All the Ways Spotify Tracks You-and How to Stop It


Facebook and Google are the web’s biggest advertising powerhouses. But Spotify has ambitions to rival them. And it has all the data it needs to do just that.

Each day hundreds of millions of people use Spotify on their phones, tablets, and desktops—most often remaining logged in as they move from one device to the next. With each track played, playlist created, and podcast listened to, we all feed more information into Spotify’s big data machine. More than 100 billion data points are created every day.

Each one gives Spotify a little more information about our lives. “Spotify has a crazy amount of data about us,” says Bryan Barletta, author of Sounds Profitable, a newsletter about audio and podcast advertising. “We've always known that what you listen to, how you listen to it, and the activities you do around listening to it are some of the most intimate things that we do. ​​They are doing some really clever things in audio.”

Spotify knows the value of this data and uses it to help drive the advertising it sells. “These real-time, personal insights go beyond demographics and device IDs alone to reveal our audience’s moods, mindsets, tastes, and behaviors,” Spotify’s advertising materials say. Of Spotify’s 365 million monthly users, 165 million of them subscribe to not listen to ads. The other 200 million put up with them. So how much does Spotify really know, and how can you limit its data collection?

What Spotify Knows About You

Everything you do in Spotify’s web player and desktop and mobile apps is tracked. Every tap, song start, playlist listen, search, shuffle, and pause is logged. Spotify knows that you started playing Lizzo’s “Truth Hurts” at 23:03, listened to it for one minute, then searched for “break up” and listened to the entire four hours and 52 minutes of the “ANGRY BREAKUP PLAYLIST” without any pauses.

All this behavioral data can be mined by Spotify—and it can be deeply revealing. Back in 2015, when Spotify had just 15 million paying subscribers, one executive said it collects an “enormous amount of data on what people are listening to, where, and in what context. It really gives us insight into what these people are doing.”

The music you listen to mirrors how you feel, who you’re with, and what you’re doing. To make the most of this, Spotify has invested heavily in data science and has even used people’s listening habits in its advertising. "Dear person in the Theater District who listened to the Hamilton Soundtrack 5,376 times this year, can you get us tickets?" read one ad from 2017.

This granularity can be lucrative for companies wanting to target people with attention-grabbing ads. Based on your behavior, Spotify comes up with “inferences” that are meant to reflect your interests and preferences. “What's interesting is that the data from the paid users, who are not listening to podcasts, they might never hear an ad in Spotify, but they power that logic engine,” Barletta says. “They're a control group.”

But that’s not the only data Spotify gets. If you really want to know what Spotify knows about you, then you need to read its privacy policy, which runs to 4,500 words. “I think they can use much clearer language,” says Pat Walshe, a data protection and privacy consultant who has researched Spotify’s use of data. “They can be more concise, they can lay it out better.”

Broadly, the rest of the data Spotify has about you is information you give it when you’re creating an account. You can tell it your username, email, phone number, date of birth, gender, street address, and country. If you pay, you’ll also give it your billing information. The company’s privacy policy also says it can get cookie data, IP addresses, the type of device you’re using, your browser type, your operating system, and information about some devices on your Wi-Fi network.

It can also get “motion-generated or orientation-generated mobile sensor data” from your device’s accelerometer or gyroscope. If you use its “Hey Spotify” voice controls, then it can also access these recordings.

Spotify can get extra information about you from other companies and services. If you log in with Facebook, for instance, it can “import your information” from there, including a Facebook user ID. Other “technical service partners” provide Spotify with data that puts IP addresses onto maps to know what city and state you’re in.

Spotify’s Ad Machine

The data that Spotify collects is not uncommon—other apps and services you use collect a lot more. But Barletta says the “most powerful thing” about Spotify is that it feels a lot more private than Facebook or other social media platforms, because you’re feeding its algorithms in a different way. “You can't upload anything, you can't have conversations,” he says. You are not sharing photos, videos, or messages. But, despite this, Spotify still knows how you think and feel.

It's this behavioral data that helps Spotify go big on personalization. Its privacy policy says it can use your data for personalization, troubleshooting, developing new features and technology, marketing and advertising, research, and for other legal reasons. Many of these personalization features are likely to involve systems that recommend new music and playlists to you.

But there’s also Spotify’s advertising business—something that’s increasingly linked to its burgeoning podcast empire. The company’s privacy policy says it works with “advertising partners” to share data and work out what your “interests or preferences” are. “We may obtain certain data about you, such as cookie id, mobile device id, or email address, and inferences about your interests and preferences from certain advertisers and advertising partners that allow us to deliver more relevant ads and measure their effectiveness,” it says. The more “relevant” an ad is, the more likely it is to attract a higher price.

Spotify’s advertising documents show how ads can be targeted at your mood and what you are doing. Like electronica? Brands can target ads at the genre. But if you’re into folk, the ads probably won’t be the same. Listening to a “romance” playlist on a Friday night? The ads may be very different to your Sunday morning “road trip” playlist.

Spotify can also sell ads based on what you’re doing—these are called real-time context ads. Spotify lists 10 different situations you may be in: chill, dinner, gaming, party, travel, cooking, focus, holidays, study, or workout. It even offers advice for pushing ads to millennials in these contexts. That’s all on top of other common advertising categories, such as being a parent, someone who is interested in health and fitness, or being an Android user.

What You Can Do About It

There are a few steps you can take to limit how Spotify uses and collects your data—but not that many. “There are things that I think they could do much better,” Walshe says. There could be more transparency about how Spotify uses data and prompts that can “nudge people” about privacy options, he says. This could include Spotify introducing privacy checkups where people can review their settings.

But what can you do now? One thing to consider is listening in a Private Session. By default all your Spotify listening can be seen by people who are following you. One way to stop this is by opting to listen privately—but the setting needs to be turned on each time you use Spotify. To turn it on when you are using a phone or tablet, tap Home, Settings, scroll to Social, and find the Private session toggle. On desktop it’s a little easier: You can do it by clicking the down arrow in the top right corner and clicking Private session.

While this mode stops people who follow you from seeing what you’re listening to, it doesn’t necessarily stop Spotify from logging that data. Spotify says what you listen to in a private session “may not influence” the music recommendations it makes. Walshe questions why there isn’t an option to make all Spotify sessions private automatically. “Privacy should be the default setting,” he says. (Spotify did not acknowledge or reply to a request for comment.)

Spotify’s desktop app has one main privacy setting, although it is buried within its various menus. Click your username in the top right of the app, click Settings, scroll down to Show advanced settings, and click again. From here you can start blocking “all cookies for this installation of the Spotify desktop app.” Also within the desktop app’s settings you can choose whether you want new playlists to be made public, if you want to share your listening activity on Spotify, and change notification settings. Individual playlists can also be hidden by navigating to them and selecting the options to remove them from your profile or make them private.

The majority of Spotify’s privacy controls are accessed on the web through your Account page. Here you can turn off highly targeted advertising. Head to the Account option, Privacy settings, and then change the setting for Tailored ads. “If you opt out, we will still show you ads based on your Spotify registration information and your real-time usage of Spotify but they will be less tailored to you,” Spotify’s settings explain. You’ll still get the same number of ads, though.

While you’re looking at the Privacy settings, you should also turn off Facebook data—this will stop Spotify using any data, other than login information, that has been shared from Facebook. The same page also allows you to download some of your Spotify data—including logs of your searches, playlists, streaming history, voice commands you’ve made, and what Spotify thinks you’re interested in.

Within Spotify’s settings on the web you can also see what apps have access to your Spotify account and remove those that don’t need it. For instance, you may need to disconnect an old Alexa speaker you used to use with Spotify. You can also remove access for Spotify’s AdGenerator tool.

Another thing to consider, if you’re listening to Spotify on the web, is using a privacy browser that will limit the use of third-party cookies (scores of third parties are fed your Spotify data through cookies). On iOS you can also stop Spotify—and all other apps—tracking your behavior as you move around your phone by changing your ad tracking transparency settings. Ultimately, it’s impossible to use Spotify without it processing your personal data. “To delete that personal data, you need to close your account,” Spotify’s settings say.