What about those other music-related companies that Noyb targeted in 2019? In the TechCrunch piece, its founder Max Schrems complained about the lack of activity from the relevant regulators: the DPA in Ireland for Apple Music and YouTube, and Berlin’s data protection commissioner for SoundCloud. However, the ruling – if upheld on appeal – has more teeth in terms of requiring Spotify to amend its processes around users’ access to their personal data. The QI will provide Form W-8IMY and check the boxes on lines 14 and 15a. However, we don’t agree with the decision and plan to file an appeal.”Īs fines go, it’s not the most punitive: €5m is precisely 0.00000004263665% of Spotify’s annual revenues of €11.73bn. The QI must provide a withholding statement allocating 5 of the payment to A, 5 of the payment to B, 10 of the payment to C, and 20 of the payment to D along with Forms W-9 (or name and TIN) for A, B, and D. During their investigation, the Swedish DPA found only minor areas of our process they believe need improvement. The Swedish authority definitely has to speed up its procedures.”įor its part, Spotify has issued a statement to TechCrunch, saying that “Spotify offers all users comprehensive information about how personal data is processed. “However, the case took more than 4 years and we had to litigate the IMY to get a decision. It is a basic right of every user to get full information on the data that is processed about them,” said Noyb privacy lawyer Stefano Rossetti. “We are glad to see that the Swedish authority finally took action. Noyb and IMY have since tangled in a legal battle over the lack (until now) of a decision in Spotify’s case. The original complaint was filed by privacy-campaigning organisation Noyb in early 2019, as part of a series of GDPR complaints that also included Apple Music, SoundCloud and YouTube. While the issues are “of a low level of seriousness” in the regulator’s opinion, Spotify’s size (in terms of users and revenues) were factors in deciding the SEK 58m fine. “It has been difficult for individuals to understand how their personal data is processed and to check whether the handling of their personal data is lawful,” as IMY put it. So, this isn’t about Spotify misusing the personal data of its users, but rather the process through which they can access what it knows about them. “IMY assesses that Spotify releases the personal data the company processes when individuals request it, but that the company does not inform clearly enough about how this data is used by the company,” ruled IMY, in a decision made in cooperation with fellow data-protection regulators in the EU. branches to: Represent that a foreign person is a qualified intermediary or nonqualified. Branches for United States Tax Withholding and related Instructions, is used by foreign intermediaries and foreign flow-through entities, as well as certain U.S. Sweden’s Authority for Privacy Protection (IMY) found “deficiencies” (under Europe’s GDPR legislation) in Spotify’s handling of its users’ rights to access the personal data that it stores on them. Form W-8IMY, Certificate of Foreign Intermediary, Foreign Flow-Through Entity, or Certain U.S. But now Spotify has fallen foul of the privacy watchdog in its homeland, and has been slapped with an SEK 58m (€5m) fine. We’ve reported on the various fines and investigations of big tech and social-media companies by regulators.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |