Does Spotify’s Emotional Speech Recognition Tech Violate User Privacy?

As technology advances and privacy regulations evolve, privacy professionals must help companies find a healthy balance between product development, user data utilization and regulatory compliance. 

This is a complex challenge, as personal information (PI) is no longer defined by the standard categories such as first and last name, address, social security number, financial and health information.  

We are now in the era of companies collecting PI through audio, visual and location surveillance. We are also now in the era of pro-privacy. Governments and advocacy organizations are increasingly challenging these covert forms of PI harvesting, as they believe it puts companies in harmful positions over their users.  

On January 12, 2021, a speech recognition patent was granted to Spotify, one of the world’s largest music streaming providers. The patent, “Identification of Taste Attributes from an Audio Signal”, enables Spotify to listen to users and identify:

·      The gender of a speaker providing the voice

·      The age of a speaker providing the voice

·      The accent of a speaker providing the voice

·      The physical environment in which the audio signal is input

·      The number of people in the environment in which the audio signal is input 

On April 2, 2021, Access Now, which is a non-profit founded in 2009 that defends and extends the digital rights of people around the world, sent a letter to Daniel Ek, co-founder and CEO of Spotify, challenging him and his company to abandon their recently patented speech recognition tech. Access Now claims it “presents grave privacy and security concerns”. They also state the “technology is dangerous, a violation of privacy and other human rights and should be abandoned”.  

Access Now’s major concerns regarding Spotify’s speech recognition tech:

·      Emotion manipulation: Monitoring emotional state, and making recommendations based on it, puts Spotify in a dangerous position of power in relation to a user.

·      Gender discrimination: It is impossible to infer gender without discriminating against trans and non-binary people.

·      Privacy violations: The device would be “always on,” meaning it would be constantly monitoring, processing voice data, and likely ingesting sensitive information.

·      Data security: Harvesting deeply personal data could make Spotify a target for snooping government authorities and malicious hackers seeking information.

On April 15, 2021, Horacio Guiterrez, Head of Global Affairs and Chief Legal Officer at Spotify, responded to Access now and claimed that the company has never implemented the technology described in the patent in any of their products and has “no plans to do so”.  

Spotify invested a significant amount of effort and funding to develop its speech recognition technology and the company filed the patent application on February 21, 2018.  However, during the nearly three years between the patent filing and the patent grant, the global privacy landscape continued to shift toward user rights and this movement shows no signs of reversing or slowing down. The current course of direction will continue, as privacy regulations will strengthen and privacy advocacy will intensify. 

Privacy disputes such as the one between Spotify and Access Now demonstrate the critical need for privacy experts in the workplace who will proactively guide companies toward solutions that provide the best experience for their users while ensuring user privacy. If you are interested in privacy this is an excellent time to become involved, as the global shortage of privacy professionals will only increase as privacy laws expand and enforcement intensifies. 

To learn more about how to build a privacy program, visit the Privaci Learning website (www.privacilearning.com) and the Privaci Learning online course program at Udemy, which includes How to Build a Privacy Program for Your Organization and The Main Components to Include in Your Privacy Program. 

After completing Privaci Learning’s introductory courses you will know:

·      The importance of a privacy program

·      The building blocks for a privacy program

·      The role of a privacy program manager

·      The role of stakeholders

·      The main components of a privacy program

·      Why these program components are important

For more advanced coursework in privacy, read more about Privaci Learning’s additional online courses including GDPR Compliance: The Key Components , GDPR Data Processing Agreement Requirements Simplified and Lei Geral de Proteção de Dados(LGPD) 101-The Key Components .