“Let me be crystal clear here: If you don’t want to share this kind of information, you don’t have to,” Ek explained in his apologetic blog post. “We will ask for your express permission before accessing any of this data—and we will only use it for specific purposes that will allow you to customize your Spotify experience.”
Why this matters: It’s not unusual for an app to request access to other parts of your phone, like your contacts so you can find friends or your Camera Roll so you can share photos. That’s exactly how Spotify plans to use its access to your contacts and photos. But typically apps ask for that access up front, not quietly change their privacy policies to make it sound like users have no choice. In the year 2015, have companies really learned nothing from Facebook’s history of privacy screw-ups? Ek was initially defensive when users tweeted him for an explanation of the new policy, but he quickly realized that 140 characters weren’t quite enough to outline the reasons behind the changes.
Below is Ek’s explanation for how Spotify will use the information you (willingly!) let it access on your phone:
Photos: We will never access your photos without explicit permission and we will never scan or import your photo library or camera roll. If you give us permission to access photos, we will only use or access images that you specifically choose to share. Those photos would only be used in ways you choose and control—to create personalized cover art for a playlist or to change your profile image, for example.
Location: We will never gather or use the location of your mobile device without your explicit permission. We would use it to help personalize recommendations or to keep you up to date about music trending in your area. And if you choose to share location information but later change your mind, you will always have the ability to stop sharing.
Sign up for CIO Asia eNewsletters.