Maquette.pro/Shutterstock

Spotify gives record labels more access than you think when you pre-save an album

If you're one of the 200 million people who use Spotify, you know that it makes it easy for you to track your favorite artists and keep up with their latest music. What you probably didn't know is that it also lets those artists and their record labels track you back. According to a new report from Billboard, in some cases when users save songs to their device on Spotify, they unwittingly give record labels permission to access a considerable amount of personal information.

This access comes when a user pre-saves an album on Spotify. The feature, available for upcoming songs and albums, lets users add music to their library as soon as it becomes available. However, once a user pre-saves a song or album on their device, a record label can request and gain access to basically any part of a person's account. Labels can access a person's birthday, email address, and other personal information linked to their Spotify account, view their listening history, gain the ability to change the artists they follow, upload images to their account, take full control over private playlists and even remotely control their music streaming.

How exactly do labels end up with this type of access? In order to pre-save songs to a user's library, the label needs to have the ability to add and remove songs to a person's library. It has to ask permission to be able to do that, and most users grant it seeing as they are trying to get access to music as soon as possible. However, in asking for permission to access a user's library, some labels have started to ask for excessive amounts of access to user information — and the level of access isn't always obvious to the user. Many of the requests are hidden in submenus and would require the user to click through and review each and every request. Most users are likely unaware of those additional permissions and should have no reason to suspect they are agreeing to give away unfettered access to their account information.

Spotify via Billboard

Labels have not been shy about seeking this type of access. According to Billboard, recent promotional campaigns for Chris Brown and Drake's "No Guidance"; Little Mix's "Bounce Back"; Tiësto, Jonas Blue and Rita Ora's "Ritual"; and Noel Gallagher’s Black Star Dancing EP all requested excess permissions. Sony was found to be the biggest abuser of seeking 16 permissions that it doesn't need. Universal and Warner Music Brook both asked for around 10 additional permissions beyond what was actually required to deliver music to a user's library.

The potential for abuse here is clear: in addition to simply being able to see far more information about a person than they could ever need, there is also little stopping labels from abusing their access to do things like follow artists on a person's behalf or use their email address to sign them up for a mailing list.

This isn't the first time that Spotify has come under fire for potential abuses of privacy. A report from the Washington Post earlier this year identified the music streaming as one of many that contain trackers used to collect and share user information with third-party companies.

At a time where privacy is becoming paramount for people, Spotify's decision to allow record labels to request nearly unlimited access to a person's account is troubling. If you have pre-saved music on Spotify, you may have unwittingly given a label carte blanche to your information. To check, you will have to visit Spotify's website, login, click "Account" from the drop-down menu in the upper right-hand corner, then navigate to the Apps menu from the left-hand sidebar. Here, you'll be able to see all of the apps that have access to your account and can remove access with a click.