Just by using Spotify, you might be breaking the law. I realize that sounds far-fetched, but I’m not making it up. It is Spotify’s own new privacy policy that says so:
With your permission, we may collect information stored on your mobile device, such as contacts, photos, or media files. Local law may require that you seek the consent of your contacts to provide their personal information to Spotify, which may use that information for the purposes specified in this Privacy Policy.
Did you get permission from everyone you know before you signed up for Spotify? I didn’t think so. Pragmatically, though, it is clear that that clause is meant to shift the legal liability from Spotify to you, the user, if something should go wrong, such as a data breach at the Spotify data center. If Spotify screws up someday, how much do you suppose you will owe?
The draconian new privacy policy also gives Spotify permission to copy the photos and location data from your phone and show this information to advertisers. (Supposedly the information is de-identified, but we know by now that there really is no anonymous lifestyle data in a world where every individual life is unique.) Not surprisingly, a firestorm of protest has followed the policy changes, with the more cautious users canceling their accounts.