What happens when you change your company's privacy policy? If you're Spotify, your customers freak out and CEO Daniel Ek has to apologize and go on the defensive. The changes give Spotify access to your smartphone's photos, contacts, location, voice control, and sensor data, which seems like a lot for a streaming music service—especially when the change feels to customers like it's being done on the sly.
Spotify took it on the chin for privacy changes it didn't explain ahead of time
Here's what Spotify wants to get at on your smartphone:
- Information stored on your mobile device. That can include contacts, photos, and media files.
- Location and sensor information such as GPS, Bluetooth, motion tracking.
That sounds pretty ominous, like Spotify wants to track your every movement, know everyone you interact with, and listen in on all of your conversations. Considering how Spotify quietly changed its privacy policy, it's easy to see why subscribers have been in a tizzy, and why the company's CEO had to go on the defensive.
The reality is that Spotify doesn't want to go Big Brother on its users, but instead wants access to phone features and data that enhance or enable features in its streaming music service.
Mr. Ek tried to clarify Spotify's intentions in his public apology stating,
In our new privacy policy, we indicated that we may ask your permission to access new types of information, including photos, mobile device location, voice controls, and your contacts. Let me be crystal clear here: If you don't want to share this kind of information, you don't have to. We will ask for your express permission before accessing any of this data – and we will only use it for specific purposes that will allow you to customize your Spotify experience.
He went on to say that there haven't been any changes to the Spotify's policy on sharing data it collects with third parties. "The Privacy Policy also mentions advertisers, rights holders and mobile networks. This is not new," he said. "With regard to mobile networks, some Spotify subscribers sign up through their mobile provider, which means some information is shared with them by necessity."
Mr. Ek added that some data is shared with partners who "help us with marketing and advertising efforts." That data, he said, is anonymous and that personal information is not shared.
So Spotify does get points for being Johnny-on-the-spot with its response to subscriber concerns, but loses those points for offering up a clear explanation of the changes and the company's intentions up front. And here's where the problem lies: Customers are gun shy when it comes to privacy policies, and changes make them very suspicious. Proactively telling users about changes goes a long way towards maintaining trust and avoiding group freakout events—like the one Spotify is in the middle of now.
Spotify isn't the first company to have to backtrack into damage control mode after changing privacy policies, and considering they didn't learn, won't be the last. It doesn't matter how well intentioned your policies are. When legal-speak comes into play, that doesn't come across, and sharing a regular human-speak explanation isn't just necessary; it's critical.
Customers are human and they react to changes emotionally. Spotify just learned that the hard way.
[Some image elements courtesy Shutterstock]