Spotify play it free and easy with the Data Protection Act

There's a new social media network out there for the kids. It's called a serious breach of data protection laws. Not a sexy name, but here's how it works - just submit your email address to a company, and wait for some ten-thumbed prick to cut and paste your address into the CC box of an email, along with hundreds of others. Boom! Dozens of strangers have your personal details and the company in question drives a tank through the Data Protection Act.

It worked for customers of Orange, and now Spotify have done much the same thing. Avid Bitterwallet reader Jack has been in touch about a joint promotion Spotify are running in conjunction with TalkTalk - entrants submit a favourite Spotify track and their email address, and winners receive a premium subscription to Spotify. Not that you have to win to receive a prize - yesterday, Jack was lucky enough to get a mailing list of over 240 email addresses, all CC'd into an email sent by Spotify. Obviously he was less than delighted to note his own address amongst those distributed to all recipients.

This isn't just an inconvenience, or an irritation - it's a breach of the law. And of course, Spotify took the matter very serious, and certainly didn't just knock out a trite email to anybody who complained in the vain hope they didn't take the matter further:

Hi There,

Spotify would like to apologise for the previous email you received today regarding the current TalkTalk competition. Spotify inadvertently copied all users who requested information on the promotion into the same field, which exposed your email address to others.

Privacy is of the utmost importance to Spotify and we'll be reviewing our processes to ensure this type of error will not happen again.

Yours sincerely,

The Spotify team

Plenty of those who received the email are now co-ordinating plans to complain to the Information Commissioner's Office (ICO) about the breach. Some just want a free Spotify subscription for their trouble. Of course mistakes happen, but when they're mistakes that break the law, there needs to be some gesture by the guilty party beyond a piss-poor excuse. Over to you, Spotify.


