Music streaming giant Spotify was fined 58 million kronor ($5.4 million) on Tuesday by the Swedish Authority for Privacy Protection (IMY) for violating the European Union’s General Data Protection Regulation (GDPR).
The IMY said Spotify had not provided users with clear and concise information about how their data was being collected and used. Specifically, Spotify had not provided users with information about how their data was being used for targeted advertising.
The GDPR requires companies to provide users with this information in a “clear and concise” manner and to make it easy for users to understand how their data is being used. Spotify has said it will appeal the fine.
This is not the first time Spotify has been fined for GDPR violations. In 2021, the company was fined 2 million euros ($2.1 million) by the French Data Protection Authority for failing to properly delete users’ data when they requested it.
The GDPR is a complex piece of legislation, and it can be difficult for companies to comply with all of its requirements. However, the fines that Spotify has been hit with are a reminder that companies need to take data privacy seriously.
What does this mean for Spotify users?
The IMY’s decision is a victory for privacy advocates, and it sends a strong message to companies that they need to comply with the GDPR. For users, this means that they have more control over their data. They can now be confident that Spotify will not use their data without their consent, and that they can easily request that Spotify delete their data.