Sweden's data protection authority, the Integritetsskyddsmyndigheten, fined Spotify SEK58 million for alleged EU General Data Protection Regulation violations related to transparency. The IMY found Spotify responds to data access requests but "does not inform clearly enough about how this data is used by the company." The regulator added Spotify needs to be "more specific" with its disclosure of data practices and make it "easy for the person requesting access to their data to understand how the company uses this data."
13 June 2023
Sweden's DPA issues SEK58M GDPR fine to Spotify
Related stories
Notes from the Asia-Pacific region: OPC's biometric processing code is a major step
India's CCPA guidelines on dark patterns: Welcome signal, but law is still soft
Reforming the GDPR for tomorrow's technologies: Why Europe needs targeted GDPR reform
Notes from the IAPP Europe: EU digital rule book guidance, implementation support, data flow developments
Proportionality in personal data use and right to avoid unsolicited communications in Peru
