![]() ![]() While that litigation is still ongoing (in front of a higher court) the administrative court decision last November ordering IMY to process and investigate the complaint appears to have moved the DPA to issue a decision in the meanwhile. And last year it successfully challenged IMY’s position that the complainant is not a party in procedures, with the Stockholm administrative court holding that complainants have the right to request a decision after six months. Noyb ended up taking the Swedish data protection authority (IMY) to court over the lack of a decision. The complaint then languished undecided for several years as, according to noyb, the Swedish authority undertook a parallel ex officio investigation to which the complainants weren’t party - despite the GDPR stating data controllers must respond to access requests within a month. (Another complaint over the same issue which was filed in the Netherlands was also joined to the case in Sweden.) While it was originally filed in Austria the GDPR’s one-stop-shop mechanism, which is supposed to streamline case handling where data-processing crosses national borders, meant the complaint got routed to Sweden where Spotify has its main EU establishment. The complaint argued the music streaming platform failed to provide all personal data requested did not provide information on the purposes of the processing nor on recipients and also did not provide information on international transfers, among other allegations. The complaint, which was filed at the start of 2019, alleged Spotify failed to provide adequate detail in response to the complainant’s subject access request (SAR). The finding of a breach of Article 15 of the General Data Protection Regulation (GDPR) comes more than four years after a complaint was lodged against Spotify by the privacy rights not-for-profit, noyb. While the size of the fine is unlikely to grab many headlines, the fact it’s finally happened is notable as further evidence of the mountain European users have to climb to get their data protection rights upheld. Music streaming giant Spotify is facing a fine of around €5 million ($5.4M) in Sweden years after it was accused of breaching the data access rights of users in the European Union by not providing full information about personal data it processes in response to individual requests. ![]()
0 Comments
Leave a Reply. |