The company has not communicated with sufficient precision how it uses the data of its users, estimated Integritetsskyddsmyndigheten (IMY), the Swedish data protection authority.
“A person requesting access to their data must be able to easily understand how the company uses this data,” explained Karin Ekström, one of the lawyers who led the investigation within the authority. And in some more complex cases, the explanations around these data must be available “not only in English, but also in the language of the interested party”.
“Minor” shortcomings
But these “are not serious in general,” added the Swedish authority, stressing that the company had “taken various measures to comply with the requirements of the right of access of individuals.”
The amount of the fine is justified by the place that the platform occupies in the legal music streaming sector, and given the number of its users, more than 515 million as of the last data from April.
The Noyb firm, at the origin of the complaint against Spotify, welcomed the Swedish decision, but regretted its late nature. “The case lasted for more than four years and we had to go to IMY for a decision. The Swedish authority must absolutely speed up its proceedings,” said Stefano Rossetti, a lawyer specializing in privacy protection at Noyb.
In force for five years in the European Union, the General Data Protection Regulation (GDPR) has become part of the legislation of each country.
The text, applicable by the national authorities of the Member States since May 2018, allows sanctions of up to 20 million euros or 4% of the worldwide turnover of a company.
Source: BFM TV
