Afaik GDPR says where it's technically feasible. The interpretation of technically feasible may vary, but given that the API was live for some time, it could be said it is feasible.
That being said I am no lawyer and I don't know what I'm talking about.
That is more or less why I wrote the things I wrote. By arguing it was against their ToS, they implied it was technically feasible. It however doesn't mean it isn't also technically infeasible, so I still believe Spotify could take a big fat dump of the data in any format they chose, zip it up and send it to the other controller, and it would be within the GDPR requirements.
If people think that GDPR grants consumers the right on which services exist and how data should represented etc, then I think they are misinformed.
Spotify could have answered with "That API is no longer available, but we will facilitate the transfer of an archived version of the data", and... I mean, what clause of GDPR does he have to complain or demand they do anything different?
That being said I am no lawyer and I don't know what I'm talking about.
reply