34
votes
Spotify user requests GDPR data, gets 250 MB of extremely detailed data, down to the headphone brand.
@steipete:
Tried the GDPR data export from Spotify. By default, you get like 6 JSON files with almost nothing. After many emails and complaining and a month of waiting, I got a 250MB archive with basically EVERY INTERACTION I ever did with any Spotify client, all my searches. Everything.
The Twitter user who got the 250 MB file also got an abridged version of 6 Json files at first, he had to nag them for more. So yeah, seems like they only give very small default samples.
Their legal department is going to start getting pissed very soon about that. By default they should send everything over to appease the GDPR gods.
I don't know about that, it seems like a lot of companies are providing way less than they're "supposed to", and will probably just keep doing it until someone actually gets punished. Apparently reddit just sends people a link to this page: https://www.reddithelp.com/en/categories/using-reddit/your-reddit-account/accessing-your-reddit-data
Which makes it sound like all your data is accessible through the site, but it's absolutely not if you've ever made more than 1000 posts, and there's a lot of other data that they collect that isn't accessible through the site at all.
I stream everything off of my home computer, onto my phone, laptop or work PC, via Foobar+bubbleupnp
I just download songs from Youtube into VLC media player on my phone. It's a bit clunky (no thumbnails for audio files, for example) but I can deal with it.
Assuming you're using youtube-dl, I'm pretty sure there's an option to get it to embed the video thumbnail into the audio file it generates.
Using a Workflow on iOS, unfortunately. Thanks for the advice, anyways.
Can someone TL;DR the problem for me? I glanced over the twitter feed and I am not seeing anything that surprising or out of the ordinary. It would make sense for spotify to collect data like headphone usage to make sure its service works properly with the primary source of hardware used to listen to music. It makes sense to collect search history so they can tailor your results. It makes sense that it records your IP to provide you with local music info, make sure your account is secure, etc. Maybe all of these should be opt-in, or at the least have an opt-out but what exactly should I be worried about here?
Even if you believe that's a legitimate reason to collect the data, why link it to a specific account?
I'm just throwing out possibilities, I am sure it's also used for additional metrics and market data at spotify. And i'm not sure what difference linking it to my account makes vs. not? For what its worth, I'm not defending spotify here, I am just really hoping someone can explain to me why this is a bad thing. Not in theory, but in actuality. Is spotify selling this data with our information attached to third parties? Is it breaking the privacy/data collection policy in some way? Are they doing something malicious with this data?
True enough on the over collection and security point. I just think that sometimes people jump the gun on what is acceptable data collection so when I see stuff like this, my software development mindset goes, "Well a lot of this data would help me make critical development decisions". I guess I just need to see the data for myself, I think I will request my own since i've used Spotify quite often for the past 5 years. I'll be sure to report back here with anything unusual that I find.
Man, I wish they'd make some of that data available to me through their UI. last.fm has been garbage lately. I want to be able to analyze my listening habits!