Spotify is to pay a penalty fee of 58 million kronor for deficiencies in its personal data management, according to a court ruling in the Stockholm Court of Appeal.
The court thus upholds a decision from the Integrity Protection Agency (IMY) from 2023, which had been appealed by Spotify.
According to the Court of Appeal, it is clear that Spotify breached the EU's General Data Protection Regulation (GDPR) in several ways, including by "not providing the necessary information in a clear and easily available way for the data subject to exercise their rights under the regulation".
