. And there's a ton of chatter on Twitter from people insisting that they'll never use Spotify again because of this. The specific changes that have people up in arms sure do sound
I understand, instinctively, why so many people freaked out about this -- but it's a pure overreaction for a variety of reasons, which we'll dig into here. There are problems with this whole scenario, but it has a lot more to do with (1) the stupid reliance on "privacy policies" rather than "user controls" for privacy and (2) Spotify's apparently asleep-at-the-wheel PR team.
Privacy is a Trade-off Not a Thing
As we've said before, if you ever want perfect privacy, you'd never leave your house. The second you leave your home, you're giving up some level of privacy. But it's a trade-off most people think is perfectly reasonable. Privacy is always like that. It's a trade-off between the benefit you get from giving up a little privacy in order to get the thing that you want. The idea that privacy is some absolute "thing" is a weird way of looking at privacy and makes it difficult to do things in a reasonable manner. The real issue, then, is making sure that people understand the trade-offs involved (and we'll get to that below).
Much of the reaction is because people immediately assumed that there was some nefarious reason why Spotify was going to collect all this information on people. Yet, as a few people pointed out when everyone started freaking out -- and which Spotify eventually clarified in a blog post
"apologizing" for the poor roll out, there are legitimate service reasons for each of these requests. Also, the company made it clear that before it actually accesses any of this content, it would first ask your permission. In short, it's like when various services ask if you'd like to "find friends" using a service, you have to first approve it. Same would be true here. And, note, that each of the uses would be for services that some people might actually like (personalizing cover art, voice control, etc.):
The Real Problem is that We Use Privacy Policies at All
Photos: We will never access your photos without explicit permission and we will never scan or import your photo library or camera roll. If you give us permission to access photos, we will only use or access images that you specifically choose to share. Those photos would only be used in ways you choose and control – to create personalized cover art for a playlist or to change your profile image, for example.
Location: We will never gather or use the location of your mobile device without your explicit permission. We would use it to help personalize recommendations or to keep you up to date about music trending in your area. And if you choose to share location information but later change your mind, you will always have the ability to stop sharing.
Voice: We will never access your microphone without your permission. Many people like to use Spotify in a hands-free way, and we may build voice controls into future versions of the product that will allow you to skip tracks, or pause, or otherwise navigate the app. You will always have the ability to disable voice controls.
Contacts: We will never scan or import your contacts without your permission. Spotify is a social platform and many people like to share playlists and music they discover with their friends. In the future, we may want to give you the ability to find your friends on Spotify by searching for Spotify users in your contacts if you choose to do that.
For many years, we've been pointing out that this whole system of privacy policies is broken
. It's one of those ideas that people came up with years ago that sounds good, but isn't. And yet, we're not only stuck with it, we have politicians who keep pushing more requirements for more privacy policies. But that's stupid.
First: the only way you can legally get in trouble over privacy issues is by violating
Let's face it: privacy policies are a stupid way to deal with privacy. They don't work. They fuck up incentives. No one reads them. And yet, because politicians are clueless, they're often "required." You end up with grandstanding politicians
who play gotcha games on privacy policies, without caring about actual privacy practices.
The Way to Deal With Privacy is MORE TRANSPARENCY and MORE USER CONTROL
Rather than using privacy policies, the real way to deal with privacy is to give the end user more transparency into what's happening and more control. I don't have an iPhone, but I believe it already offers the ability at an individualized level to allow users to block apps from accessing certain features/data on a phone. And I know that the next version of Android is moving to a similar model, including only asking you to approve privacy permissions at the moment the app is requesting it
. In other words, when Spotify wants to access your photos, the app will directly ask you for permission at that moment -- and, assuming it's for something you want to do (like customizing your cover art), you're more likely to grant permission without thinking it's creepy at all.
The Real Problem Here Was The Perception Problem