Transparency data

Privacy notice (The Future of Music Streaming Creator’s Survey)

Published 19 July 2022

1. The CDEI Creator’s Survey and your personal data

This privacy notice explains who the CDEI are, the personal data the CDEI collects, how the CDEI uses it, who the CDEI shares it with, and what your legal rights are.

2. About the CDEI

For the purposes of the Data Protection legislation, the Department for Digital, Culture, Media and Sport (DCMS) is the controller of the personal data you provide us with in response to this survey.

We collect and process your personal data in accordance with applicable law. This includes, without limitation, the EU General Data Protection Regulation (2016/679) and the UK Data Protection Act 2018, together with other applicable UK and EU laws that regulate the collection, processing and privacy of your personal data.

We have appointed data protection officers (DPO) within DCMS who are responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice or how we are handling your data, please contact the CDEI using the details set out below.

Centre for Data Ethics and Innovation:

E-mail: cdei@cdei.gov.uk

If you are unhappy with how the CDEI has handled your data, please contact the DPO:

Email: dpo@dcms.gov.uk

3. Personal data we will collect

The personal information we ask to collect and process is provided to us directly by you in the survey. This may include:

  • Age

  • Gender identity

  • Ethnic group

We will not collect your name and email address. When responding to this survey, please do not share any more personal data than is being requested.

To process this personal data, our legal reason for collecting or processing this data is: Article 6(1) e:

It is necessary to perform a public task (to carry out a public function or exercise powers set out in law, or to perform a specific task in the public interest that is set out in law)

There are further requirements for processing more sensitive, or ‘special category’, personal data. You can find out more about these bases for processing personal data by consulting the Information Commissioner’s Office.

To process this special category data, our legal basis: UK GDPR Article 9 (2) g:

processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject

We are also relying on the Data Protection Act 2018 Schedule 1 Part 2, Paragraph 6, as the processing is necessary for reasons of substantial public interest.

The lawful basis that we rely on to process your personal data will determine which of the following rights are available to you. Much of the processing we do in DCMS will be necessary to meet our legal obligations or to perform a public task. If we hold personal data about you in different parts of DCMS for different purposes, then the legal basis we rely on in each case may not be the same.

5. How will the CDEI use any personal data including survey responses you provide?

The CDEI will keep your responses in strict confidence in accordance with this privacy policy. Your data will be anonymised before publishing, and you will not be identifiable in any published results.

The CDEI will use your personal data and responses solely for research purposes and to produce anonymous, statistical research findings and insights.

6. What will happen if I do not provide this data?

The CDEI has been tasked with researching the ways in which algorithmically driven recommendation systems have impacted music consumption, including how creators are being affected (see Recommendation 18 in the Government’s response to the economics of music streaming Committee’s Second Report). This survey will allow us to take the views of creators into consideration as part of our research, as well as begin to understand if and how algorithmically driven recommendation systems affect different categories of creators, creators across different genres, and whether there are any apparent differences in their effect by region, age, gender identity, or ethnic group.

This will go on to inform any conclusions that we come to in our final report. If the above data is not provided, we will have a less complete understanding of how the effects of algorithmically driven recommendation systems are felt across different demographics, and therefore be less able to make effective recommendations.

7. Data Sharing

We will not transfer your personal data outside of the UK.

We will let you know if we are going to share your personal data with other organisations – and whether you can say no. You can ask us for details of agreements we have with other organisations for sharing your information.

If you write to us on a subject that is not our policy area, and the response needs to come from another government department, we will transfer your correspondence, including the personal data, to that department.

You can also ask us for details of any circumstances in which we can pass on your personal data without telling you. This might be, for example, to prevent and detect crime or to produce anonymised statistics.

We won’t make your personal data available for commercial use without your specific permission.

8. Will my data be used for automated decision making or profiling?

We will not use your data for any automated decision making. If we need to do so, we will let you know.

9. Data security

Your information is securely stored within our own secure network. We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

10. How long we keep your personal information

The CDEI will only retain your data in a way that can identify you for a maximum of 12 months.

11. Your data protection rights

Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information.

  • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

  • Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

  • You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. If your request is complex, we have the right to extend this to up to 3 months. If we have to do this, we will let you know.

Please note some of the above rights are not absolute and we will let you know if an exemption applies if you wish to avail of your rights.

Please contact us at cdei@cdei.gov.uk if you wish to make a request.

12. How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at the above contact details.

The contact details for the data controller’s Data Protection Officer (DPO) are:

Data Protection Officer
The Department for Digital, Culture, Media & Sport
100 Parliament Street
London
SW1A 2BQ

Email: dpo@dcms.gov.uk

If you’re unhappy with the way we have handled your personal data and want to make a complaint, please write to the department’s Data Protection Officer or the Data Protection Manager at the relevant agency. You can contact the department’s Data Protection Officer using the details above.

You can also complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we have used your data.

Information Commissioner’s Office,
Wycliffe House,
Water Lane,
Wilmslow Cheshire,
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

13. Changes to our privacy notice

We may make changes to this privacy policy. In that case, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.

If these changes affect how your personal data is processed, DCMS will take reasonable steps to let you know.

This notice was last updated on 19/07/2022.