Spotify end user agreement and privacy policy review

19 views
Skip to first unread message

Jil Larner

unread,
Dec 2, 2012, 7:51:28 AM12/2/12
to to...@googlegroups.com
Hello,

I read you’d rather have a topic per point, but considering I read both
Spotify’s end user agreement and privacy policy, in their French
version, it would make many many topics. I prefer sending the list,
prefixed by [GOOD] and [BAD] when I could figure it out. Each point is
linked to the paragraph of EUA or PP to be easily sourced.

I hope somebody will be able to get it online.

----- From End-User Agreement (EUA) -----
https://www.spotify.com/fr/legal/end-user-agreement/ as of 2012-12-02.

* [BAD] EUA is only available in the language of the country from which
you connect. Trying to access the english version forwards back to the
French’s in my case.

* [BAD] They protect themselves from anything whatsoever, putting the
full responsibility on the end user without explaining what the hell the
end user is supposed to respect. For instance, in EUA §11, they simply
say to respect everything related to USA export acts.

* [BAD] I suspect some terms to be illegal in France, which is handled
by the EUA saying here and there: this term will be applicable in the
extent of applicable law. It results in the inability for the end user
to know what they can expect if they don’t know what their law allows
and forbids.

* [BAD] If they change the price of the subscription, they warn you, but
they state no delay. So, if they change the day before your renewal,
you’ll be charged the new price. (EUA §12-3)

* [GOOD] You can unsubscribe from the web page (EUA §12)

* [BAD] You will never be refunded (EUA §13) and if you have any problem
whatsoever, uninstall the software is your only possible action (EUA
§15). I deduce you should never subscribe for more than a month.

* [BAD] There is no guarantee of quality of service. Should the service
not be delivered, you still pay. In the extent of applicable law.

* [BAD] Your data are accessible to trading parties (EUA §7). Nature of
such data isn’t defined in EUA.

* Special offers, community access to customer service may use different
agreements (EUA §16). Such agreements cannot contradict this EUA. It
means you should always keep an eye on them, but I can’t decide whether
it’s good or bad.

* [BAD] You grant perpetual license to use anything you publish. While
the global license expires when you unsubscribe, public content will
remain licensed and will not be deleted (EUA §6-1). If law permits, you
renounce to requiring your content to be deleted.

* [BAD] They can close your account without notice, without refund and
without reason (EUA §6).

An end-user will easily find and understand the main point of the
aggreement: they can do whatever they want, you pay and shut up. There
is no summary at the top of agreements.



----- From Privacy Policy (PP) -----
https://www.spotify.com/fr/legal/privacy-policy/ as of 2012-12-02.

* [GOOD] Personal data is described in PP §2. If you connect from
Facebook, they’ll get many more data.

* [BAD] PP §2.2 about “transactional information allowing the management
of digital rights” in imprecise and allows for everything to be
collected until a court judges is shouldn’t have been. French version: «
informations transactionnelles permettant la gestion des droits
numériques ».

* [BAD] PP §2.4 states that billing is processed by external company.
Without knowing who, impossible to know what data they’ll keep.

* [GOOD] PP §2.4 states that billing companies only sends limited
information to Spotify.

* PP §2.6 about special events says addition data will be merged into
your profile for later reuse.

* PP §3 defines intended use of your personal information. Too long to
reproduce here.

* They make extended use of social networks to promote the service (PP
§4). It can be disabled (not explained how). They’ll keep the token to
access your FB account anytime.

* [GOOD] They warn about the use third party application may do of your
personal data if you permit it (PP §4.3). They’ll do their best to make
them unable to identify you, unless you allow it.

* [BAD] They may need external companies to get the outmost of your
personal data, in which case they would apply undefined confidentiality
policies. PP §4.4 is weak (incomplete and imprecise).

* [BAD] They don’t plan to inform you if they need to give your personal
information to court (PP §4.5)

* [GOOD] PP §5 insists on the risks of having public information.

* [FEAR] They may transfer your data outside of EU. You “expressly
accept this term”. The way PP §6 is written is quite fearful. It is not
said if they will comply with law, as personal data cannot moved out of
EU without it being allowed by EU or with drastic protection protocol in
the case of France.

* They do not ensure data security. While the term 8 starts in a good
way: they commit to protect data, it ends with: we don’t guarantee we’ll
succeed. Well, it’s a reality, so is it bad or good to state it? I’d say
it’s good, but the shortness of the term doesn’t state they really want
to protect data.

* [GOOD] PP changes are notified though the service.



signature.asc

Ian McGowan

unread,
Dec 3, 2012, 4:58:10 PM12/3/12
to to...@googlegroups.com, jil.l...@fsfe.org
Hi Jil,

Wow, this looks great. Thanks for your contribution! Definitely a lot of information here to consider and discuss! However, the reason we prefer one thread per topic is to better facilitate discussions and not have multiple discussions going on within the same thread. Gathering data from a thread with multiple on-going discussions can be quite difficult, as you might imagine. 

That being said, we definitely appreciate what you've done here. But in the future, if you could keep to the one thread per topic, that would be preferred.

Thanks again!

Ian
Reply all
Reply to author
Forward
0 new messages