Spotify knows a lot about its users -- their musical tastes, their most listened-to artists and their summer anthems. Spotify will also want to know where you live or to obtain your location data. It's part of an effort to detect fraud and abuse of its Premium Family program.
Premium Family is a $15-a-month plan for up to six people. The only condition is that they all live at the same address. But the streaming music giant is concerned about people abusing that plan to pay as little as $2.50 for its services. So in August, the company updated its terms and conditions for Premium Family subscribers, requiring that they provide location data "from time to time" to ensure that customers are actually all in the same family.
You have 30 days to cancel after the new terms went into effect, which depends on where you are. The family plan terms rolled out first on Aug. 19 in Ireland and on Sept. 5 in the US.
The company tested this last year and asked for exact GPS coordinates but ended the pilot program after customers balked, according to TechCrunch. Now it intends on rolling the location data requests out fully, reigniting privacy concerns and raising the question of how much is too much when it comes to your personal information.
"The changes to the policy allow Spotify to arbitrarily use the location of an individual to ascertain if they continue to reside at the same address when using a family account, and it's unclear how often Spotify will query users' devices for this information," said Christopher Weatherhead, technology lead for UK watchdog group Privacy International, adding that there are "worrying privacy implications."
Location data is particularly sensitive, as it hands out information on where you've been, giving companies and advertisers details about your personal life. Even when the data is anonymized, location data is often so specific that it only takes a few steps to figure out who the coordinates are linked to. In New York, lawmakers are considering a bill banning apps from sharing people's location data within the city.
With 108 million subscribers, Spotify is the dominant force in streaming music. Its closest competitor, Apple Music, has 60 million subscribers.
Spotify, whose premium service doesn't serve up ads, maintains that it's only using your location data for verification.
"This data is encrypted and can be edited by the plan owner as needed," the company said in a statement. "The location data that is collected during Premium Family account creation is only used by Spotify for that purpose."
Once you sign up for the family plan, Spotify will ask those on the plan to provide the company a home address using Google Maps. Every person added to the plan will have to do the same, or enable location services for Spotify on their devices, the company said. Spotify said it doesn't use that home location data for advertising and that it doesn't store the data for internal use.
"Once verification of a family member's home address is completed, we do not store their location data or track their location at any time," a Spotify spokesperson said.
But there are some flaws in this methodology. It overlooks families that aren't living together, whether it's because kids are off to college or they have separated parents. It's also overlooking the privacy concerns with giving your location data away, experts said.
And this won't be a one-time scenario. The notice said that Spotify could ask for location data to check for fraud "from time to time" but didn't specify when or how frequently those checks would happen.
While Google has its own privacy concerns, privacy experts suggest that it's better to use the Google Maps option rather than turning on your real-time location data for Spotify.
"That does seem to entail giving up quite a bit of personal information," said April Doss, head of the cybersecurity and privacy law practice at Saul Ewing Arnstein & Lehr and the National Security Agency's former associate general counsel for intelligence law. "Consequently, it's important that Spotify has created a less intrusive option for users, with manual data entry to residence location rather than ongoing monitoring of the person's location."
The change also brings up privacy concerns for children who are on their parents' family plans. You have to be over 13 years old to use Spotify, but the location data requirements still set off alarms for privacy experts.
"It seems excessive to permanently track individuals for this purpose," Weatherhead said. "Additionally, it poses the problem of Spotify inadvertently tracking children and minors, who aren't legally able to consent or object."
Test your music system with these great rock tracksSee all photos
Correction, Sept. 12 at 6:55 a.m. PT: Spotify has already begun its location data requests starting on Sept. 5 for customers in the US.