Spotify, the music stream giant was on Tuesday fined 58 million kronor ($5.4 million) in Sweden years after it was accused of breaching the data access rights of users in EU by not properly informing users on how data it collected on them was being used, Swedish authorities said.
The Swedish Authority for Privacy Protection’s (IMY) said it had reviewed “how Spotify handles customers’ right of access to their personal data. As a result of the shortcomings identified, IMY is imposing a fine of 58 million kronor on the company.”
Spotify violates the article 15 of European General Data Protection Regulation (GDPR). Under the rules of (GDPR), users have a right to know what data a company has about an individual and how that data is being used.
The complaint was originally filed in Austria in 2019. Under GDPR’s one-stop-shop mechanism, which is supposed to streamline case handling where data-processing crosses national borders, meant the complaint got routed to Sweden where Spotify has its main EU establishment. (Another complaint over the same issue which was filed in the Netherlands was also joined to the case in Sweden.)
Noyb, a privacy activist group said in a separate statement that the fine followed a complaint and subsequent litigation from the group.
“The case took more than four years and we had to litigate the IMY to get a decision. The Swedish authority definitely has to speed up its procedures,” Stefano Rossetti, a privacy lawyer at Noyb, was quoted saying in the statement.
