Spotify · Spotify Privacy Policy

Tailored Advertising by Default

High severity
Share 𝕏 Share in Share

What it is

Spotify uses your listening behavior and data from advertising partners to show you targeted ads by default. You have to actively go into your account settings to turn this off.

Consumer impact (what this means for users)

Your listening history and data provided by third-party advertising partners is used to serve you personalized ads unless you navigate to your Account Privacy page and opt out under 'Tailored Ads'.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Opt Out of Arbitration
    Log in to your Spotify account, go to spotify.com/account/privacy, and toggle off 'Tailored Ads' under the Tailored Advertising section. If not logged in, click 'Your Privacy Choices' in the footer of the Spotify website.

How other platforms handle this

Waze Medium

To collect, store, hold and manage your personal information through cloud based or hosting services or a third party or a party affiliated or connected to Waze, as reasonable for business purposes, which may be located in the European Union and the U.S.A., potentially countries outside of your juri...

Stripe Medium

Depending on the context, 'you' might be an End Customer, End User, Representative, or Visitor. End Customers interact with Stripe's services through Business Users (e.g., when purchasing from a merchant). For End Customers, the Business User is the primary data controller and Stripe acts as a data ...

X Medium

X is a public platform. X content, including your profile information (e.g., name/pseudonym, username, profile pictures), is available for viewing by the general public. The public does not need to be signed in to view some content on X.

See all platforms with this clause type →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Targeted advertising is enabled by default, meaning your personal data is being used for this purpose unless you take action to opt out. Free and paid users alike may be subject to advertising based on their data.

View original clause language
This is when we use information about your use of our services and other websites and mobile apps to tailor ads to be more relevant to you. This is also known as interest based advertising, targeted advertising, or 'sharing' for purposes of cross-context behavioural advertising. An example of tailored advertising is when an advertising partner provides us with information indicating that you may be interested in cars. This could enable us to show you ads about cars. You can control tailored advertising on your Account Privacy page under 'Tailored Ads'. If you do not have an account or are not logged in, you can also opt-out by clicking the 'Your Privacy Choices' link at the footer of our website.

Institutional analysis (Compliance & legal intelligence)

1) REGULATORY FRAMEWORK: This provision implicates CPRA §1798.120 (right to opt out of sale/sharing of personal information), CCPA §1798.100, and the FTC Act Section 5 (15 U.S.C. §45) regarding unfair or deceptive practices. Cross-context behavioral advertising constitutes 'sharing' under CPRA, enforced by the California Privacy Protection Agency (CPPA) and California AG. Virginia VCDPA §59.1-578, Colorado CPA §6-1-1306, and Connecticut CTDPA §42-520 also provide opt-out rights for targeted advertising. The FTC has enforcement authority over deceptive opt-out mechanisms. 2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC has enforcement authority under Section 5 of the FTC Act over unfair or deceptive advertising practices and data sharing for targeted advertising purposes.
    File a complaint →
  • State AG
    State Attorneys General in California, Virginia, Colorado, Connecticut, and Texas have enforcement authority over targeted advertising opt-out rights under their respective state privacy laws.
    File a complaint →

Applicable regulations

BIPA
Illinois, USA
CCPA/CPRA
California, USA
COPPA
United States Federal
CAN-SPAM
United States Federal
DMA
European Union
FCRA
United States Federal
GDPR
European Union
GLBA
United States Federal
HIPAA
United States Federal
UK GDPR
United Kingdom

Provision details

Document information
Document
Spotify Privacy Policy
Entity
Spotify
Document last updated
April 16, 2026
Tracking information
First tracked
March 6, 2026
Last verified
April 9, 2026
Record ID
CA-P-002607
Document ID
CA-D-00036
Evidence Provenance
Source URL
https://www.spotify.com/us/legal/privacy-policy/
Wayback Machine
View archived versions →
SHA-256
20e7378325f90f73de8e5f0d9b2d1ec4523f9cf07b406b492edd5753b96f24ad
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Spotify | Document: Spotify Privacy Policy | Record: CA-P-002607
Captured: 2026-03-06 20:27:52 UTC | SHA-256: 20e7378325f90f73…
URL: https://conductatlas.com/platform/spotify/spotify-privacy-policy/tailored-advertising-by-default/
Accessed: April 29, 2026
Classification
Severity
High
Categories
Data sharing

Other provisions in this document

Related Analysis