Spotify · Spotify Privacy Policy

Third-Party Data Sources for Advertising

High severity
Share 𝕏 Share in Share

What it is

Spotify receives data about you from advertising partners and uses it to target you with ads, meaning companies you have never interacted with through Spotify can influence the ads you see.

Consumer impact (what this means for users)

Third-party advertising companies provide Spotify with information about your interests from outside the platform, which Spotify combines with your listening data to serve you targeted ads — this cross-platform profiling is opt-out by default.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Opt Out of Arbitration
    Visit spotify.com/account/privacy and toggle off 'Tailored Ads' to opt out of cross-context behavioral advertising including data received from third-party advertising partners.

How other platforms handle this

Uber Medium

Drivers and delivery people can exercise data rights including the right to access personal data held about them, the right to request correction of inaccurate data, the right to request deletion of their data (subject to legal retention obligations), the right to object to processing, and the right...

Binance.US Medium

To Comply With Our Legal Obligations. We may disclose your information with courts, law enforcement authorities, regulators, attorneys or other parties: (A) to comply with laws and legal obligations; (B) for the establishment, exercise, or defense of a legal or equitable claim; (C) to respond to law...

Target Medium

We may share the information we collect with companies that provide support services to us (such as printers, email providers, mobile marketing services, analytics providers, web hosting providers, call center/chat providers, sweepstakes vendors, payment processors, coupon delivery vendors, data enh...

See all platforms with this clause type →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Advertising partners supply Spotify with data about your interests and behaviors from outside the Spotify platform, creating a more detailed combined profile than Spotify could build alone — and this happens without most users being aware of it.

View original clause language
An example of tailored advertising is when an advertising partner provides us with information indicating that you may be interested in cars. This could enable us to show you ads about cars.

Institutional analysis (Compliance & legal intelligence)

1) REGULATORY FRAMEWORK: Receipt of personal data from advertising partners for targeting purposes implicates CPRA §1798.120 (sharing for cross-context behavioral advertising requires opt-out right); CCPA §1798.115 (right to know categories of third parties to whom personal information is disclosed); FTC Act Section 5 (deceptive practices regarding third-party data use); the FTC's 2014 Data Broker Report recommendations; and state privacy laws in Virginia (VCDPA §59.1-578), Colorado (CPA §6-1-1306), Connecticut (CTDPA §42-520), and Texas (TDPSA §541.052). CPPA and FTC are primary enforcement authorities. 2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC has authority over commercial surveillance practices, third-party data broker relationships, and targeted advertising under FTC Act Section 5.
    File a complaint →
  • State AG
    State AGs in California, Virginia, Colorado, Connecticut, and Texas have enforcement authority over third-party advertising data sharing and opt-out requirements under state privacy laws.
    File a complaint →

Applicable regulations

BIPA
Illinois, USA
CCPA/CPRA
California, USA
COPPA
United States Federal
CAN-SPAM
United States Federal
DMA
European Union
FCRA
United States Federal
GDPR
European Union
GLBA
United States Federal
HIPAA
United States Federal
UK GDPR
United Kingdom

Provision details

Document information
Document
Spotify Privacy Policy
Entity
Spotify
Document last updated
April 16, 2026
Tracking information
First tracked
March 6, 2026
Last verified
April 9, 2026
Record ID
CA-P-002611
Document ID
CA-D-00036
Evidence Provenance
Source URL
https://www.spotify.com/us/legal/privacy-policy/
Wayback Machine
View archived versions →
SHA-256
20e7378325f90f73de8e5f0d9b2d1ec4523f9cf07b406b492edd5753b96f24ad
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Spotify | Document: Spotify Privacy Policy | Record: CA-P-002611
Captured: 2026-03-06 20:27:52 UTC | SHA-256: 20e7378325f90f73…
URL: https://conductatlas.com/platform/spotify/spotify-privacy-policy/third-party-data-sources-for-advertising/
Accessed: April 29, 2026
Classification
Severity
High
Categories
Data sharing

Other provisions in this document

Related Analysis