It took its time, but Spotify Wrapped 2024 is finally here. Social media is already flooded with people's top artists and songs from the last year, and the comparing, sharing – and in my case, judging – has already taken place.
But it's the huge amount of data collection, including the type of music you listen to, how long you listen, and where you listen, that allows Spotify Wrapped to exist.
The anticipation for Wrapped seems to grow each year, and we can be blindsided by excitement, intrigue, and pretty colours. When it comes to Spotify's data collection, some look the other way, and are happy to excuse it for the sake of Wrapped and thousands of songs just one click away. Others may not even realise the extent of the correlation between Wrapped and massive data collection.
I'm not going to lecture you, and say you must delete Spotify – I'm a Spotify user myself – but there needs to be a frank and open discussion about the sheer amount of personal information collected by the app, and how comfortable we are with this.
We often recommend privacy software like the best VPNs to improve your privacy online, but in this case, even they will struggle to protect you against the tsunami of trackers and data collection Spotify throws at you. So, is there an answer?
How does Spotify Wrapped work and what data does it collect?
Spotify, and subsequently Spotify Wrapped, collects almost every type of personal information it can. It works on personalization – everyone's Wrapped, playlists, and recommendations are unique, and this is no coincidence.
Everything you do on Spotify is tracked. Every song, artist, playlist, genre, audiobook, and podcast you listen to is recorded. What you add to a playlist, what you skip, what you repeat, and what you like is all recorded too.
Time of day is recorded, whether you listen more in the morning or evening, and crucially for Wrapped, what time of day you tend to listen to particular music or content. For example, if you enjoy a morning run or gym session, energetic, upbeat music may be associated with the morning, and calmer, slower tracks in the evening.
This all makes sense. It helps Spotify make better recommendations, and generally improves the experience.
Perhaps more worrying is the fact that your location is recorded, enabling Wrapped and Spotify to show you what other people in your country are listening to, and where your top artists are most popular.
The majority of the personal information stored by Spotify is provided when you first sign up for an account. The type of data collected does vary by account type, location, and whether you sign in via a third-party.
Spotify's own Privacy Policy states the personal information collected on you includes: your name, email address, password, phone number, gender, street address, country, and university/college (if you're on a student plan). If you're a paying subscriber, then your credit card details and billing information will also be stored.
Adam and the ads
Spotify probably knows more about you than your friends and family, and this can be used for advertising purposes – so stand and deliver, your data or your life.
Your data is shared with advertisers and third-parties to allow for more targeted advertising, and you will receive ads relevant to the music you listened to. Spotify has also used the collected data for its own Wrapped advertising.
An advert used to promote a previous Wrapped year read "Dear person who played 'Sorry' 42 times on Valentine's Day. What did you do?" This highlights the incredibly invasive, and specific nature of the data collected, and how Spotify uses it for its own advertising, to promote Wrapped, and subsequently attract more users.
If you log in via third-party devices and applications, such as games consoles, smart speakers, or TVs, then Spotify can connect with the information on those devices.
Users on premium Spotify plans pay to receive no ads within their app, and no interruptions to their streaming experience. However users on free plans experience ads at regular intervals – all of which can be targeted and personal.
More than just personal data?
As well as usage and user data, Spotify also collects technical data. This includes URL information, cookies, IP addresses, network connections, browser types, and operating systems.
Some of these are identifiers that tools such as VPNs can protect you from. However, Spotify often doesn't play nicely with VPNs, and issues with the app can occur when connected to a VPN. Due to a VPN's ability to change your location, it is possible to infringe on licensing agreements and song copyrights.
If you can get it to work, using a VPN may help to avoid some of these technical identifiers – specifically those related to IP addresses and your network. However, Spotify will still be able to see exactly what device you're using.
What's more, all personal data is linked to your account rather than your IP address – meaning that no matter where it looks like you're browsing from, Spotify can still track your activity from within the app.
"While a VPN can hide people’s IP address, Spotify may still collect other data such as cookie data, device type, browser type, and operating system information," said a NordVPN spokesperson.
"Spotify’s key offering lies in its ability to understand the preferences of its users and deliver a personalized experience. This is one of the main reasons people actually use Spotify – it often seems to 'know' what they like. The important thing is to make sure users are making a conscious decision and understand that this is the trade-off: their data for better recommendations."
