Spotify was fined 58 million kronor ($5.4 million) by Swedish authorities on Tuesday. The Swedish Authority for Privacy Protection (IMY) stated Spotify improperly informed users about data collection practices and rights to access personal data. Under the European data protection act, users have a right to know how companies collect and utilize their personal data.

IMY stated that Spotify’s shortcomings were of low severity, and the regulatory body calculated the fine based on the company’s revenue and user population. Spotify stated that they publish all relevant information regarding data collection and privacy and that they plan to appeal the decision. The company acknowledged the four areas IMY suggested they can improve but maintained that the fine is unfair. A third party voiced support for data privacy enforcement but criticized Swedish authorities for the drawn-out litigation that took over four years.

Read More: