Our regulatory team explore the impact of the GPSR for manufacturers, providers of online marketplaces and consumers.
Read moreSpotify Wrapped — 5 top tips for companies to ensure data privacy in viral marketing campaigns
AuthorsIrem Tarasek
5 min read
Music streaming platform Spotify has mastered the art of creating experiences that resonate with users — the most obvious example being Spotify Wrapped, which has become a cultural phenomenon since its launch in 2016.
Every November/December, our social media feeds are infiltrated with graphics that showcase users’ top songs, artists and listening habits in a leading example of how personal data can be transformed into shareable content as part of a viral marketing strategy.
Frustratingly — and quite by design — Spotify doesn’t tell us exactly when Wrapped will be released each year. This is all part of the plan and feeds into the annual social media frenzy.
Yet behind Wrapped’s charm lies a serious question — how much do users really know about the data they’re sharing?
While Spotify Wrapped excites millions of us around the world, it’s essentially a creative way to get users to buy-in to Spotify’s collection of personal data. Essentially, Spotify has flipped the script on data — Wrapped gives each user the story of their year with music and an easy way to share that story with friends. However, it does raise important questions about data privacy, transparency and the balance between personalisation and ethical data use.
Here, Irem Tarasek explores the evolution of Spotify Wrapped and presents her five top tips for other companies looking to use personal data for viral marketing campaigns.
Ethical implications of using personal data for marketing
What began in 2015 as the relatively low-key ‘Year in Music’ has transformed into a sophisticated, interactive showcase of user behaviour. This strategy cleverly repurposes what could simply be dry data analytics into engaging, sharable narratives.
When we look at this brilliant marketing campaign as a compilation of all the data that Spotify collects on us, it prompts important questions about how companies are permitted to collect, process and share user data.
Spotify collects vast amounts of information to tailor personalised experiences like ‘Discover Weekly’ and its AI DJ feature — and the issue of data privacy has become more pressing in light of recent enforcement actions by regulators.
For example, last year the UK’s Information Commissioner’s Office (ICO) fined TikTok £12.7m for failing to adequately protect children’s data. Such cases highlight the need for all tech companies to ensure transparency and compliance with data privacy laws.
While Spotify claims to anonymise user data, its marketing campaigns sometimes highlight specific behaviours. For instance, an advert once celebrated a user who played a break-up song 73 times on Valentine’s Day. While amusing, such examples raise questions about the effectiveness of anonymisation and the ethical implications of using personal data for marketing purposes.
Considerations for competitors
Wrapped is not just a win for Spotify — it’s also a powerful tool for artists.
By sharing their Wrapped stats — such as being a user’s top artist or a playlist favourite — musicians can directly engage with fans. Wrapped turns data into a bridge between creators and listeners, showcasing how data-driven insights can foster genuine connections.
Yet this same data focus highlights broader industry concerns. While Spotify has faced criticism for low artist payouts, Wrapped shifts attention to the platform’s role in artist discovery and promotion.
Spotify’s success has not gone unnoticed. Rivals like YouTube Music, Amazon Music and Apple Music have launched their own year-in-review features.
While these offerings similarly aim to personalise user experiences and boost engagement, none have yet reached the levels of Wrapped. Still, using personal data as a marketing tool seems to be sticking around for the foreseeable.
Companies considering launching data-driven features like Wrapped must carefully navigate questions like:
- How much data should be collected?
- How should this data be used?
- How can user privacy be genuinely protected?
The answers lie in balancing innovative user experiences with transparency and regulatory compliance. For example, under the General Data Protection Regulation (GDPR), companies must provide users with control over their data.
Five top tips to ensure data privacy
The rise of features like Wrapped highlight the growing importance of ethical data use. Companies must make sure to not only comply with their legal requirements but build trust with users through genuine transparency and responsible practices.
Companies that prioritise ethical data practices will not only avoid regulatory risks but also gain competitive advantage by earning the loyalty and trust of their users in the process.
To strike the right balance, consider adopting a data privacy strategy centred around:
- Transparency — clearly communicate what data is collected and why.
- User control — empower users with tools to manage their data, including easy access to DSARs.
- Compliance — regularly review and adhere to data protection regulations.
- Ethical use — avoid intrusive practices and respect user boundaries.
- Engagement — create compelling, value-driven experiences that make data sharing feel voluntary and worthwhile.
Talk to us
For businesses looking to navigate the complexities of data protection and the use of AI, legal guidance is essential.
Our data protection lawyers are uniquely positioned to help organisations transform challenges into opportunities while ensuring compliance.
Talk to us by giving us a call on 0333 004 4488, sending us an email at hello@brabners.com or completing our contact form below.
Talk to us
Loading form...
Related insights
We explore the evolution of Spotify Wrapped and present five top tips for companies looking to use personal data for viral marketing campaigns.
Read moreHere, Dana Samatar demystifies what the EU AI Act really means for your business, including what systems are included and the penalties for non-compliance.
Read more