Sweden’s data protection authority (DPA) levied a fine of 58 million Swedish krona (U.S. $5.4 million) against music streaming service Spotify following an audit on how the company handles customers’ rights to access their personal data.
The Swedish Authority for Privacy Protection acknowledged Spotify is compliant with General Data Protection Regulation (GDPR) rules about providing data access to users when requested but ran afoul of Article 15 of the privacy law by “not inform[ing] clearly enough about how this data is used,” the DPA said in a press release Tuesday.
