wp-plugin-hostgator
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home4/scienrds/scienceandnerds/wp-includes/functions.php on line 6114ol-scrapes
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home4/scienrds/scienceandnerds/wp-includes/functions.php on line 6114Source:https:\/\/techcrunch.com\/2023\/06\/13\/spotify-gdpr-data-access-fine\/<\/a><\/br> Music streaming giant Spotify is facing a fine of around \u20ac5 million ($5.4M) in Sweden years after it was accused of breaching the data access rights of users in the European Union by not providing full information about personal data it processes in response to individual requests.<\/p>\n While the size of the fine is unlikely to grab many headlines, the fact it\u2019s finally happened is notable as further evidence of the mountain European users have to climb to get their data protection rights upheld.<\/p>\n The finding of a breach of Article 15 of the General Data Protection Regulation (GDPR) comes more than four years<\/a> after a complaint was lodged against Spotify by the privacy rights not-for-profit, noyb. The complaint<\/a>, which was filed at the start of 2019, alleged Spotify failed to provide adequate detail in response to the complainant\u2019s subject access request (SAR).<\/p>\n The complaint argued the music streaming platform failed to provide all personal data requested; did not provide information on the purposes of the processing; nor on recipients; and also did not provide information on international transfers, among other allegations.<\/p>\n While it was originally filed in Austria the GDPR\u2019s one-stop-shop mechanism, which is supposed to streamline case handling where data-processing crosses national borders, meant the complaint got routed to Sweden where Spotify has its main EU establishment. (Another complaint over the same issue which was filed in the Netherlands was also joined to the case in Sweden.)<\/p>\n The complaint then languished undecided for several years as, according to noyb<\/a>, the Swedish authority undertook a parallel ex officio investigation to which the complainants weren\u2019t party \u2014 despite the GDPR stating data controllers must respond to access requests within a month.<\/p>\n noyb ended up taking the Swedish data protection authority (IMY) to court over the lack of a decision. And last year it successfully challenged IMY\u2019s position that the complainant is not a party in procedures, with the Stockholm administrative court holding that complainants have the right to request a decision after six months.<\/p>\n While that litigation is still ongoing (in front of a higher court) the administrative court decision last November ordering IMY to process and investigate the complaint appears to have moved the DPA to issue a decision in the meanwhile.<\/p>\n noyb said today that IMY ordered Spotify to finally provide the full set of data. Although it\u2019s reserving judgement on whether the authority has done everything it asked until it can scrutinize the decision.<\/p>\n In a statement, Stefano Rossetti, privacy lawyer at noyb, added<\/span>:<\/p>\n We are glad to see that the Swedish authority finally took action. It is a basic right of every user to get full information on the data that it processed about them. However, the case took more than 4 years and we had to litigate the IMY to get a decision. The Swedish authority definitely has to speed up its procedures.<\/p>\n<\/blockquote>\n We reached out to the Swedish authority with questions and it sent the below statement \u2014 confirming it identified a number of violations by Spotify pertaining to three complaints it investigated. It also described the case as \u201ccomplex and comprehensive\u201d, saying it not only looked at individual instances of how it handled data access requests but also assessed general procedures.<\/p>\n Here\u2019s the statement in full:<\/p>\n The Swedish Authority for Privacy Protection (IMY) has investigated Spotify\u2019s general procedures for handling access requests and have found some shortcomings related to the information that should be provided to the individual making the request pursuant to article 15.1 a-h and 15.2 of the GDPR and in relation to the description of the data in the technical logfiles provided by Spotify. IMY has issued an administrative fine of SEK 58 million against Spotify for not providing sufficiently clear information to individuals in this regard. The decision includes violations of articles 12.1, 15.1 a-d, g and 15.2 of the GDPR.<\/p>\n IMYs investigation has also encompassed an investigation of what has occurred in three different complaints and here IMY found that Spotify had failed in its handling of requests for access related to two of the complaints examined. The decision in this part includes violation of articles 12.1, 12.3, 15.1,15.3 and 15.1 a-h and 15.2 of the GDPR. In relation to these infringements IMY issues a reprimand.<\/p>\n The case has been a complex and comprehensive case where we, as explained above, have assessed both Spotify\u2019s general procedures for handling individual access requests, as well as how Spotify has acted in a number of individual situations where we have received complaints to the authority. As Spotify has operations and users in several countries, the work has also included cooperation with other data protection authorities in the EU. This cooperation, and the requirements for similar handling across the EU, also meant that, during the course of supervision, we had to change the focus on supervision, which unfortunately delayed processing. The EU cooperation, which came with GDPR, is something relatively new to us and there is ongoing work within the EU to streamline the cooperation \u2013 something we see that there is a need for.<\/p>\n<\/blockquote>\n Spotify was also contacted for comment. A company spokesperson sent us this statement \u2014 confirming it intends to appeal:<\/p>\n Spotify offers all users comprehensive information about how personal data is processed. During their investigation, the Swedish DPA found only minor areas of our process they believe need improvement. However, we don\u2019t agree with the decision and plan to file an appeal.<\/p>\n<\/blockquote>\n Five years+ after the GDPR came into application, back in May 2018, enforcement continues to be a patchwork of highly variable outcomes owing to differences of approach and process (and sometimes also resources) across the national authorities tasked with upholding Europeans\u2019 privacy rights.<\/p>\n
\nSpotify fined in Sweden over GDPR data access complaint<\/br>
\n2023-06-13 22:00:56<\/br><\/p>\n\n
\n
\n