Tailored Advertising Opt-Out

What it is

Spotify uses your personal data for tailored advertising by default, but you can opt out through the 'Tailored Ads' setting in your account or via the 'Your Privacy Choices' link on the website footer.

Why it matters (compliance & governance perspective)

Tailored advertising is described as using information about your service use and activity on other websites and apps to serve interest-based ads; this is characterized as 'sharing' under cross-context behavioral advertising definitions, which triggers opt-out rights under CCPA/CPRA and similar state laws.

Clause Stability Stable

Consumer impact (what this means for users)

Unless you actively opt out via the Tailored Ads setting, Spotify processes your usage data and data received from advertising partners to deliver interest-based advertising across its free and, where applicable, paid service options including in podcasts; opting out results in contextual advertising based on registration information and current listening activity rather than behavioral profiles.

What you can do

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: The opt-out model for tailored advertising directly engages CCPA/CPRA, which defines cross-context behavioral advertising as 'sharing' of personal information requiring a clear opt-out mechanism and disclosure in a Notice at Collection. The policy references a separate California Notice at Collection. The FTC's guidance on online behavioral advertising also applies. States including Virginia, Colorado, and Connecticut require opt-out rights for targeted advertising under their comprehensive privacy laws. GOVERNANCE EXPOSURE: Medium. The policy provides an opt-out mechanism via account settings and the GPC signal, which aligns with CCPA/CPRA requirements. However, the adequacy of the GPC implementation for logged-out users and the consistency of opt-out application across podcast advertising (managed by hosting providers who may not be Spotify) warrant review. JURISDICTION FLAGS: California creates the highest exposure given CPRA's specific requirements for cross-context behavioral advertising opt-out and the requirement that opt-outs be honored via recognized preference signals such as GPC. Colorado, Connecticut, Virginia, and Texas also require opt-out rights for targeted advertising. The policy's podcast advertising carve-out (noting that hosting providers who may not be Spotify manage those controls) may create gaps in opt-out coverage. CONTRACT AND VENDOR IMPLICATIONS: Advertising partner contracts should be reviewed to confirm they honor Spotify's opt-out signals and do not independently use shared data for re-targeting. The disclosure that advertising partners may provide data to Spotify indicating user interests requires data processing agreements that define permissible use and onward transfer restrictions. COMPLIANCE CONSIDERATIONS: Compliance teams should audit whether the 'Tailored Ads' setting correctly suppresses all relevant data sharing with advertising partners upon opt-out, and whether the GPC signal is honored site-wide and in-app. The podcast advertising disclosure that non-Spotify hosting providers manage those opt-out controls should be reviewed to confirm it does not create a compliance gap under applicable state opt-out requirements.

Applicable agencies

Applicable regulations

Provision details

Other risks in this policy

• Facial Age Estimation and Biometric Data Collection high
• AI Feature Prompts and Transcripts Collection medium
• Broad Usage Data Collection including Device and Location Data medium
• Data Sharing with Third-Party Partners medium
• User Privacy Rights Extended to All U.S. Residents low
• Voice Data Collection medium

Related Analysis

• OpenAI Changed Its Privacy Policy 4 Times in One Week. Here Is What Actually Changed.

  Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.