Why You Shouldn't Freak Out Over Spotify's New Privacy Policy There are valid reasons why the company has asked to collect info stored on your phone.
This story originally appeared on Engadget
The internet is awash with reports that Spotify, the music streaming service, is adopting The Big Book of Dystopian Futures as its new corporate policy. The furor is over the company's updated privacy policy, which includes new statements about what it will and won't do with your data. A brief reading of the changes raises a few questions about the company's need to access things like your contacts and photos. "You Can't Do Squat About Spotify's Eerie New Privacy Policy," says Wired. That's true, but you also can't do much about any company's privacy policy, apart from stop using its services. Besides, if you actually take a look, Spotify's really isn't that egregious.
Spotify confirmed evil. http://t.co/Cj6RUc2e45
— Markus Persson (@notch) August 21, 2015
The main areas of contention in the new policy, highlighted by Wired and others, are three additions. Here's the first:
With your permission, we may collect information stored on your mobile device, such as contacts, photos, or media files. Local law may require that you seek the consent of your contacts to provide their personal information to Spotify, which may use that information for the purposes specified in this Privacy Policy.
Sounds pretty bad, doesn't it? Here's the thing though: this doesn't mean Spotify is going to scrape your phone for contacts, photos, or media files. As the privacy policy states "with your permission," Spotify has committed to ask you before collecting any of this information. "We will always ask for individual permission or clearly inform you of the ability to opt out from sharing location, photos, voice and contacts," the company clarifies further in a blog post announcing the changes. But why might it want that data in the first place?
There, @Spotify account ended. I suggest you do the same. Privacy policies like that must die. I'll happily resume sub after remedies.
— Henrik Pettersson (@carnalizer) August 21, 2015
All of these features are pretty easy to explain. Spotify CEO Daniel Ek says this will be used to personalize playlist images or update profile pictures, two features that are apparently on the way but not yet integrated into the app. There's also a "find friends" feature that will let Spotify scan your address book and suggest connections. This is a super common among apps, and will be entirely optional. What about photos? Let's put aside the notion that Spotify gives a damn about the hundreds of pet and food pics on your phone for a second. When it comes to "media files," your guess is as good as ours, but maybe Spotify'll add a song-matching feature, or bring back local music playback? Either way, it will ask you first.
As for the "seek the consent of your contacts," this is really Spotify covering its back. Some countries have strict privacy laws, and your contacts' information may not be yours to share. In reality, you should always ask your friends if they're okay with you sharing their information with a company. Just because you're a total jerk if you don't.
So that really wasn't that bad, was it? Here's the second change:
Depending on the type of device that you use to interact with the Service and your settings, we may also collect information about your location based on, for example, your phone's GPS location or other forms of locating mobile devices (e.g., Bluetooth). We may also collect sensor data (e.g., data about the speed of your movements, such as whether you are running, walking, or in transit).
The company has a fitness feature in its apps called Spotify Running, which matches music to the pace of your running using -- you guessed it -- the sensor data from your phone. It's a little bad that Spotify has taken this long to add this stuff into its policy, but the fact remains that this is not new behavior for the apps.
Ready for number three?
You may integrate your Spotify account with Third Party Applications. If you do, we may receive similar information related to your interactions with the Service on the Third Party Application, as well as information about your publicly available activity on the Third Party Application. This includes, for example, your "Like"s and posts on Facebook. We may use cookies and other technologies to collect this information; you can learn more about such use in the section Information about cookies, other technologies, and third-party data collection of this Privacy Policy.
So this isn't actually much of an addition at all. It's more of a clarification. The old policy said it would get lots of information from your Facebook account, but didn't do a great job at specifying what it would receive through the link. There's a line about "information that may be available on or through your Facebook account," but it doesn't mention Likes. It's pretty useful to know that Facebook is sending Spotify this stuff, and if you don't like it, you can just not integrate your account with Facebook -- I know I haven't, mainly because I'd rather not be judged on my awful listening habits. You also have the option of going through Facebook's privacy settings to limit what's sent to third parties.
Spotify notes that "If you don't agree with the terms of this Privacy Policy, then please don't use the Service." While this sounds pretty harsh, what else do you expect the company to say? As my esteemed ex-colleague and friend points out, it's very easy to have a knee-jerk reaction to privacy policies. Spotify is clearly, with this privacy policy, capable of gathering a lot of data about us, especially through Facebook. Yes, the company could have done a better job at explaining why it might access your data, rather than have its CEO explaining the minutia on Twitter. Yes, it can probably take those explanations and add them into the policy. But no, this isn't the end of the world, it's really just a lot of fuss about some very simple future and present app permissions.
Update: Spotify CEO Daniel Ek has issued an apology for causing "a lot of confusion" with the new privacy policy. In a post on Spotify's site, he says the company "should have done a better job in communicating what these policies mean and how any information you choose to share will – and will not – be used." He follows up to breakdown what each of the new permissions are used for, and says Spotify will "update the new Privacy Policy in the coming weeks to better reflect what we have explained above." Yay!