J003-Content-Spotify-privacy-give-up-a-lot-to-get-a-little_SQThe web is full of companies that offer something for free and invade your privacy in return. Your data is mined and then sold precious information and preferences to marketers all over the world. Recently, the Spotify music service was in the middle of controversy when people starting asking questions about whether it was going too far.

Spotify offers a free music streaming service but there are also users who pay for the service in order to have advertising-free music. Now it seems like Spotify is collecting all the users’ data and passing it on to marketers. Early reports had it that Spotify would look at your contacts, track your movements through GPS, and pore over your photos. It maintained the right to share and sell this data, and these reports claimed you couldn’t opt out. Pretty serious stuff.

There was a mega backlash with Spotify doing serious damage control. I tried to access the new policy, but the page never appeared. I double-checked very recently and the Privacy Policy is up. During my search, I also managed to find a very detailed mea culpa from Spotify CEO Daniel Ek.

Ek didn’t announce changes to the policy, but instead gave his interpretation and attempted to correct any misunderstandings.

”In our new privacy policy, we indicated that we may ask your permission to access new types of information, including photos, mobile device location, voice controls, and your contacts. Let me be crystal clear here: If you don’t want to share this kind of information, you don’t have to. We will ask for your express permission before accessing any of this data – and we will only use it for specific purposes that will allow you to customize your Spotify experience,” Ek wrote.

Ek also addressed how the data is used and says the Privacy Policy also mentions advertisers, rights holders and mobile networks. He continues by saying that when it comes to mobile networks some information needs to be shared with this party as some users choose to sign up through their mobile provider. Turning his attention to advertisers Ek said that any information shared with their partners is “de-identified” meaning the data is passed on anonymously so the advertisers will never know a user’s personal information.

So why does Spotify want this information?

With GPS tracking Spotify would know how fast a jogger is going and offer tunes that fit that speed. When tracking what kind of music you listen to it may also offer custom playlists tailored to what you have been playing recently.

However, while Spotify says it only collects data with your permission, a recent report by CNN Money claims otherwise saying that a user doesn’t have much control about what data is being shared. “If you don’t want to accept the terms of service, there’s not a whole lot that can be done,” the report explains. Some sharing can be disabled by clicking on “edit profile,” in the Spotify app’s settings tab and unchecking the “Yes, share my information with third parties” box. The report continue by saying that if a user doesn’t want  Spotify to go through the device and stop tracking a user’s location there is nothing that can be done bar stopping the service and deleting the account.

This is still a murky situation and we’ll know more once the new policy actually rolls out. Yes, a new Privacy policy is in the works and it should be rolled out in the next few weeks according to Spotify.

Anti-privacy epidemic

Spotify is far from the only vendor with privacy controversies. Yahoo is facing a lawsuit claiming that it parses email from non-Yahoo mail accounts, in apparent violation of its own privacy policies. What this means is that If you are a non-Yahoo mail user, the terms of service allow Yahoo to mine your account for data, and sell your preferences to advertisers to help them target ads. Facebook too has faced a rash of criticism – I know I was offended when Facebook kept asking for my cell phone number.

Facebook clearly mines data, but it also tracks the movements of its mobile users – very detailed tracking using your phone’s GPS – and through Facebook Messenger it can even reveal your location to people you are in contact with. So all your Facebook Messenger contacts can view your detailed movements and whereabouts and this tracking is done without asking you to opt-in.

Despite the heat from privacy advocates, Web vendors show no signs of loosening privacy policies. Back in June, a Belgian privacy regulator lodged a complaint against Facebook accusing the social network of ‘trampling on European Privacy Laws.’ In August Facebook also stopped the internship of Aran Khanna, a Harvard student who created a Chrome plugin which let users track the movements of their friends on Facebook. Khanna said he created the app, cleverly named Marauder’s Map, to show the privacy concerns that came with using Facebook Messenger and not to creep on your friends. Since then Facebook have requested to pull the plug on the app.

Ultimately, privacy is a two way street and users have to accept that it is also their responsibility to make sure they are happy with the policies of services they use. If in doubt, a quick internet search will provide how-to articles on how better to protect yourself.

Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.