GDPR Data Exports Reveal Spotify Tracks Absolutely Everything About You

Yesterday, a persistent Austrian developer named Peter Steinberger managed to get his entire data archive from Spotify, revealing immense tracking of every possible interaction…down to how you resize the app’s window.

Since the GDPR was implemented in May, many tech companies are now required to respond to user requests for data which is stored about them on the company’s platform. Spotify is one of these companies.

Data tracking is commonplace, and most tracking is done to improve user experience, develop new products, provide better support, and establish new revenue channels. In addition to things you might expect Spotify to track, like how long you listen to a song how many songs you skip, there were some notable and surprising things which Spotify keeps track of.

  • What brand of headphones you listen on
  • What point within songs the volume was changed
  • Every conceivable user interface interaction, even the resizing of windows

Like Steinberger says, the sheer mountain of data Spotify collects is “nothing particular[sic] interesting, just every-freaking-thing.” While the GDPR is ostensibly meant to curtail some of these “kitchen sink” data collection practices, there are large carve-outs in the legislation for potentially-useful data. Other developers have also received similar data dumps.

It shouldn’t be a surprise that Spotify, along with every other music app (read: every other app), collects so much user data, but it is shocking and somewhat entertaining (or scary) to see just how deep the well goes.