fheld

Born on July 17, 2018•260 Karma

on Oct 13, 2020

FWIW you can download all your playlists in JSON format with the GDPR export tool in the privacy settings of your account [1]. It take "up to 30 days" for them to email you the ZIP-file. In the cased of the linked blog post, it took them 3 days, which is probably only some arbitrary amount of time to discourage you from using it effectively. The GDPR only states "without undue delay".

Under article 20 of the GDPR ("Right to data portability"), subsection 2 states that "[i]n exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible" [2].

Seeing how this has been previously been done, Spotify has already shown it to be technically possible. Enough users should be able to pressure Spotify to re-enable the API.

I just sent a mail to privacy@spotify.com:

  L.S.
  
  I'm a paying user of the Spotify music service. I want to exercise my rights under the GDPR article 20 subsection 2 to data portability to transmit my data, namely playlist information, directly to another controller, namely SongShift.
  
  It is clear that this is technically possible, as it has been possible in the past. However, Spotify has chosen to force SongShift to disable its API. This is in violation of my rights under the GDPR. I demand that you re-enable this API to allow me to exercise my rights under the GDPR.
  
  I expect a notification of receipt within 5 days. I expect a full answer within 14 days. In case of no reply, or no satisfactory reply, I will enter a complaint (verzoekschriftprocedure) at the Dutch civil court (Rechtbank Midden-Nederland).

[1] https://observablehq.com/@a-lexwein/what-i-got-when-i-reques...

[2] https://gdpr-info.eu/art-20-gdpr/