  • Jack
    Cheers for covering this guys! Much appreciated
  • Lumoruk
    slow news day
  • The B.
    The Office of the Information Commissioner are not fit for purpose, I think they've prosecuted 1 person in the 10 years they've been around, they simply say "don't do it again". We need some Italian action a la Youtube/Google, that'll put the wind up 'em.
  • MiB
    They should bring back the death penalty for people that make mistakes like this.
  • Katey J.
    it seems that every day is a slow news day on here...
  • Nobby
    Hit them with a huge fine, so they go out of business. That'll sort it out.
  • Jack
    @Katey J Why do you even visit this site then? GTFO I don't know why people think that its acceptable for company like this to give out peoples details, where they say they won't share it with third parties AT ALL. Then they share it with unauthorised third parties, and offer a piss poor private apology originating from a account, and a Spotify worker. These mistakes shouldn't happen, they are so amateur. And I want some freebies from them!
  • Paul S.
    Don't worry about Katey J, Jack - he/she is a troll who either loves/hates Bitterwallet depending on which alias he/she chooses to post under. As for LumorUK, it's a slow news day when we report a breach in consumer data protection, but when he signs up an online service through his own choice and gets spam email, it's somehow Bitterwallet's fault and worthy of a fuss on HUKD. He's quite harmless when he's sober.
  • Gerry
    I was one of those that have also been included in the mass email addresses but I was more annoyed at those sending me emails using the 'reply to all' feature, it was uncalled for to say the least. I must have received at least around 50 emails. True Spotify did send out an apology but it wasn't as though our personal home address and banking details were exposed. I have no need to ask or want Spotify to issue me a freebie as they already provide me with a free music service that has saves me hundreds of ponds per year.
  • David T.
    I was amongst those affected. Almost poetic justice how we used the situation they put us in against them and banded together, lol. I blogged about it early yesterday, thinking I was the only one who cared but then I found that people had been utilising this "accidental discussion list". If anyone else was affected they should join our Facebook group: I should reiterate my view that we're defending the principle of our right to privacy. Companies should be held to their privacy policies. Data protection is more important than ever in this day and age where things like spam can be such a problem.
  • Joff
    I wasn't affected but feel I've been victimised by not being on the list.
  • Ell
    I was among those affected, and I've received a lot of new instant messaging contacts all wanting to sell me something. It's annoying, but the data protection issue is far more serious. Yes, THIS TIME it was only our email addresses (although on an email I've had for ten years ... having it ruined it not such a small thing), but what about those things you sign up to that aren't just your email? These aren't two-bit companies screwing up, they're a big ISP, and a company fast becoming a household name, and both businesses centred around the internet, which they apparently don't know how to use properly! This should never have happened, and while we should count ourselves lucky more details weren't revealed, it's still a major error with big consequences by companies who should really be leading the way in good practise in such things. Thanks for covering this, by the way, and thanks to Jack for the effort. I can't join the Facebook group unfortunately (Facebook has breached my privacy on several occasions and I no longer feel comfortable using it ... hmm), but I'm watching from the sidelines and poised to send off any emails required!
  • Andy D.
    Joff, do you want us to pass your email address on to Jack so that you can be added to the list? We've already given him [email protected]
  • Jack
    Haha, the big chain seems to have stopped, mainly at the request of others (I don't mind the messages, I like it), as I'm sure it can be very annoying for a lot of people, you have to think of them really. There may be smaller chain mails going on off (by noobs) spamming people etc, but I have only received one of these so far. It just proves that it is inconvenient for your details to be given out. Imagine if you have an email account with a small amount of storage, it'll be overflowing!
  • Jack
    NEWS FROM TALKTALK ON TWITTER "TalkTalkTips @Jackthewelshman Apologies for email sent in error by @spotify Those affected will be offered a month's free subscription as compensation"
  • I B.
    [...] Spotify don’t give a fancy fart who they share personal data with, Micro Direct refuse to share any customer information whatsoever. Even with the customer. in [...]
  • David
    I was on this mailing list and can't believe the over reaction of the idiots who were complaining about data privacy etc. Ok your email was viewable amongst around 200 others. That's it. No names, bank details, log in etc. I've received no spam what so ever as a result. If I worked for spotify I would seriously just ban those moaning the most from using the service. Its a free music service for gods sake! An absolute god send for most people too I reckon. "Posted by Gerry | February 25th, 2010 at 12:05 pm" Got it right above. Talk about over reacting. Bunch of ungrateful c0cks most of the people moaning about this to be honest. If you don't like Spotify fu*k off down Woolworths and buy a CD instead.
  • Gerry
    You guys probably reveal more info on Facebook than any company could possible leak. Wankers.
  • cheapskate
    You use email addresses that aren't disposable? Chods.
  • Jack
    Oh yeah I'll be down to Woolies tomorrow... Spotify are a business, they make money from sponsored ads on free accounts, and from subscriptions and affilate links on their site. They aren't some sort of cancer charity we are trying to do over for millions. Just wanted the issue dealt with properly, which it seems to be doing now, instead of being swept under the table like the initial reaction. Some people eh
  • David
    Was being Sarcastic about Woolies Jack, guess you must be too young to remember the store. I wasn't implying they weren't some business Jack dear boy. However they're not some evil estate agent/banker/politician (take your pick) who deserve the wrath of tens of skint students demanding more free things on top of the free service they get already. After all it was just one person at spotify who made a slight mistake sending out an email. The wrath that was being directed (some of it getting to the personal stage) at him was way over the top. Anyway like you say we've all been given our free one month pass now. Give yourself a pat on the back and let Esther Rantzen know your available for watchdog.
  • Nobody S.
    I received the email and informed Spotify within 5 minutes of the error. What was annoying was everyone on the list, especially David Thai, who proceeded to use Reply To All to garner support for their campaign to bag a freebie. I've received no Instant Messenger contact add requests and the only spam has been from the subsequent mailing from others on the mass list. It took me 2 seconds to mark the subject line as spam, so I didn't receive the rest. All those complaining are doing so entirely because they want a freebie out of this. I question whether the time taken by those who set up a Facebook group to bemoan things is actually worth a mere £120 (i.e. the cost of an annual membership) . I know my time is more valuable than that. Perhaps those who have all this time to waste beyond a single short email of complaint to Spotify, which is what I did, need to rethink what they are doing. Perhaps get a job and earn some money and pay for a membership.
  • Leaf
    Nice input from Gerry. What the fuck is wrong with these people? I hate freeloaders
  • Jack
    @Leaf Any user of Spotify is not a freeloader (this applies to David too). Spotify gain all of our personal music interests and listening behaviour whenever we use spotify. They can then use and / or sell this information to third parties, and deliver targeted advertising to us. Spotify still benefit and gain from "Free" users, how can you say you hate a Free user, some casual listeners prefer a no upfront cost service with advert support, some people that listen to music more often may prefer a no advert service. I like the Zune Pass in the USA - £9.99 per month for unlimited streaming, and unlimited downloads - with 10 MP3 tracks you choose to keep per month, which remain when you stop subscribing. The nearest service we get to this in the UK is Napster, where you get unlimited streaming, and download 5 tracks to keep per month which is good, but not quite as good as Zune Pass. Spotify's £9.99 per month model is not good value, which is why I don't use it.

What do you think?

Your comment