Sweden: Authority for Privacy Protection fined Spotify SEK 58 million for non-compliance with individuals' requests to access their personal data

On 13 June 2023, the Authority for Privacy Protection (APP) of Sweden issued its ruling in the investigation into Spotify's compliance with individuals' requests to access their personal data and imposed a SEK 58 million penalty. The APP noted that under the General Data Protection Regulation (GDPR), individuals have the right to access their data and obtain information on the type of data entities store and how it is used. The APP opened the investigation into Spotify following a complaint and investigated Spotify's process for replying to data access requests and the information provided to individuals. The APP determined that Spotify failed to inform individuals clearly how it processes and uses personal data. Furthermore, the APP noted that entities have to be specific on how the data is used and provide that information in an understandable format, including in their native language, if the information is technical and would be difficult to understand.