Music streaming service Spotify made some major updates to its privacy policy today for both freemium and paid members – and some of the information it collects from its users is downright stalkerish.
The company will now be able to access much more information on users' phones including GPS and location data, sensor information about the speed of a user's movements and whether they are walking, running or in transit, and even vaguely alludes to using information stored on their phone such as contacts, photos or media files.
> See also: Facebook denies fresh allegations that it DOES collect the text you decided against posting
The amended policy also stipulates that Spotify will collect voice commands such as requests and searches, and the date and time they were made.
'By accepting the privacy policy, you expressly authorise spotify to use and share with other companies in the spotify group, as well as certain trusted business partners an and service providers,' says the updated privacy policy, 'which may be located outside of the country of your residence (including countries which do not provide the same level of protection for the processing of personal data…).'
The changes were spotted by an eagle-eyed Spotify member who happened to be a reporter for Forbes,but how likely are other users to be aware that Spotify is suddenly letting unknown companies know exactly where they are and what they're doing while they're enjoying its music service? Because, let's face it, who actually bothers to actually read the many long-winded privacy policies we're now faced with on a daily basis?
Spotify says it will use the information – which is 'non-identifying' – to tailor content and adveriting towards its users, as well as providing services such as its running feature that uses sensor data. But as Forbes writer Thomas Fox-Brewster asks, 'at what cost? What about those customers who don’t use the services that take advantage of the extra data collection?'
Cloud security and enablement company Skyhigh Networks believes that this change is indicative of the technology industry today, in which companies are increasingly taking advantage of the fact that, nine times out of ten, users won't read the terms and conditions.
'Spotify’s changes to its terms and conditions are giving it more power over your data, knowing full well that the majority of users won’t notice, and those that do probably won’t care in the slightest,' says Skyhigh Networks' Nigel Hawthorn. 'We’re so used to clicking ‘I agree’ that we’re paying less and less attention to what it is we’re agreeing to, and rarely question why these companies need our data in the first place.'
> See also: Privacy vs. personalisation – building trust in a digital world
Things get trickier still when you consider that a large proportion of mobile devices today have a mix of private and corporate data, adds Hawthorn.
'We’ve seen several high profile breaches just this week, where user data has been lost. As companies like Spotify store and are responsible for more user data, that’s information that can go the way of Ashley Madison in case of a data breach – put online or sold to the highest bidder.'
UPDATE:
Spotify has released the following statement in reponse to this story:
'Spotify is constantly innovating and evolving its service to deliver the best possible experience for our users. This means delivering the perfect recommendations for every moment, and helping you to enjoy, discover and share more music than ever before.
The data accessed simply helps us to tailor improved experiences to our users, and build new and personalised products for the future. Recent new features include Spotify Running, which matches the BPM of your music to the pace of your run, or the new Discover Weekly feature, which curates a weekly playlist based on your tastes.
Throughout, the privacy and security of our customers' data is – and will remain – Spotify's highest priority.'