Details:
| Summary | The Swedish Data Protection Authority (DPA) has imposed a fine of EUR 4.9 million on the music streaming provider Spotify. The DPA had launched an investigation after receiving a number of complaints and following a lawsuit filed against Spotify by the Austrian organization ‘None of your Business’. In its investigation, the DPA found that Spotify had not sufficiently complied with data subject rights. Spotify failed, for example, to provide data subjects with sufficient information about the origin of their data or international transfers involving their data.
Spotify also failed to provide information that was difficult to understand, such as information about technical processes, in the data subjects’ native language; rather, such information was only available in English. Spotify has already taken measures to comply with the requirements for the handling of data subject requests. In addition, the DPA classified the identified deficiencies as not very serious. |
| Link: | link link |
| Related articles: | Art. 12 (1) GDPR, Art. 15 (1), (2) GDPR |
| Type: | Insufficient fulfilment of data subjects rights |
| Fine: | EUR 4,900,000 |
| Sector | Media, Telecoms and Broadcasting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/