Forget about the Christmas frenzy, when December hits for most music lovers it means just one thing – Spotify Wrapped. After looking at the stream of colorful charts showing your friends’ most-listened songs of the year on your social media feeds, you’re probably just waiting for the weekend to listen to your yearly playlists yourself.
There’s a catch, though. The hotly awaited Spotify Wrapped is the final product of a 12-month-long surveillance campaign the music streaming giant has carried out yearly since 2016. Year in and year out, Spotify follows every stream to collect increasingly more data about us and our (very personal) music tastes to predict what we want to hear next.
While we have learned the dangers of massive data collection when the perpetrators are the likes of Meta or Google, it looks like we cannot do anything but love Spotify for knowing what we like better than ourselves. So, how come the music streaming giant keeps getting away with massively collecting our data?
Celebrating surveillance
The first iteration of Spotify Wrapped was launched in 2015 under the name “Your Year in Music” and gave people a simple personalized recap of what they listened to between January and October.
The 2015 attempt didn’t quite pick up. After all, Spotify users couldn’t share the results in shiny, colorful, and catchy cards across their social accounts for all their followers to see.
This was exactly the missing piece that would turn Spotify’s end-of-the-year overview into the social trend to look forward to as December kicks off.
“Spotify has done an amazing job of marketing surveillance as fun and getting people to not only participate in their own surveillance but celebrate it and share it and brag about it to the world,” Evan Greer, director of the digital rights advocacy group Fight for the Future, told Wired back in 2022.
Now, two years later, the popularity of Spotify Wrapped doesn’t show signs of stopping. The music streaming giant’s tracking has become increasingly more accurate – and invasive – thanks to its industry-leading implementation of AI-powered tools.
The more Spotify spies on us…
You’ve probably noticed a few new charts in the Spotify Wrapped 2024 release: AI podcast, DJ Wrapped, and Your Music Evolution collection show how your music taste has evolved throughout the year. These have been all powered by Spotify’s latest AI features.
Launched in 2023, AI DJ is perhaps the biggest innovation as it combines personalization technology, generative AI, and a dynamic AI voice to curate your personal radio-like listening session. As per Spotify’s own words, “The DJ is a personalized AI guide that knows you and your music taste so well that it can choose what to play for you.”
AI Playlist is the natural next step, allowing you to create your own playlist charts by typing simple prompts as you would do with large language models (LLMs) like ChatGPT.
Relying on AI algorithms to generate recommendations isn’t certainly nothing new for Spotify or similar streaming services. Yet, as Emilia Jasinska-Dias, spokesperson of data removal service Incogni, explains, generative AI relies on vast amounts of user data to function effectively. “So, Spotify’s existing data collection practices could end up expanding,” she added.
Spotify’s most recent privacy policy (last updated on October 2024) doesn’t really answer how its AI models take care of our data.
What it does say, though, is that Spotify collects user data such as profile name, email address, password, gender, date of birth, street address, and even your school when signing up for the Student plan.
Of course, the biggest numbers are made of usage data. This includes pretty much anything you do when using Spotify – from your search queries, streaming history, and interaction with other users to individual inferences, meaning Spotify’s “understanding of your interests and preferences based on your usage.”
There is also a large amount of usage data you give away even without realizing it. This includes information on the device you use, your cookie data, and even your IP address. Sure, you can probably mask the latter with one of the best VPN apps, but this won’t stop Spotify from collecting all the other (even more personal) details about you.
…the more we (shouldn’t) love it
The fact that Spotify knows so many things about us puts our privacy at risk in many different ways.
For starters, while Spotify’s chatbot keeps evolving by being fed our personal data, we lose control over our information more and more.
This is exactly why the issues with AI scraping have often generated backlash amongst social media users over privacy concerns. Again, all the risks seem forgotten if it means having a ready-to-listen playlist every time you open your music player app.
Do you know?
In June 2023, the Swedish Data Protection Authority issued a fine of almost €5 million ($5.4M) against Spotify for failing to provide EU users with full access and information on the use of their data as required by GDPR rules.
Commenting on this point, Dias said: “Generative AI systems carry heightened risks of privacy breaches and misuse, amplifying ethical concerns surrounding data transparency, particularly if users remain unaware of how their data is used to train AI models or generate personalized content.”
Spotify also actively shares your data with third-party vendors for commercial purposes. Therefore, all the data collected by Spotify won’t only be used to personalize your music player feed, but also to build the most detailed profile about you for, among other things, targeted ads.
Once data is shared externally, Spotify loses full control over how it is handled. This, according to Dias, also increases the risk of misuse and mishandling. She said: “Given Spotify’s past challenges with GDPR compliance, as seen in its €5.4 million fine, such risks aren’t just hypothetical.”
Data sharing makes our information vulnerable to security risks such as data breaches, too. As Dias explains, this is mainly because third-party vendors may not adhere to the same security standards as Spotify, increasing the likelihood of such incidents to occur.
Can you avoid Spotify’s data tracking?
Sadly, online tracking is so intrinsic to how Spotify operates that there’s no way to avoid it completely if you decide to use its service.
That said, there are still some steps you can take to enjoy a more private Spotify experience. Dias from Incogni then suggests limiting data sharing as much as you can. You can do that by heading to your account privacy settings and opting out of personalized ads and public playlists.
She also recommends restricting Spotify access to unnecessary data like location. You should also turn off the Spotify Connect function, which will disable device and usage pattern tracking, helping you to minimize data collection even further.
It is also worth reminding you that switching music player provider won’t really change much in terms of privacy. Spotify may be leading the way when it comes to music personalization technology, but the likes of Apple Music, YouTube Music, and Amazon Music are catching up. The latter even announced its own Wrapped-like recap feature this year, too.
If maximum privacy is what you’re after, I recommend leaving the music player world for good and going back to download your own music. The question is, are you willing to give up the perks of intelligent music personalization?