Spotify, Apple Music, Google Play Music or Tidal: Which Streaming Service is the Greatest Privacy Abuser?

By Gary Cutlack on at

The new Spotify Ts & Cs appear to be taking some real liberties, requesting access to all manner of areas of your phone. So that got us thinking -- how much personal data do the big names in music streaming demand and is there therefore a "best" one when it comes to not having details of our lives stored on a potentially hackable remote server somewhere?

Location, Location, Location 

New musical express Tidal has landed with a complete surveillance policy in place, letting it store your IP address and attempt to track your location and "other similar information" whatever that may mean, saying it records:

...time of log-in, location of sessions if allowed by the device, what version of the Service you use, technical data such as your IP address, location information, and other similar information.

Whereas Spotify is all over that with its amazing demand to be allowed to:

...collect information about your location based on, for example, your phone’s GPS location or other forms of locating mobile devices (e.g., Bluetooth). We may also collect sensor data (e.g., data about the speed of your movements, such as whether you are running, walking, or in transit).

So if you're walking faster than usual it might be able to sell an advert spot to Uber suggesting you might want a taxi seeing as you're probably in a hurry. Amazing futuristic madness.

Google's omnipresent tracking abilities are well known, with its music apps covered by its umbrella Privacy Policy. This states:

When you use Google services, we may collect and process information about your actual location. We use various technologies to determine location, including IP address, GPS and other sensors that may, for example, provide Google with information on nearby devices, Wi-Fi access points and mobile towers.

So it'll know where you are, nearby devices (!), what mast you're connected to and could even have access to the phone's motion data. That's not surprising, seeing as Google does quite a few more things than beam music to our telephones.

The Apple Music privacy policy is governed by the overall Apple Privacy document, a 3,000 word file complete with a thoughtful foreword by company boss Tim Cook. You need an Apple ID to make it all work, with that granting Apple permission to:

...collect information such as occupation, language, zip code, area code, unique device identifier, referrer URL, location, and the time zone where an Apple product is used... it can, ahem, make products better and, of course, direct advertisers your way.

External Data Harvesters

Tidal can't be bothered monitoring third party app support, suggesting we contact web sites if we're not happy with it accessing our data, pointing out that:

You should contact the administrator or webmaster for those Third Party Application if you have any concerns regarding such Third Party Application or any content located on such Third Party Application...

You should take precautions when downloading files from all third party applications and websites to protect your computer / device from viruses and other destructive programs. If you decide to access linked Third Party Applications, you do so at your own risk.

Spotify would like to assimilate all your other activities into its files...

...receive similar information related to your interactions with the Service on the Third Party Application, as well as information about your publicly available activity on the Third Party Application. This includes, for example, your “Like”s and posts on Facebook.

....which as the internet is finding today, is perhaps a little bit much.

Like Spotify, Tidal is happy to hand the credit card details of its subscribers over to other companies and services when they want paying for something, explaining:

...when necessary for billing purposes or other services/functions performed on our behalf, we share information with the billing provider or other vendor to facilitate billing or other services/functions, respectively. The payment information is stored by the billing provider and not by TIDAL

Google will also share things should you have granted it permission by scrolling through a wall of text, saying:

We will share personal information with companies, organisations or individuals outside Google when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.

And by sensitive information it means: "...medical facts, racial or ethnic origins, political or religious beliefs or sexuality."

Apple's Privacy doc also allows it to share our stuff with anyone who has good reason to want it, spelling it out as:

Apple shares personal information with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys.


Tidal would like to serve users ads across the internet, so when you stop listening to tunes and start browsing for cheap bulk deliveries of cat food it's still profiting from it despite being a paid subscription service, explaining:

TIDAL also uses third party vendor remarketing tracking cookies, including the Google AdWords tracking cookie. This means we will continue to show ads to you across the internet, utilizing the existing ad-networks that facilitate this type of advertising.

Spotify also shares data with advertisers, although it's anonymised...

We may share information with advertising partners in order to send you promotional communications about Spotify or to show you more tailored content, including relevant advertising for products and services that may be of interest to you, and to understand how users interact with advertisements. The information we share is in a de-identified format (for example, through the use of hashing) that does not personally identify you. your internet history isn't being sent around the world.

Apple, meanwhile, wants to:

...collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. Where available, location-based services may use GPS, Bluetooth, and your IP Address, along with crowd-sourced Wi-Fi hotspot and cell tower locations, and other technologies to determine your devices’ approximate location."

Apple has also given itself the power to veto pretty much everything in order to protect its own interests, by including the line:

We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users.

The Last Word

Tidal breaks out the CAPS LOCK for one final coverall warning at the bottom of its terms page, telling us not to bother using it if we're not entirely familiar with American internet rules and OK with everything it has heading to a US data warehouse, shouting:


Well I wasn't going to anyway as all my music comes from a hard drive filled by ripping CDs in 2001; the last year any good new music was made.

TL;DR: buy your music from charity shops.