Spotify’s ‘Seductive Surveillance’

How Companies Use Personalization to Leverage Our Surrendering of Data  

By Asa Hiken  

I was elated when, last month, Spotify released “Wrapped,” its annual year-in-review feature personalized to an individual user’s listening habits.  

But soon, it dawned on me: All those flashy stats on my favorite songs and hours logged are merely points of data that Spotify has collected, analyzed and gifted back to me in lustrous packaging. 

Though Spotify called it “one of the most anticipated moments of the year,” privacy experts call this product something else: “seductive surveillance.” 

So, what is the ultimate — or ulterior — objective behind Wrapped? And, how has Spotify seemed to convince the majority of its users that the collection of their data is not simply admissible, but exciting?

Spotify, based in Stockholm, did not respond to requests for comment from Digital Privacy News.

But the service is banking on our excitement. It’s not alone, though. 

Many companies engage in personalization, because it is through this mechanism that we are tacitly agreeing to surrender our data. 

In doing so, we expose ourselves to numerous violations of digital privacy.  

“Spotify is not interested in your thinking about what they do with your data,” Joseph Turow, professor of communications at the University of Pennsylvania, told Digital Privacy News. 

“They just want you to have a good time, because then you won’t think about their surveillance.” 

Data ‘Seduction’  

At the heart of Spotify’s personalization is seductive surveillance. 

First introduced in 2017 by Greek research analyst Pinelopi Troullinou, seductive surveillance essentially is an act of misdirection: A company offers a user an interesting product, the user engages with the product — and through their engagement, the company extracts data. 

“Companies create reasons for people to be allured by new technologies,” Turow said. But the key, he noted, is in how they play up the alluring aspect and hide the surveillance element.  

For many reasons a company may feel incentivized to play down its surveillance, but of utmost importance is trust. 

“Spotify is not interested in your thinking about what they do with your data.”

Joseph Turow, University of Pennsylvania.

In the era of Wikileaks, targeted advertising and the Facebook-Cambridge Analytica scandal, people are keenly conscious of their digital privacy.  

Turow, who has spent more than two decades studying these perceptions, has found that the majority of Americans are not only aware — but also are resigned to the reality that their data isn’t truly theirs. 

“Between 58% and 62% of Americans believe they have no choice but to give up their data,” Turow told Digital Privacy News. “Wanting something to happen but knowing that it can’t — this is resignation.” 

Encouraging ‘Consent’ 

So, what has become the new goal for companies, Turow said, is to make people want to consent. 

This motive explains how our acceptance of Spotify Wrapped — and our engagement with Spotify overall — is, in turn, our tacit agreement to surrender our data.  

This motive also explains why Wrapped is — and must be — so alluring.  

“The focus of a seductive product needs to be on the characteristics that will make it desired,” Troullinou said in her 2017 doctoral dissertation introducing seductive surveillance. 

Apply this thinking to Wrapped, and those characteristics become evident.

Firstly, Wrapped elicits the special seduction of a personalized product — that is, an experience unique to each user and their interests. In this case, that experience is a summary of a year’s worth of listening habits, reflecting a user’s favorite songs, artists, podcasts, and more.

But a social aspect also has exploded Wrapped into a worldwide, cultural event — through which Spotify encourages users to share results with friends and all over the web.

Others Do It, Too  

“The name of the game today is personalization,” Penn’s Turow told Digital Privacy News.

For example, Pandora has been using personalized services since before Spotify was even a startup. Founded in 2000, Pandora began offering personalized radio stations in 2005.

In 2019, to win over users from competitors, Pandora expanded their efforts into fully curated listening experiences — like that of Spotify — which depend on large intakes of user data to function.

For entertainment companies, the mode of seduction is largely recommendations. 

Through its system, Netflix — for instance — collects data on tastes to your favorite watching times to the devices you’re using. HBO Max is exploring whether to make its system even more seductive by turning recommendations into a shareable experience, like a Spotify playlist, according to news reports.

Even retailers — Target, Reebok and CVS — seduce customers through loyalty programs, while mining data on purchasing habits, customer demographics and personal information.  

Privacy Dangers  

While data-collection is usually not illegal, what companies do with that data can expose users to privacy dangers. 

For example, data-sharing allows companies to pass around data tidbits to form cohesive pictures of consumer profiles. 

This information can fall into the hands of other companies, brokers and advertisers. It can be used for presumptuous advertising, discriminatory business practices — even prejudicial surveillance under authoritarian governments.   

“The focus of a seductive product needs to be on the characteristics that will make it desired.”

Pinelopi Troullinou, Greek research analyst, in 2017 doctoral dissertation.

And just because a company has a privacy policy does not mean your data is safe. 

According to its policy, Spotify shares data with advertisers for interest-based advertising on its service. Netflix, which is ad-free, admits to sharing limited data with vaguely titled “third-parties” — as well as to using tracking cookies to learn more about your web history. 

Further, while both companies offer opt-out options, the instructions are notoriously buried and the process convoluted.

But the real threat, the one that has positioned tacit consent at the heart of seductive surveillance, is what Penn’s Turow calls the “never-ending spiral of personalization.”  

“After a while, companies and advertisers seek chinks in the way in which they advertise to you,” he told Digital Privacy News. 

Since the discovery and exploitation of such vulnerabilities lead to more advanced personalization methods, surveillance inevitably will become trickier and subtler. 

And, so, in the era of privacy scandals and mass resignation by the public, how better to collect data than to persuade users to surrender it themselves? 

“We’re moving into an era of consent and permissions,” Turow said. 

“How do you make people want to consent?” he posed. “A major part of it is seductive surveillance.”  

Asa Hiken is a writer in Washington, D.C.