Spotify Wrapped 2022 officially dropped on Nov. 30. Like other Spotify listeners around the world, I opened my phone to find my top genres and artists, my four-letter listening personality and my 100 most-listened-to songs in 2022. I was immediately surprised by the Wrapped’s accuracy. Trying to figure out how the app knew what it knew, I decided to make a data request from Spotify. In doing so, I discovered the importance of being informed about the privacy we relinquish when we use online services.
Here is everything I found out.
My Spotify data arrived five days after I made my request, and it came as a folder sent to my inbox. Opening the folder, most files were information I had previously expected Spotify to store. The company had my email address, payment information and registration details from when I first created my account. I also received two files labeled “StreamingHistory.json” which contained every song I’ve ever listened to, the type of device I used while listening and how many milliseconds I spent streaming each song. This may be the data Spotify uses to customize our Wrapped.
Spotify also collected my search queries, which it claims are used to improve music and podcast recommendations. My “SearchQueries.json” file has a log of all the times I’ve made a search, the type of device I used to make that search, the characters I typed into the search field and which results, if any, I interacted with. For example, the file reminded me that I had typed “driv” into my iPhone on Aug. 29 to play Olivia Rodrigo’s “driver’s license.”
Opening my “Inferences.json” file, I came across a nested list of labels that put me into several categories. The prefix of each label marked the source it had originated from. The ones beginning with “1P” referred to groupings based on first-hand information directly obtained by Spotify. These identifiers were mostly accurate but generally technical, and they included tags such as "1P_Custom_Google_Pixel" and "1P_Custom_ConnectedTV_no_Speaker_Streamers" that described the types of devices I had connected to Spotify. Other “1P” tags were given based on my interactions with the Spotify interface. For example, I received the label “1P_Custom_Passionate_Curators,” which I assume means I make a lot of playlists. This is true.
Labels beginning with “3P” likely refer to groupings made with the help of third-party resources, and they are mostly used to place listeners into market segments for consumer products Spotify thinks they enjoy. Some examples from other Spotify users include labels that classify them as consumers of bread, yogurt or McDonald’s breakfast products. The specificity in these user identifiers suggests the transfer of very precisely packaged data. In particular, labels attached to certain dates point to user actions or e-commerce purchases made on those specific days. One Spotify user reported receiving the tag “3P_Custom__ Entertainment – Mobile & App – Interest – Video Games_19-Feb-2021_WW,” after making a Pokemon Go in-game purchase on Feb. 19, 2021. These incidences of data exchange are representative of a much larger trend — your data is being used as currency.
Here’s where Spotify goes too far. From looking at labels obtained by other Spotify users, I found that some of the “3P” labels seemingly categorize listeners based on Spotify’s interpretations of their personal lives, including inferences about their household income, level of education and family size. Some of these inferences may be inaccurate. For example, one Spotify user reported receiving tags that indicated he was simultaneously getting divorced and getting engaged or married. Although it’s certainly possible for someone to consider divorce and marriage at the same time, the recipient of these tags reported them to be laughably inaccurate.
Thankfully, there is a way for us to protect our Spotify data: turning off tailored ads. Opting out of this service will stop Spotify from drawing “3P” inferences, which are primarily used by Spotify to serve tailored ads to its listeners. You can do this on Spotify’s Privacy Settings page, which claims that disabling tailored ads will stop Spotify from sharing “your information with third party advertising partners” and using “information received by them to show you tailored ads.” While this is definitely a good first step, Spotify does not say in its tailored ads statement whether it would stop receiving information about you from its advertising partners — it just won’t use it for the purpose of serving you ads.
Worse yet, Spotify is not the only company trying to collect data about you. In fact, many companies are looking to harvest your data — whether that’s for the purposes of improving their service, turning a profit or both. To see how Spotify’s data collection methods differ from those of other companies, I also requested my data from Google. In response, I was sent 12 GB of files including an archive of my entire search history, a list of every profile picture I’ve ever used and Google’s confidence levels about whether I was "STILL," "IN_CAR" or "ON_BICYCLE" at various locations. Brown is also collecting data about you. If you log into your Brown account and go to the “Data & Privacy” page, you can see how Brown records every time you swipe your ID card (counting invalid swipes), connect to the Brown WiFi or authenticate your device through Duo Security. Unfortunately, there’s no way to stop these companies or institutions from collecting your data, but there is a benefit in reading the fine print to see what they’re using it for.
Beware. Just as you are listening to Spotify, Spotify is listening to you.
Christina Peng ’26 can be reached at firstname.lastname@example.org. Please send responses to this opinion to email@example.com and other op-eds to firstname.lastname@example.org.