Some believed that Spotify’s interest in accessing user data would be used for fairly innocuous purposes – for example, like being able to personalize playlist images with your own photos, or scanning your address book so you could find new friends on the service. However, the issue was not with what Spotify would actually do with the rights customers granted it in exchange for being able to use its service – the problem was that, the way it was written, the policy was over-reaching. It simply demanded too much access to private data with explaining when, how or why that data would be used.
Spotify has corrected its earlier misstep with the new policy, available here. In addition to being rewritten, the company has also added an easy-to-understand introduction to the policy which Spotify says is meant to be a “clear statement of our approach and principles about privacy.” The introduction states that new policy will explain what Spotify does with information it collects with users’ permission, as well as what it does not do with it.
The introduction also says that the information Spotify collects is broken down into two categories: information it needs in order for a customer to use Spotify, and information it asks for in order to provide additional features and improved experiences.
The first category includes things like registration information, tracking of music you access, technical information, location information (which is needed because music licenses are location-specific), and more.
But it was the second category where Spotify before had gotten into trouble. With the updated language, the company addresses users’ concerns over how certain personal data is used, stating that it asks for user’s explicit permission before doing things like scanning your contacts, accessing the microphone, or tracking your specific device location, for example.
Additionally, it spells out why it would need something like access to users’ photos. As noted above, it’s so users can create cover art for a playlist or update their profile picture. The company also says that “we will only access images that you specifically choose, and we will never scan or import your photo library or camera roll.”
The updated policy, however, doesn’t exactly represent a set of new terms – users are still giving Spotify the same access rights as before, essentially. But it is better at explaining how and why that data will be used; that in the case of the second category, it’s only accessed with user permission; and that Spotify will only use the data for the reasons it has stated.
Spotify says all users will be able to read and accept the new policy in the coming days and weeks, including those who previously accepted the earlier, controversial version.
It’s true that users don’t generally care about privacy policies and user agreements, having gone blind to the overwrought legalese over the years as we clicked “next” on software installation dialog boxes. But perhaps it’s to the internet community’s credit that we’re becoming more aware of when companies over-step and collectively holding them accountable.