Spotify and Privacy Laws
What did the policy say?
Under UK law, there is no express right to privacy. The law on privacy in the UK mainly manifests itself in the Data Protection Act 1998 (‘DPA’). Schedule 1 of the DPA lists 8 core principles which anybody responsible for using personal data has to comply with. These are that the data must:
Be processed fairly and lawfully;
- Be obtained for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes;
- Be adequate, relevant and not excessive in relation to the purpose or purposes for which it isprocessed.
- Be accurate and, where necessary, be kept up to date;
- Not be kept longer than is necessary for the purpose or purposes for which it is being processed;
- Be processed in accordance with the rights of the data subject;
- Be protected by appropriate technical and organisational measures against unlawful processing and against accidental loss or destruction of, or damage to, the personal data; and
- Not be transferred to a country or territory outside the EEA unless that country ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
From the above you will see that the processing of personal data is an extremely sensitive area where even the most innocent of steps can be misconstrued. Given this and the complexity of the law it is important to ensure that companies and service providers store consumers’ personal data in a lawful way to avoid being penalised under the DPA.
If you require advice on whether your use and storage of individuals’ personal data is done so in accordance with the DPA then please contact John North, Claus Andersen or Tony Roberts from our corporate team.