Spotify is a music streaming service, but for some reason it told users that it wants access to everything on their phones, from contacts to photos to their location.
Today, following widespread user outrage, the app apologized for the August 17 update to its privacy policies that asked for broad permission to use this personal data to improve its service.
Even digital ad experts said this could have been handled better, and that the data grab seemed excessive. Still, Spotify’s problems were more about its failure to better communicate its intentions.
Todd Ruback, chief product officer of Ghostery, a company that helps consumers understand how their data is used for online advertising, said the whole thing could have been avoided if Spotify were just upfront from the start.
“I kind of understand what Spotify was saying, but think it could have been written in a more elegant manner,” Ruback said. “That’s very personal data, when you get into the world of contacts and photos, that’s considered more than personal actually, it rises to a whole other category called ‘sensitive personal data.’”
So with that in mind, here’s the simple explanation for what’s going on and why Spotify is doing this:
What did Spotify do, anyway?
The music service, with about 75 million users, both paying and free subscribers, said it was updating its policies, and would require access to people’s contacts, photos, location, sensor data and other device information.
How could they not see a backlash coming?
Why on Earth would Spotify would need all this data?
Spotify did clarify how each bit of personal information on phones could be used to improve the service by enabling more features and more personalized music listening. For instance, location could help show people what music is popular in their areas, and voice data (access to the microphone) would allow hands-free use. Also, contact information helps Spotify connect listeners with friends.
Yea, but isn’t this all also used for advertising?
Absolutely, Spotify does serve ads for its non-paying subscribers, and it does target those ads based on the type of music they like, their playlists, the time of day and location. Advertising was mentioned in the privacy changes, as well. Spotify says it does not share personal information with third parties.
Don’t all apps collect phone data?
Yes. Parker Higgins, of the Internet advocacy group Electronic Frontier Foundation, said Spotify is hardly alone. “This just exemplifies the general problem with privacy policies, which tend to be a rights grab from the service, and you don’t really have a lot of say,” Higgins said. “Spotify’s policy isn’t necessarily worse than what we see from all sorts of companies.”
Could Spotify have handled this better?
Clearly, because Ek did have to write an emergency blog titled, “Sorry.” Higgins actually credited Spotify with responding at all. “They’re allowed to make changes to the app, and to Spotify’s credit not every company issues any kind of statement,” he said.