€5 million fine against Spotify for GDPR violations
Swedish Authority for Privacy Protection (IMY) issued an administrative fine against Spotify for shortcomings regarding transparency. The General Data Protection Regulation, GDPR, entered into force in 2018 and means, among other things, that the rights of individuals are strengthened. One such right is the right of access, which means a right for individuals to find out what personal data a business handles about the person in question and to receive information about how this data is used. Due to complaints that the Swedish Authority for Privacy Protection (IMY) received against Spotify AB regarding the right of access, IMY has audited how Spotify handles the right for individuals to access their personal data. IMY finds that Spotify provides to individuals the personal data the company processes when individuals request it. However, Spotify shall also provide information to the person requesting access about how Spotify uses this data and this information must be easy to under