27 July 2023, 13:21
By HewardMills
Sound of Silence: Sweden Slaps Spotify with SEK 58m Fine for Mishandling Data Subject Requests
On June 13, 2023, the Swedish Authority for Privacy Protection (IMY) imposed a fine of SEK 58 million (around £5 million) on Spotify for breaching the General Data Protection Regulation (GDPR). The fine was issued after Spotify allegedly failed to comply with GDPR provisions relating to data subject rights. The decision followed an investigation initiated by the IMY in 2019, following complaints from users.
As an online music streaming service, Spotify processes a vast amount of consumer data. To comply with GDPR, users have the right to access their personal data held by businesses and can request information regarding how their data is being used.
However, Spotify failed to provide satisfactory responses to users who exercised their rights of access and did not fulfil its obligations to respond to requests within the specified time frames set out in the GDPR.
The case of Spotify emphasises the importance of GDPR compliance in today’s data-driven world. The mishandling of data subject requests by Spotify underscores the necessity for companies to act with integrity and establish robust procedures that efficiently and transparently deal with such inquiries.
If you would like to discuss this topic or anything else data protection and privacy-related, please contact us.
dpo@hewardmills.comBy HewardMills
27 July 2023, 13:21
Recent articles
31 March 2025, 10:13
How DPOs support organisations to mature their privacy programme
31 March 2025, 10:09
A DPO’s guide to navigating Conformity Assessments under the EU AI Act
31 March 2025, 09:58
Mitigating privacy risks when integrating AI agents into business operations
31 March 2025, 09:28
How China’s New Surveillance Laws Could Impact Privacy Compliance
20 February 2025, 14:49