Spotify has updated its Privacy Policy with a number of drastic changes that will give the music streaming service direct access to your photos, contacts and even your exact GPS location.
The worrying update specifically states that the app would also use the sensors on your iPhone or Android smartphone to track if you're walking or running while logging your exact location using GPS.
Spotify CEO Daniel Elk speaks at one of its regular product updates
The new privacy policy states:
"3.3 Information Stored on Your Mobile Device
With your permission, we may collect information stored on your mobile device, such as contacts, photos, or media files. Local law may require that you seek the consent of your contacts to provide their personal information to Spotify, which may use that information for the purposes specified in this Privacy Policy.
3.4 Location and sensor information
Depending on the type of device that you use to interact with the Service and your settings, we may also collect information about your location based on, for example, your phone’s GPS location or other forms of locating mobile devices (e.g., Bluetooth). We may also collect sensor data (e.g., data about the speed of your movements, such as whether you are running, walking, or in transit)."
For subscribers who use the iOS app, the new Privacy Policy simply comes into effect automatically and without warning.
While this is also the case for Android users, the upcoming version of Google's operating system Android M should allow its users to specifically opt-out of some of these requirements.
It's not yet clear how Spotify plans to collect this information on iOS though as each app has to specifically state what access it would like across your smartphone.
Snapchat for example lists all the different areas of your phone it would like to access, giving you the option of either accepting or blocking access.
Spotify's app for iPhone doesn't currently list that it requires access to your photos, despite the T&Cs suggesting that an update is imminent.
While many companies require this level of access to your personal information, Spotify has landed itself in particularly deep water for two reasons:
a) It's asking for deeply personal information that on the surface might not appear to be relevant to the function of the app
b) It then implies that it will share this information with third-parties, with the assumption that it would then make a profit from this.
Unsurprisingly Spotify's decision has been met on social media with almost pure negativity with many threatening to leave the service:
Even the creator of Minecraft has stepped in to share his view saying:
To try and counter this, the company has posted a blog explaining some of the changes saying:
"We will always ask for individual permission or clearly inform you of the ability to opt out from sharing location, photos, voice and contacts."
The fact that the iOS app doesn't clearly ask for any of the information that the new privacy policy lists suggests that a new update will be rolling out in the coming weeks that will then ask users if they give permission.
If this is the case then the individual will have the option to turn this off, although it's not clear whether it'll be presented upon opening the app or will be activated by default.
SEE ALSO:
- Spotify Could Be About To Get A Lot Less Free
- Taylor Swift Leaves Spotify, Spotify Posts 'Breakup' Blog
- Apple vs. Spotify: The Battle is on for the New User Market
- Spotify And PS4 Will Let You Create Your Own Game Soundtrack
- Spotify Redesign: Massive Changes Coming To iOS, Android And Desktop
While the changes are drastic, the actual information that Spotify is asking for is something we hand over regularly anyway.
Contacts access is used by everything from Facebook to the Nike+ Running app to help you find other people that are using the service. You can choose to give access or not.
Nike+ is one of many apps that asks for access to both your contacts and photos.
Photos access is always required if an app wants to let you change your profile picture, or to add photos as a personalisation feature. Again, you can choose to give access or not.
On closer inspection it also appears that Spotify does not plan on sharing your photos or contacts with third-parties, instead it will use non-identifiable information that it gathers through your actual playing behaviours.
While the privacy policy does seem drastic, Liviu Itoafa, a Security Researcher at Kaspersky Lab warns that this is just the start.
"It’s likely this trend will continue and its therefore important for businesses to make the privacy related changes clear to users and give them the opportunity to opt out – something which can be particularly hard for users to see in a long list of terms and conditions."
Itaofa also warns that many of the decisions surrounding privacy are actually ours to make.
"To protect against such access consumers should check the list of requested permissions; if they're unhappy with the level of access requested they shouldn’t install the app. It boils down to considering what, if any, benefits additional access to data will provide. It’s then up to the consumer to decide for themselves whether the benefits outweigh the risks."