Getty Images Spotify founder and CEO Daniel Ek.
Forbes noticed the change earlier today.
Right now, this policy change has gone into effect in the UK, and it's not clear when or if it will migrate over to the US, where the privacy policy hasn't changed since April, 2014.
The streaming service wants access to the sensor information on your phone, which it says would be used for things like knowing whether you are walking, running, or standing still. This makes sense when you consider that Spotify is building products like "Running," which provides you with a mix of music with an underlying beat that's in time with your steps.
What is less easy to understand is why Spotify is seeking permission to access your photos, contacts, and "media files." What possible need could Spotify have for seeing your selfies?
Here is the relevant passage in the new policy:
3.3 Information Stored on Your Mobile Device
With your permission, we may collect information stored on your mobile device, such as contacts, photos, or media files. Local law may require that you seek the consent of your contacts to provide their personal information to Spotify, which may use that information for the purposes specified in this Privacy Policy.
Spotify could be planning to allow people to upload their own profile picture, which would require granting permission to allow Spotify to access your camera roll.
Spotify also wants to access your GPS coordinates, which could be used to create location-specific playlists, or see trends.
But privacy advocates could worry about how that information gets shared with Spotify "partners."
Spotify does outline that it only shares "de-identified" information its advertising partners here:
5.2.1 Marketing and advertising
We may share information with advertising partners in order to send you promotional communications about Spotify or to show you more tailored content, including relevant advertising for products and services that may be of interest to you, and to understand how users interact with advertisements. The information we share is in a de-identified format (for example, through the use of hashing) that does not personally identify you.
But they are more vague about how they will distribute the data to more general partners:
5.2.4 Certain Spotify partners
If you access the Spotify Service through an offer that you received or purchased from a third party such as your mobile network operator, we may also share information with that third party about your use of the Spotify Service, such as whether and to what extent you have used the offer, activated a Spotify account, or actively used the Service.
When contacted for comment, a Spotify spokesperson provided Business Insider with the following statement:
Spotify is constantly innovating and evolving its service to deliver the best possible experience for our users. This means delivering the perfect recommendations for every moment, and helping you to enjoy, discover and share more music than ever before. The data accessed simply helps us to tailor improved experiences to our users, and build new and personalised products for the future.
Spotify is no doubt feeling heat since the release of competitor Apple Music, and these policy changes could merely reflect a ramping up of more innovative products. But the question is what privacy costs are Spotify users willing to pay for new music discovery tools?