo PS. Will you be at CPDP?
@Privacymatters Unfortunately no. Couldn't find an excuse to come and get one day off the firm!
@Privacymatters Interestingly, the only platform from Europe (Spotify) ranks as the worst in many aspects...
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!