California-based Clubhouse is an invite-only audio-based social app that allows users to join group chats. The company describes itself as a space for casual, drop-in audio conversations – with friends and other interesting people around the world that allows users to go online anytime to chat with the people they follow. In addition, users can also join in as a listener and hear what others are talking about.
Investigation over privacy rules
In a recent development, the social networking unicorn has drawn attention from the European data regulators over concerns that the app may be breaking privacy rules.
France’s independent data privacy authority, Commission nationale de l’informatique et des libertés (CNIL), has opened an investigation into Clubhouse’s parent company, Alpha Exploration Co., to understand if the app complies with the EU’s General Data Protection Regulation (GDPR).
The GDPR contains provisions and requirements related to the processing of personal data of any individual and applies to any enterprise that is processing the personal information of individuals inside the EEA.
Having received a complaint, the CNIL, on March 12, questioned the American company Alpha Exploration CO. on the measures taken to comply with the GDPR. The CNIL thus opened an investigation and carried out initial verifications which reveal that this company has no establishment in the European Union.
“Under these conditions, the “one-stop-shop” mechanism of the GDPR does not apply and the CNIL is, like each of its European counterparts, competent to intervene.However, the European authorities are communicating with each other on this matter, in order to exchange information and ensure consistent application of the GDPR,” it mentions in a statement.
CNIL also mentions, “The investigation should confirm that the GDPR is applicable to the company and determine if it is ignored. If it was confirmed that the application published by this company does not comply with the GDPR, the CNIL may, if necessary, use its own repressive powers.”
Clubhouse breaching privacy?
CNIL has mentioned that it has received a petition with more than 10,000 signatures in order to alert the agency against any possible breaches of privacy by the Clubhouse app.
Some of the French ministers, such as Transport Minister Jean-Baptiste Djebbari, have also used this app to have a direct exchange of thoughts with the general public. However, the European authorities are communicating with each other on this matter, in order to exchange information and ensure consistent application of the GDPR.
Brief about Clubhouse
Launched in March 2020, Paul Davison and Rohan Seth, Clubhouse advertises itself as a “space for authentic conversation and expression. Its app provides invitation-only audio chat rooms on a variety of topics, such as tech, books, and business.
Users can set up virtual rooms on a topic of their choice, which anyone with an account can then join. As for listeners, they can virtually raise their hands if they wish to add to the conversation, however, the host or hosts decide who is allowed to speak.
Earlier this year In January, the company raised $100M in funding led by Andreessen Horowitz and was reportedly valued at $1B.
This is not the first time!
Prior to France’s investigation, last month in February, the Hamburg (Germany) data regulator had asked the founders of Clubhouse app for information about how they protect the privacy of European users and their contacts.
The regulator believes that Clubhouse automatically reads users’ address books and stores the data in the US.
“Providers offering services to European users must respect their rights to transparent information, the right of access, the right to erasure, and the right to object. At the same time, there is an obligation to guarantee technical and organisational measures to protect the data. There are currently some doubts about all of this with the Clubhouse app. The Hamburg DPA has therefore coordinated with the other German supervisory authorities and sent a catalogue of questions to the operators in California to check compliance with European data protection law,” the Hamburg DPA said in a press release.
Johannes Caspar, Hamburg Commissioner for Data Protection and Freedom of Information, in a statement, says, “Unfortunately, it happens time and again that providers from the U.S. enter the European market or are simply successful with their products and services in the EU without complying with the most basic data protection requirements of the European digital market. Here, it is important to point out early which rules apply on the playing field of Europe and to enforce them.”
“It is in the interest of all European users to be able to use services that do not violate their own rights or those of others and that does not open up to the principles of privacy protection only after years of strengthening links with the users in Europe,” he adds.