At Royds Withy King we are still able to serve all your legal needs during the Coronavirus pandemic. Find out more.

Search our news, events & opinions

On 1 September 2016 Withy King LLP merged with Royds LLP. The trading name for the merged firm is Royds Withy King. All content produced prior to this date will remain in the name of the firms pre-merger.

24 September 2015 0 Comments
Posted in Opinion

Spotify and Privacy Laws

Author headshot image Posted by , Partner

Spotify, the commercial music streaming service, recently updated its privacy policy to include details of what it will do and what it won’t do with consumers’ data. The updated policy made references to the collection of consumers’ photos, phone contacts and media files, which caused a backlash for those who felt that it was an invasion of privacy and was unnecessary for the purposes of streaming music.

What did the policy say?

The updated policy stated that: “With your permission, we may collect information stored on your mobile device, such as contacts, photos, or media files. Local law may require that you seek the consent of your contacts to provide their personal information to Spotify, which may use that information for the purposes specified in this Privacy Policy”.

The law

Under UK law, there is no express right to privacy. The law on privacy in the UK mainly manifests itself in the Data Protection Act 1998 (‘DPA’). Schedule 1 of the DPA lists 8 core principles which anybody responsible for using personal data has to comply with. These are that the data must:

Be processed fairly and lawfully;

  • Be obtained for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes;
  • Be adequate, relevant and not excessive in relation to the purpose or purposes for which it isprocessed.
  • Be accurate and, where necessary, be kept up to date;
  • Not be kept longer than is necessary for the purpose or purposes for which it is being processed;
  • Be processed in accordance with the rights of the data subject;
  • Be protected by appropriate technical and organisational measures against unlawful processing and against accidental loss or destruction of, or damage to, the personal data; and
  • Not be transferred to a country or territory outside the EEA unless that country ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Reassurance

The CEO of Spotify came forward to iron out the issues in what at first sight appeared to be a controversial modification of the company’s privacy policy. He stated that the information collected would be used to personalise playlist images or update profile pictures, features which have not yet been integrated into the app. He said that the app will offer a ‘find friends’ feature which will permit Spotify to scan address books and suggest connections. It was re-iterated that the tracking of consumers’ locations would simply enable Spotify to keep consumers up-to-date with music trending in their proximity. In relation to the sharing of data with partners of Spotify, who assist with the company’s marketing and advertising, the information shared is de-identified so no personal data is shared.

The CEO assured consumers publicly that their personal data will not be misused or used against their will. It was made clear in his speech and in Spotify’s newly drafted privacy policy that if consumers do not want to share this kind of information, they do not have to.

Be careful

From the above you will see that the processing of personal data is an extremely sensitive area where even the most innocent of steps can be misconstrued. Given this and the complexity of the law  it is important to ensure that companies and service providers store consumers’ personal data in a lawful way to avoid being penalised under the DPA.

If you require advice on whether your use and storage of individuals’ personal data is done so in accordance with the DPA then please contact John North, Claus Andersen or Tony Roberts from our corporate team.

Leave a comment

Thank you for choosing to leave a comment. Please keep in mind that comments are moderated and please do not use a spammy keyword or a domain as your name or it will be deleted.

*required*

**required*

*optional*

Opinion

Learn more

Partner

T: 020 7842 1490 (DDI)
Email

Search our news, events & opinions