The Swedish Data Protection Authority (IMY) recently imposed a hefty fine of 58 million Swedish Crowns (approximately €5 Million) on Spotify due to their failure to adhere to the individuals’ right to access all personal data and information relating to its use.
Prompted by noyb’s complaints in January 2019, which raised concerns that Spotify were not providing customers with an adequate means of obtaining such information, further pressure from a court case initiated by noyb in June 2022 resulted in a resolution being reached.
The Article 15 GDPR grants users the right to receive copies of their own data, as well as details of its source, who it was transferred to, and information regarding international data transfers. However, Spotify had only partially provided this information, with incomplete datasets and a lack of clarification on how to access the remaining data. IMY has ordered that the company must now meet the requirements of Article 58(2)(c) GDPR, and promptly supply the full scope of information requested.