Is Last.fm Sharing User Data With The RIAA?

TechCrunch has published a damning rumor accusing the social music site Last.fm of helping the RIAA find users who downloaded leaked copies of U2’s new album. Relying on a tip, TechCrunch claims that the Last.fm, a subsidiary of CBS, handed over a “giant dump of user data to track down people who are scrobbling unreleased tracks.”

Last.fm was designed to watch over your music collection. Every time you play a song, the site is notified and the song is added to your profile, or scrobbled. Over time, the site uses your listening patterns to generate recommendations.

According to the Last.fm, over 7,000 users have listened to U2’s unreleased album. TechCrunch’s tipster says that that part of that data was handed over to the RIAA.

I heard from an irate friend who works at CBS that last.fm recently provided the RIAA with a giant dump of user data to track down people who are scrobbling unreleased tracks. As word spread numerous employees at last.fm were up in arms because the data collected (a) can be used to identify individuals and (b) will likely be shared with 3rd parties that have relationships with the RIAA.

The RIAA released a sentence-long response declaring: “To our knowledge, no data has been made available to RIAA.” Last.fm’s system architect also denied that any data had been shared.

We release no data linking users and plays to any third parties.

The only data we provide to labels (in addition to the data publicly available on their artist pages) are historical graphs of listeners and plays. There’s no way to link these to individual users.

Basic user data is already on Last.fm for anyone, including the RIAA to see, but without personally identifiable data like IP addresses, it’s tough to see how the RIAA could do anything other than rustle up some scaremongering publicity.

Did Last.fm Just Hand Over User Listening Data To the RIAA? [TechCrunch]

UPDATE: Last.fm gave the following clarification to TechCrunch about user data sharing:

The data we make available to labels is aggregate data about their artists – it’s a slightly more detailed version of what you see on the site. We release no data linking users and plays to any third parties.

The only data we provide to labels (in addition to the data publicly available on their artist pages) are historical graphs of listeners and plays. There’s no way to link these to individual users.

If a label was trying to work out who’s been listening to their leaked track, the closest they can get would be to look at the publicly-available listeners on the music pages. I would doubt that would be enough evidence to convict someone, and users can opt out of being displayed there in their settings.