Court reduces Spotify GDPR fine to 4 Million Euros
The Administrative Court, in alignment with the Swedish Data Protection Authority, has decided to impose a reduced sanction of 40 million euros on Spotify AB for violations of the GDPR. The court found that Spotify AB provided inadequate information to registered customers, leading to the sanction reduction from the initial 58 million euros imposed by the Data Protection Authority due to deficient procedures in handling customer data requests
The court acknowledged that Spotify AB breached the GDPR by providing insufficient information to customers, although not to the extent claimed by the Data Protection Authority. Rådmannen Sofi Nyström stated that while the violation occurred, it was not as severe as assessed by the Authority, justifying the reduction in the sanction amount.
The Data Protection Authority’s decision on imposing a 5 million euro sanction on Spotify AB was based on the company’s failure to meet the requirements of Articles 12.1 and 15 of the GDPR in handling customer data requests. The Administrative Court’s ruling highlights the importance of providing accurate and comprehensive information to customers regarding their personal data.
