At Spotify, we want to give you the best possible experience. To do this we process some personal data about you to understand your listening habits and to develop the best service for you and all of our customers. But, be assured, your privacy and the security of your personal data are very important to us.

The purpose of this Privacy Center is to give you more information about the rights and controls you have in relation to your personal data, and to highlight some important sections of our Privacy Policy to you.

What personal data does Spotify collect about me?

How does Spotify share / transfer my personal data? Spotify shares your personal data globally with other companies in the Spotify Group. Called the General Data Protection Regulation or 'GDPR' gives certain rights to individuals in relation to their personal data. Enables you to access your personal data via a ‘Download my Data. Your privacy and the security of your personal data is, and will always be, enormously important to us. Below you will find the information Spotify is required to provide about its processing of your data, under Article 15 of the GDPR. Further, this is not unique to Spotify in any regard. However, it shows the clear gap in data and the data market, it’s hard to come by accurate data and often the data associated with the user ends up becoming unusable and even damaging. Already now regulations allow individuals to download their data from many data platforms around the world.

Jan 21, 2019 When GDPR took effect, many of the biggest names in tech including Amazon, Apple, Google and Spotify made changes, to let customers download a copy of their data.

It is very important to us that you understand what personal data we collect about you, how we collect it, and why it’s necessary.

We collect your personal data in the following ways:

1. Personal data collected when you sign up for the Spotify Service - when you sign up to the Spotify Service, we collect certain personal data so you can use the Spotify Service. This is the Account Registration Data category described in section 5 of our Privacy Policy.
2. Personal data collected through your use of the Spotify Service - when you use the Spotify Service, we collect personal data about your use of the Spotify Service such as what songs you have played and what playlists you have created. This is the Spotify Service Usage Data category contained in section 5 of our Privacy Policy.
3. Personal data collected that enables us to provide you with additional features/functionality - from time to time, you may also provide us with additional personal data or give us permission to collect personal data e.g. to provide you with more features or functionality. These are the Voluntary Mobile Data, Payment Data, Contests, Surveys and Sweepstakes Data, and Marketing Data categories contained in section 5 of our Privacy Policy. You will always have the option to change your mind and withdraw your permission at any time.

Why does Spotify collect and use this personal data?

We collect and use your personal data for the following reasons:

• to provide, personalize, and improve your experience with the Spotify Service and other services and products provided by Spotify;
• to understand how you access and use the Spotify Service to ensure technical functionality of the Service, develop new products and services, and analyze your use of the Spotify Service;
• to communicate with you for Spotify Service-related purposes;
• to process your payment to prevent or detect fraud, including fraudulent payments and fraudulent use of the Spotify Service;
• to communicate with you, either directly or through one of our partners, for:
  • marketing,
  • research,
  • participation in contests, surveys and sweepstakes,
  • promotional purposes,
  via emails, notifications, or other messages, consistent with any permissions you may have given us;
• to provide you with features, information, advertising, or other content which is based on your specific location; and
• for other legitimate business purposes as explained in the Privacy Policy.

To learn more about why Spotify uses your personal data, please refer to the Privacy Policy.

Spotify Download Data Gdpr Compliance

How does Spotify protect my personal data?

We are committed to protecting our users’ personal data. We implement appropriate technical and organizational measures to help protect the security of your personal data; however, please note that no system is ever completely secure. We have implemented various policies including pseudonymization, encryption, access, and retention policies to guard against unauthorised access and unnecessary retention of personal data in our systems.

Your password protects your user account, so we encourage you to use a unique and strong password, limit access to your computer and browser, and log out after having used the Spotify Service.

How does Spotify share / transfer my personal data?

Spotify shares your personal data globally with other companies in the Spotify Group.

Spotify may also subcontract processing to, or share your personal data with, third parties located in countries other than your home country. Your personal data may therefore be subject to privacy laws that are different from those in your country of residence.

Personal data collected within the European Union (“EU”) and Switzerland may, for example, be transferred to and processed by third parties located in a country outside of the EU and Switzerland. In such instances Spotify shall ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and in particular that appropriate contractual, technical, and organizational measures are in place such as the Standard Contractual Clauses approved by the EU Commission.

I have been a happy customer of Spotify for several years now, after flirting back and forth with Apple Music, Google Play Music and the late Rdio for several years before that. We have a family subscription, which we all three use extensively, no more so than Oliver who, for many months now has been making nightly playlists to go to sleep listening to.

