[Infowarrior] - Spotify Clears Up Its Controversial Privacy Policy

[Richard Forno]

Spotify Clears Up Its Controversial Privacy Policy

Author: Brian Barrett. Brian Barrett	Security

https://www.wired.com/2015/08/spotify-clears-up-its-privacy-policy/

Yesterday, Spotify’s new privacy policy created quite a stir. Today, the company released a statement in which CEO Daniel Ek clarified how exactly the privacy permissions would be used.

“Let me be crystal clear here: If you don’t want to share this kind of information, you don’t have to. We will ask for your express permission before accessing any of this data – and we will only use it for specific purposes that will allow you to customize your Spotify experience.”

In other words, these will enable opt-in experiences, something that Spotify regrettably neglected to mention when it first announced the changes. The app won’t go scanning for your photos, but it’s reserving the right to access them if and when you want it to.

The privacy settings don’t seem quite so creepy in that light. Even more helpful? Putting what Spotify is asking for in the context of its contemporaries.

We read through the Android app privacy policies of Pandora, Rdio, Tidal, Google Play Music, and Beats Music (soon to be Apple Music) to see which of the Spotify permissions that have rankled people show up there as well. As it turns out, most streaming-music apps ask for similar things, and often for good reason.

Most of the concern centers around three categories: the collection of locally stored contacts, photos, or media files; location and sensor data; and sharing information with third parties. That’s what we’ll focus on below.

< - >

To some of you, that may sound creepy. If so, you are probably right to leave Spotify for something less invasive. That’s also, though, the inherent trade-off for playlists that can (very well, anecdotally) anticipate your needs based on where you are and when.

Third parties: This is the arguably gross part, but it’s also not new or unique. Advertising is a part of staying in business, and Spotify shares data (which it says is “de-identified,” as opposed to specific personal information) with “partners who help [them] with marketing and advertising efforts.” Besides which, all apps need to allow at least some form of third-party communication in cases of legal liability. This is about as standard as it gets.

Unfortunately, there’s no way for Spotify to fine-tune the permissions language that Android uses to show users what an app wants and needs to access. That, combined with too-vague description of the new policy, landed the company in some hot water. Today’s statement goes a long way to ease those concerns.

There’s an even better solution on the horizon, though. Starting in Android 6.0 (Marshmallow), which will be released later this fall to select devices and eventually trickle its way down throughout the Android ecosystem, you’ll be able to allow specific permissions within every app you use. Don’t want Rdio to access your calendar? You can block it, but allow everything else. It’s a much more user-friendly way to manage access to your phone, at least until you realize just how important some of permissions are to basic features and functions.

Spotify’s not perfect, and it could do well to not reach so deeply into your privacy cookie jar (and to be clearer about why it wants to in the first place). Before you cancel your subscription, though, it’s important to understand two things. First, for better or worse it’s using this intel to help build a better product. Second, you’re going to be giving away basically the same access anywhere where you turn.

--
It's better to burn out than fade away.