Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has authority over mobile app data collection practices that exceed consumer expectations or are not adequately disclosed under FTC Act Section 5.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Device Sensor Data Collection clause as low severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Device Sensor Data Collection — Spotify

Share 𝕏 Share in Share 🔒 PDF

What it is

Spotify may collect data from your phone or tablet's motion sensors — such as how you're holding or moving your device — when certain features require it.

Consumer impact (what this means for users)

Spotify can access your device's motion and orientation sensors, which tracks how you physically interact with your device — data that may be collected without explicit individual consent beyond general app permissions.

How other platforms handle this

Google Gemini Medium

When you use Gemini Apps, Google may collect information about your device and usage, including your IP address, device identifiers, browser type, and general location. This information is used to provide, maintain, and improve the Gemini Apps and related Google services.

Stash Medium

Stash does not respond to general web browser "Do Not Track" settings and/or signals.

Nintendo Medium

We may use cookies, or other similar technologies, on some of the features of our services. We also may permit our third-party service providers to set cookies and similar technologies within our services to perform various analytics functions and to provide you with targeted advertisements that may...

See all platforms with this clause type →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Device sensor data can be used to infer behavioral patterns, physical activities, or context that goes beyond typical music app functionality, and consumers are rarely aware that sensor data is being collected.

View original clause language

Motion-generated or orientation-generated device sensor data if needed to provide features of the Spotify Service that require this data. This is data which your device collects about the way you move or hold your device.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: Device sensor data constitutes personal information under CPRA and analogous state statutes. Depending on what the sensor data reveals (e.g., physical activity patterns that could infer health conditions), it may constitute sensitive personal information under CPRA §1798.140(ae). The FTC Act Section 5 applies to collection of sensor data that exceeds consumer expectations. Mobile platform privacy guidelines (iOS App Privacy Labels, Google Play Data Safety) require disclosure of sensor data collection. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC has authority over mobile app data collection practices that exceed consumer expectations or are not adequately disclosed under FTC Act Section 5.
File a complaint →

Applicable regulations

United States Federal

CAN-SPAM

United States Federal

DMA

European Union

FCRA

United States Federal

GDPR

European Union

GLBA

United States Federal

HIPAA

United States Federal

TCPA

United States Federal

UK GDPR

United Kingdom

Provision details

Document information

Document

Spotify Privacy Policy

Entity

Spotify

Document last updated

April 29, 2026

Tracking information

First tracked

April 28, 2026

Last verified

April 28, 2026

Record ID

CA-P-002613

Document ID

CA-D-00036

Evidence Provenance

Source URL

https://www.spotify.com/us/legal/privacy-policy/

Wayback Machine

View archived versions →

SHA-256

62bfd0910e1d9815b6915626d36d1058b28aa407638be86ce562523eaf99f811

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Spotify | Document: Spotify Privacy Policy | Record: CA-P-002613
Captured: 2026-04-28 08:47:36 UTC | SHA-256: 62bfd0910e1d9815…
URL: https://conductatlas.com/platform/spotify/spotify-privacy-policy/device-sensor-data-collection/
Accessed: May 2, 2026

Classification

Severity

Low

Device Sensor Data Collection

What it is

Consumer impact (what this means for users)

Why it matters (compliance & risk perspective)

Institutional analysis (Compliance & legal intelligence)

Applicable agencies

Applicable regulations

Provision details

Other provisions in this document

Related Analysis