Pandatamonium: What we know and don’t know about the risks of user data and privacy in music tech
Updated: May 14
Music tech has a data problem, and it’s not just the horrible mess of metadata. It’s the problem of user data.
Individuals’ data and privacy rights are the subject of a recent California-based suit against TikTok, as well numerous legislative efforts here in the US on the state and federal levels, and for good reason. Major labels seem to be taking note: Warner Music Group announced a new hire, its first dedicated privacy counsel, just last week.
A day rarely passes without some new story, from flashy scandals to quieter but just as disturbing hints of the strange, disturbing, ethically murky world of data gathering. Internet providers, cellular providers, social media platforms, apps, Bluetooth beacons in retail environments, and an array of new, poorly understood devices like smart speakers form a web of confusing relationships, often further muddled by a string of third-party data brokers. The data gathered in this chain can be easily used to determine an individual’s identity—even when supposedly “anonymized”—and track their movements and habits in ways that feel deeply creepy. It’s a problem many people out there, in all walks of life, see and sense. And it’s a problem for the music business.
The problem with this problem is we don’t know just how problematic it is, especially in markets like the US. We don’t know all the players. We don’t know exactly where all the data goes and who can see it, in what form. We only know the music business touches this problem wherever ads are served and data gathered.
When it comes to music, user data gathering seems benign. Listening habits seem unlikely to expose anything more damning than questionable taste or an obsession with that one Charli XCX remix. This isn’t your physical location, your phone conversation, your medical records, your bank transactions. I mean, honestly, who really cares what you’re listening to?
We don’t really know--and there’s the rub. The risk of future harm may be very real, as we look at digital state surveillance regimes and the history of political oppression and persecution in countries around the world. Music, as a cultural artefact valuable in transmitting and strengthening identities and ideas, could raise a flag for a security service. It could send someone to a reeducation camp. Music is that powerful. After all, these things have happened before.
Troubling edge cases aside, we know enough to know that user data from music platforms and services shade into the broader, murky world of commercial digital tracking and data scraping. Data collection, algorithmic recommendations, and advertising promise us both the wonders of personalization and the exposure of surveillance. Music’s power plays a key role here, too, suggesting at times that music services that lean heavily on harvested data engage in what one writer provocatively dubbed “emotional surveillance.”
Who, in the end, has a right to know your mood? What conclusions will be drawn, erroneously or accurately, from said mood?
Music tech needs to ask these questions, and other related ones, early and often. The business has faced a similar moment before, albeit around licences and copyright. The user data issue hearkens back to when startups based on UGC realized they had a licensing problem. The spirit of the day, the ol’ move fast/break things approach, may have felt wonderfully invigorating for startups, but not so much for rights holders and their legal teams. The ensuing legal hell inspired a new generation of innovators to address licensing first, before they went to market, or to build B2B platforms that automate licensing for new use cases.
We’re looking at another such moment, when future-proofing in music tech means thinking carefully about user data stewardship and policies. Ideally, we’d be considering how concepts like “privacy pollution” and “ambient privacy” might guide us toward better stewardship policies, defining what we track, when, how, and how long that data is stored. Perhaps it’s the perfect moment to start taking data and privacy very seriously, even in more playful spaces.