Spotify has recently been promoting itself as much a podcast player as a streaming music service, and Oliver has followed the lead and has accumulated a subscription list of 1500+ podcasts in Spotify.

Last night, though, he was thinking about migrating to something else for his podcast listening: he didn’t like the fact that, although the Android Spotify app sports an “episodes” tab, the desktop player for the Mac does not, which makes tracking recently-released episodes on his Mac more challenging.

Having found a possible alternative, Oliver set out to move his list of podcasts from Spotify to a new app, and was immediately faced with a task that would have extended for several days: for each of the podcasts in Spotify he was taking the title, copying and pasting it into the new app, and subscribing there. Over and over and over. When this job threatened to take over his Friday, to the exclusion of other activities, I interceded and told him that we should simply export his list of podcasts from Spotify and import it into the new app.

How naive I was.

Spotify, it turns out, is a prison for podcasts.

Spotify takes podcasting, a system that is a marvel of decentralized openness, built on the strong and flexible (and open) foundation of RSS, and locks it inside a closed, proprietary system with no way of getting data in or out. You can’t import lists of podcasts. You can’t export lists of podcasts. You can’t add your own podcasts.

Surely, I thought, given the GDPR, there must be a way of getting Oliver’s personal information–including his podcasts–out of Spotify.

And there is, in theory: if you visit your Account page in Spotify, and then navigate to Privacy, and scroll down to the bottom, you will see a section called Download your data, full of promise.

Until you read the fine print and learn that “This can take up to 30 days to complete”:

How it’s possible to create a system that takes 30 days to assemble digital data boggles the mind, and while it may live up to the letter of the GDPR, it surely defies the spirit.

What about using the Spotify API?

Although it’s not documented, there is and endpoint that exposes the list of podcasts for a user.

Here’s how you can get at it (with the caveat, detailed below, that you are wasting your time).

Go to the Web API Console for the “Get User’s Profile” endpoint and click Get Token and then copy the cURL command on the right side (I’ve redacted Oliver’s token):

Spotify Download Data Gdpr App

If you simply paste this cURL into the Mac command line, you’ll get back your basic account information:

If you edit this command, however, and tack shows onto the end of the URL, replacing https://api.spotify.com/v1/me with https://api.spotify.com/v1/me/shows, you’ll get back a JSON representation of your first 20 podcast subscriptions, with each one represented by an object like this:

You may be thinking “wow, this is amazing!” until you notice that nowhere in that JSON is any information that falls outside the Spotify universe: none of the standard trappings of open podcast data–the feed URL, the website, the non-Spotify-hosted artwork–are there.

And these details also aren’t there if you follow the URL in the “href” to get all the show details:

Like I said: a prison.

And there’s another problem: this is both an undocumented API call and a broken one.

In theory you should be able to specify a “limit” and an “offset” parameter to page through podcasts and retrieve them all, like:

and so on.

But that doesn’t work.

I’m able to retrieve at most 50 podcasts (out of Oliver’s 1,986 total subscriptions). And using the Spotify web player confirms this breakage, showing a scrolling list of 50 podcasts that repeats and repeats and repeats.

Because this is an undocumented, and thus unsupported API call, it’s not like I can dial 1-800-SPOTIFY to ask for help.

But I’m not willing to give up the fight, so I forge on with this crazy, destructive nuclear option, which involves working around this bug in the undocumented API by pulling the podcasts 50 at a time, saving their name and ID, and then deleting them using another undocumented API call, so that I can then get the next 50 podcasts. And so on. Until I have them all.

(Warning: if you use this code you will be unsubscribing from all your podcasts, one by one by one).

Spotify Download Data Gdpr Software

And even this code won’t work completely, or at least it wouldn’t work in Oliver’s case: with 905 podcasts still to extract, it simply stopped returning anything from the API call to get shows, and the web player, at this point, showed Oliver with no subscriptions at all. So perhaps the API only works for the first 1,081 podcasts?

Spotify Download Data Gdpr Download

In any case, Oliver now has a text file with 1,081 podcasts in it. Or, more accurately, the names of 1,081 podcasts in it. But how to get the feed URLs? There’s no obvious way to do this right now, although the Listen Notes API might work. Barring that, Oliver has a lot of copying and pasting ahead of him.

Spotify Download Data Gdpr Compliance

In summary, let this be a warning to you: if you use Spotify as your podcast app, you are a prisoner to Spotify, and if you decide to switch to another podcast app there isn’t any way to get your data out of Spotify.