Spotify's Data Sharing Defaults and Privacy Control Gaps

According to privacy researchers, Spotify defaults new accounts to maximum data collection including targeted advertising, social sharing of listening activity, and data processing for personalization. Modifying these settings requires navigating to the Spotify Privacy Center through a web browser rather than the app itself. Spotify's 'tailored ads' setting, which controls whether the platform shares data with third-party advertisers, is enabled by default and requires multiple steps to disable. A 2023 review by the Mozilla Foundation's *Privacy Not Included project flagged Spotify for collecting more data than necessary and sharing it with a broad range of third parties. Spotify's terms also permit the use of listening data for AI and machine learning development purposes.

spotify has been the subject of increasing scrutiny over its consent manipulation practices. Privacy researchers and regulatory bodies across multiple jurisdictions have documented concerns about how the company handles user data, particularly regarding consent, transparency, and data minimization principles. The findings suggest a pattern of prioritizing business metrics over user privacy, a trend observed across the broader technology industry. Users affected by these practices have limited recourse without proactive intervention such as filing formal complaints with data protection authorities or submitting DSAR requests.

Regulatory responses have varied significantly. European data protection authorities have been more aggressive in enforcement under GDPR, while US enforcement remains fragmented across state-level privacy laws. The investigation highlights the need for stronger federal privacy legislation and more transparent corporate data practices. Affected users should consider reviewing their privacy settings, submitting data deletion requests, and exploring privacy-preserving alternatives recommended by independent researchers.