|
|
|
|
|
|
by trisiak
2072 days ago
|
|
|
Practices like that are directly against the spirit of data portability under GDPR and CCPA. What's protecting Spotify here is that the user's data is accessed through an API not considered for that privacy control use case. In principle, a tool for transferring of user's data could be operating on a GDPR/CCPA data export that has to be available for all Spotify users in California and EU. Those are just not exposes as easy-to-use APIs (yet). |
|
|
Imagine things like Facebook messenger chats being indexed by a person name rather than an account ID or phone number so there is a high chance "Chat with Dave" is ambiguous... Not the kind of thing you could start a lawsuit over, but it is enough of a barrier that re-importing exported data is near impossible.