The worrying update specifically states that the app would also use the sensors on your iPhone or Android smartphone to track if you're walking or running while logging your exact location using GPS.
Spotify CEO Daniel Elk speaks at one of its regular product updates
"3.3 Information Stored on Your Mobile Device
3.4 Location and sensor information
Depending on the type of device that you use to interact with the Service and your settings, we may also collect information about your location based on, for example, your phone’s GPS location or other forms of locating mobile devices (e.g., Bluetooth). We may also collect sensor data (e.g., data about the speed of your movements, such as whether you are running, walking, or in transit)."
While this is also the case for Android users, the upcoming version of Google's operating system Android M should allow its users to specifically opt-out of some of these requirements.
It's not yet clear how Spotify plans to collect this information on iOS though as each app has to specifically state what access it would like across your smartphone.
Snapchat for example lists all the different areas of your phone it would like to access, giving you the option of either accepting or blocking access.
Spotify's app for iPhone doesn't currently list that it requires access to your photos, despite the T&Cs suggesting that an update is imminent.
While many companies require this level of access to your personal information, Spotify has landed itself in particularly deep water for two reasons:
a) It's asking for deeply personal information that on the surface might not appear to be relevant to the function of the app
b) It then implies that it will share this information with third-parties, with the assumption that it would then make a profit from this.
Unsurprisingly Spotify's decision has been met on social media with almost pure negativity with many threatening to leave the service:
Well done @spotify I was keeping you around while I tried Apple Music but thanks to you wanting to collect my photos I’ve deleted your app.
— Paul Shields (@paulshields) August 21, 2015
— Vaelyos (@Vaelyos_) August 21, 2015
@Spotify can you recommend any alternatives for you? If I don't want to support your tracking and following?
— Aj Nieminen (@ajnieminen) August 21, 2015
— Yehspuhr (@yehspuhr) August 21, 2015
— Zack Lukas (@__zacklukas) August 21, 2015
Even the creator of Minecraft has stepped in to share his view saying:
.@Spotify Hello. As a consumer, I've always loved your service. You're the reason I stopped pirating music. Please consider not being evil.
— Markus Persson (@notch) August 21, 2015
To try and counter this, the company has posted a blog explaining some of the changes saying:
"We will always ask for individual permission or clearly inform you of the ability to opt out from sharing location, photos, voice and contacts."
If this is the case then the individual will have the option to turn this off, although it's not clear whether it'll be presented upon opening the app or will be activated by default.
While the changes are drastic, the actual information that Spotify is asking for is something we hand over regularly anyway.
Contacts access is used by everything from Facebook to the Nike+ Running app to help you find other people that are using the service. You can choose to give access or not.
Nike+ is one of many apps that asks for access to both your contacts and photos.
Photos access is always required if an app wants to let you change your profile picture, or to add photos as a personalisation feature. Again, you can choose to give access or not.
On closer inspection it also appears that Spotify does not plan on sharing your photos or contacts with third-parties, instead it will use non-identifiable information that it gathers through your actual playing behaviours.
"It’s likely this trend will continue and its therefore important for businesses to make the privacy related changes clear to users and give them the opportunity to opt out – something which can be particularly hard for users to see in a long list of terms and conditions."
Itaofa also warns that many of the decisions surrounding privacy are actually ours to make.
"To protect against such access consumers should check the list of requested permissions; if they're unhappy with the level of access requested they shouldn’t install the app. It boils down to considering what, if any, benefits additional access to data will provide. It’s then up to the consumer to decide for themselves whether the benefits outweigh the risks."