Thumbnail for 119824

Spotify needs to crack down on labels snatching user data

Spotify seems to have learned little from the Facebook developer platform’s scandals despite getting a huge boost from the social network in its early days. Spotify has been caught allowing record labels to grab tons of unnecessary user data and permissions to even control their accounts just so people can “pre-save” upcoming song releases.

An investigation by Billboard’s Micah Singleton found major label Sony’s app for pre-saving demanded access to users’ email address, what you’ve listened to and saved to your library, playlists you’ve made or subscribed to, artists you follow, and what you’re playing right now. It also asks to be able to take actions on your behalf including change who you follow, add or remove songs from your library, create/edit/follow playlists, and even control Spotify on your devices.

An example of Universal Music Group’s pre-save app that asks for unnecessary user data and access permissions

This means that by agreeing to use a pre-save feature, a record label could index you music tastes and determine your current mood for marketing purposes, subscribe you to all of their artists and playlists, force you to create playlists that include their artists or add them to your existing playlists, and delete or unfollow any music or artists represented by their competitors.

Since users often speed through platform app permission screens assuming they’re just asking for what’s required, many likely gave up valuable data about themselves and the ability to manipulate their accounts without fully understanding what was happening. Other major labels like Warner and Universal’s pre-save apps like this one similarly ask for 10 types of permission — most extraneous.

In reality, the only permission a pre-save app should need is to be able to add the song you wanted to pre-save to your library. Anything else is theoretically prohibited by Spotify’s developer policy section 5.2: “You will only request the data you need to operate your Spotify Developer Application.” If you’ve used these apps, you can go into your Spotify account settings here to remove their access.

In a post-Cambridge Analytica world, platforms like Spotify should know better than to let developers run amok without proper oversight. That’s why I was so disappointed when Spotify refused to provide a statement, explanation, or even talk with me about the issue.

Offering a flexible developer platform has plenty of advantages for users. Apps for DJing with streaming music, discovering new bands, or synchronizing playback with friends could be built with rightful and transparent use of Spotify’s APIs. But for something as simple and common as volunteering to have a new song from your favorite band show up in your library on the day it’s released shouldn’t become a lure for an exploitative data grab.

That’s why Spotify should build its own in-house pre-save app that labels could all use to pre-promote their releases. Approved labels and their artists should …read more

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply