Spotify has been fined about $5.4 million in Sweden for breaching the data access rights of users in the European Union (EU).

There were allegations that the company failed to provide full information about personal data it processes in response to individual requests, which is a violation of Article 15 of the General Data Protection Regulation (GDPR), reports TechCrunch.

The complaint was filed at the start of 2019 by Noyb, a privacy rights non-profit organization.

According to the complaint, Spotify failed to provide all personal data requested, did not provide information on the purposes of the processing or recipients, and did not provide information on international transfers, among other allegations.

While the complaint was initially filed in Austria, the GDPR’s one-stop-shop mechanism, which is intended to streamline case handling when data processing crosses national borders, resulted in the complaint being routed to Sweden, where Spotify has its main EU presence.

Buy Me a Coffee

The complaint then sat unresolved for several years, according to Noyb, because the Swedish authority conducted a parallel ex officio investigation to which the complainants were not invited — despite the GDPR’s requirement that data controllers respond to access requests within a month, according to the report.

Due to the lack of a decision, Noyb ended up taking the Swedish data protection authority (IMY) to court.

Last year, it successfully challenged IMY’s position that the complainant is not a party in procedures, with the Stockholm administrative court ruling that complainants have the right to request a decision six months after the complaint was filed, the report mentioned.

READ
xAI Unveils Grok-2 Chatbot: Free Access for All X Users

Meanwhile, Spotify has announced to lay off 200 employees, 2 percent of its workforce, from its podcast division as part of a corporate reorganization.