Hacker News new | past | comments | ask | show | jobs | submit login

> Spotify re-enabled the API because they chose to, not because they had to.

Spotify re-enabled the API because:

• they already had the API, so they couldn't claim it was an undue development burden to re-enable it;

• it was cheaper than setting up another system based on manually emailing large chunks of the database; and

• it was good press.




Indeed. But those are probably the reasons for why they chose to. My point is that Spotify chose to. A lot of people made that correspondence out to be that they had to, per GDPR. And, as this thread discusses, and your list correctly omits: GDPR was not one of them.


Bullet points 1 and 2 in that reply only exist because of the GDPR...


Regarding bullet point 1, this is where Spotify went wrong (if their intention was to not provide this API), because in the correspondence, they did make it apparent that enabling the API was trivial. However, they could have said that due to business reasons, they decided to no longer maintain that API, and there is nothing compelling them to do so.

Regarding the second bullet point, you would have to explain to me what that has to do with GDPR.

To get back to the original point, activating this API is suggested as the clear winning example of GDPR. And, the counter argument I provided is that Spotify could have chosen to not activated the API, and still be in full compliance of GDPR. However, they evaluated the situation, and decided to activate the API.

I'm not making a point beyond this, so the responses so far have been a bit confusing. Yes, GDPR was part of the factors that pushed in the direction of enabling the API, and this is a good thing. However, the argument is only that GPDR did not compel them to do so.


> Regarding the second bullet point, you would have to explain to me what that has to do with GDPR.

Without the gdpr the cheapest alternative is to dev null the email, with the gdpr the cheapest alternative is to re-enable the api.

> I'm not making a point beyond this, so the responses so far have been a bit confusing.

Welcome to the internet :P

I do think your point is a bit weak here to be honest, and that people are reacting to this. It relies on interpreting the original demand as strictly "re-enable the api" and not "comply with the GDPR, and btw we both know the easiest way for you to do that is to re-enable the api".

In the example being used it was really the latter, consider that all the followup emails included the phrase "or allow for some other method to allow me to exercise my rights under the GDPR". It's also not like the overall goal of exporting data to another provider would have not been achieved if they implemented some new method instead, you can be sure that songshift would still do the work to make it easy to switch from spotify to them.


It’s could easily be argued that it’s an burden to maintain them.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: