Spotify Rolls Out A Revamped, “Plain Language” Privacy Policy Following Controversial Update

Spotify has now made good on its promise to rewrite the controversial update to its privacy policy, which incurred a bit of backlash thanks to its vague language and requests to collect all sorts of personal data, including things like contacts, photos, and media files stored on users’ devices as well as location data and Facebook “likes” and posts. Not surprisingly, the internet had a little something to say about that. Spotify CEO Daniel Ek soon apologized, and said the company would update the policy to better clarify how the permissions will be used.

Now, that plain-language privacy policy has been released, which Spotify says will hopefully provide “a healthy dose of clarity and context.”

Some believed that Spotify’s interest in accessing user data would be used for fairly innocuous purposes – for example, like being able to personalize playlist images with your own photos, or scanning your address book so you could find new friends on the service. However, the issue was not with what Spotify would actually do with the rights customers granted it in exchange for being able to use its service – the problem was that, the way it was written, the policy was over-reaching. It simply demanded too much access to private data with explaining when, how or why that data would be used.

Spotify has corrected its earlier misstep with the new policy, available here. In addition to being rewritten, the company has also added an easy-to-understand introduction to the policy which Spotify says is meant to be a “clear statement of our approach and principles about privacy.” The introduction states that new policy will explain what Spotify does with information it collects with users’ permission, as well as what it does not do with it.

The introduction also says that the information Spotify collects is broken down into two categories: information it needs in order for a customer to use Spotify, and information it asks for in order to provide additional features and improved experiences.

The first category includes things like registration information, tracking of music you access, technical information, location information (which is needed because music licenses are location-specific), and more.

But it was the second category where Spotify before had gotten into trouble. With the updated language, the company addresses users’ concerns over how certain personal data is used, stating that it asks for user’s explicit permission before doing things like scanning your contacts, accessing the microphone, or tracking your specific device location, for example.

Additionally, it spells out why it would need something like access to users’ photos. As noted above, it’s so users can create cover art for a playlist or update their profile picture. The company also says that “we will only access images that you specifically choose, and we will never scan or import your photo library or camera roll.”

“When you agree to our Privacy Policy, you give us the right to collect this information and use it for the purposes described,” the policy states. “Information in the second category is information we will only collect if you explicitly give us permission to do so in the future.”

The updated policy, however, doesn’t exactly represent a set of new terms – users are still giving Spotify the same access rights as before, essentially. But it is better at explaining how and why that data will be used; that in the case of the second category, it’s only accessed with user permission; and that Spotify will only use the data for the reasons it has stated.

Spotify says all users will be able to read and accept the new policy in the coming days and weeks, including those who previously accepted the earlier, controversial version.

It’s true that users don’t generally care about privacy policies and user agreements, having gone blind to the overwrought legalese over the years as we clicked “next” on software installation dialog boxes. But perhaps it’s to the internet community’s credit that we’re becoming more aware of when companies over-step and collectively holding them accountable.