TechCrunch reports that a privacy rights non-profit organization, noyb, filed a complaint in early 2019, alleging that the company violated Article 15 of the GDPR by not providing complete information about the personal data it processes in response to individual requests.
Music streaming platform Spotify has been fined about $5.4 million in Sweden for breaching the data access rights of users in the European Union (EU). There were allegations that the company failed to provide full information about personal data it processes in response to individual requests, which is a violation of Article 15 of the General Data Protection Regulation (GDPR), reports TechCrunch.
The complaint was filed at the start of 2019 by noyb, a privacy rights non-profit organisation.
According to the complaint, Spotify failed to provide all personal data requested, did not provide information on the purposes of the processing or recipients, and did not provide information on international transfers, among other allegations.
While the complaint was initially filed in Austria, the GDPR’s one-stop-shop mechanism, which is intended to streamline case handling when data processing crosses national borders, resulting in the complaint being routed to Sweden, where Spotify has its main EU presence.
The complaint then sat unresolved for several years, according to noyb, because the Swedish authority conducted a parallel ex officio investigation to which the complainants were not invited — despite the GDPR’s requirement that data controllers respond to access requests within a month, according to the report.