France’s data privacy watchdog adds to a growing list of regulators that have launched investigations into Alpha Exploration, the publisher of the Clubhouse application, regarding measures it has taken (or not taken) to comply with the EU’s General Data Protection Regulation (GDPR).
Clubhouse is an audio-only social network, led by one or more organizers, that allows people to chat in virtual lounges or by invitation. While popular among private users, the app is an attractive option for companies, as well, for its potential to be used for the purposes of marketing and communicating with customers.
The Commission Nationale de I’Informatique et des Libertes (CNIL) pointed to a complaint and petition currently circulating that has, to date, gathered “close to 15,000 signatures,” alerting the CNIL to possible privacy breaches by Clubhouse and calling for regulatory intervention.
The CNIL’s investigation comes in response to these actions. According to the CNIL, Alpha Exploration has no establishment in the European Union. “Under these conditions, the ‘one-stop-shop’ mechanism of the GDPR does not apply, and the CNIL is, like each of its European counterparts, competent to intervene,” the agency said in a translated press release.
The CNIL added, however, “European authorities are communicating with each other on this matter, in order to exchange information and ensure consistent application of the GDPR.” The investigation is looking into whether the GDPR applies here and whether any violations have occurred. If the Clubhouse application is found to be in noncompliance with the GDPR, the CNIL said it may, if necessary, bring an enforcement action.
More investigations: This is not the only investigation Alpha Exploration is facing for potential data privacy violations. In February, Germany’s privacy regulator in Hamburg also launched an inquiry into Clubhouse requesting information about how the app protects the privacy of European users and other invitees.
The concern raised by European data privacy regulators is that the app unnecessarily accesses users’ contact information, stores the data of its European users in the United States, and keeps recordings of all conversations—without being clear and transparent about these practices. Among the data privacy regulators voicing concerns: Johannes Caspar, Hamburg commissioner for data protection, who spoke with Bloomberg Law; and Monika Grethel, commissioner for data protection of the Federal State of Saarland in Germany, who made similar critical statements to a German publication.
Compliance message: Carlo Piltz and Stefan Hessel of reuschlaw Legal Consultants in Germany advised in a blog post that companies thinking about using the Clubhouse app for marketing or customer communication purposes “should undertake an intensive legal review in order to avoid getting in trouble with the data protection authorities and/or damage claims from customers and employees.”