AI Put A Spell On You
At the time of writing, there is no mention of AI anywhere in Spotify's Privacy Policy, despite AI being used within Spotify's app.
In February 2023, the AI DJ feature was launched, which delivers a curated lineup of music alongside commentary around the tracks and artists.
Spotify states that "the DJ knows you and your music taste so well that it will scan the latest releases we know you'll like, or take you back to that nostalgic playlist you had on repeat last year."
In April 2024, AI technology was expanded to playlists, with the introduction of AI Playlist. This feature allows users to type a unique prompt into the chat, and have Spotify generate you a playlist.
In both cases, Spotify states that the features utilise its "powerful personalization technology", which enables music recommendations for the user, based on previous listening habits. Yet, there is no mention of the specific interaction between your data and generative AI.
Is there a Bridge Over Troubled Water?
Straight off the bat, the only way to truly stop Spotify from recording your listening habits and personal information is to delete your account.
Spotify's Privacy Policy is over 4,500 words, and will be fairly confusing for the average user. When reading the "Erasure" section, it states users should "follow the steps on our support page" to request erasure of personal data from Spotify. Clicking this link takes you to the "closing your account and deleting your data" page – not to "A Little Respect."
In the "Data rights and privacy choices" section of account safety and privacy, it says: "Spotify needs to process some personal data in order to provide you with the Spotify service. To delete that personal data, you need to close your account." This is pretty conclusive evidence of what you must do to remove your data from Spotify.
You can download a copy of all the personal data Spotify has on you by contacting them, and its website contains a page titled "understanding my data."
There are some steps you can take to limit the data collected by Spotify. Private listening mode keeps what you're listening to and your playlists private. However, it's only hidden from your followers, not Spotify itself.
Within your account settings, you can opt out of tailored ads and the processing of your Facebook data – I strongly recommend opting out of both of these.
Deep within its Privacy Policy, Spotify details how long your data is retained. Streaming history is an example of data that is kept "for the life of the account." The policy goes on to say "when your Spotify account is deleted, this category of data is deleted or de-identified."
The use of "de-identified" is concerning, as this implies there is a possibility the data isn't actually deleted, even after your account is, and a "shadow profile" remains.
When asked about the issue Luís Costa, Research Lead at VPN provider Surfshark, said: "With Spotify Wrapped just around the corner, it’s fascinating – and a little unsettling – how much an app can learn about its users. While Wrapped showcases your favorite artists and tracks, Spotify collects data all year long, far beyond your music preferences. The app collects 20 data points – significantly more than the average of 15 gathered by the 100 most popular apps, according to Surfshark's analysis."
"For Spotify, this includes sensitive information like health and fitness metrics, phone numbers, and search history," Costa said. "Even more concerning, a third of this data is shared with third parties for advertising purposes, including users’ locations and email addresses. While Spotify is a beloved app for music lovers, it’s worth questioning why a music platform needs to collect such extensive personal information."
When contacted about the data collection required for Spotify Wrapped, Spotify said: "Spotify is a personalized service, which requires us to collect some data like streaming history in order to provide the service users expect. When a user listens to music or other content on Spotify, we also must collect data about what they listened to in order to ensure we pay the appropriate rights holders. We simply cannot run Spotify or meet our obligations to rights holders without this information."
Spotify states "Users cannot withdraw their consent for the collection of basic streaming history, but they can control how that information is used in several ways."
As well as the steps I detail above, they go on to say users can "Use 'exclude from taste profile' to keep certain listens from being excluded from personalized recommendations and Wrapped."
"We have implemented various safeguards including pseudonymization, encryption, access, and retention policies to guard against unauthorized access and unnecessary retention of personal data in our systems."
Should I Stay Or Should I Go?
With Spotify Wrapped 2024 about to take the internet by storm, we must remember how it is created, and the excessive data Spotify collects.
What is clear is that the only way to stop Spotify recording your listening habits is to delete your account. It comes down to the individual and what you're comfortable with. If you enjoy the features Spotify provides, then you will have to accept everything you do within the app is being monitored and tracked. But if you value your personal data, it might be time to Go Your Own Way.
