Clubhouse is an invite-only app for social networking based on audio-chat. It allows those within the app to listen in on various conversations, discussion and interviews. On 17 March 2021, the Commission nationale de l’informatique et des libertés (“CNIL”) (the French regulatory body for data protection) announced that it opened an investigation into the app as a result of a formal complaint.
On March 12, CNIL questioned the American company Alpha Exploration CO., Inc., publisher of the Clubhouse app, on the measures taken to comply with GDPR. Noting that Clubhouse is not established in the European Union, the CNIL aims to investigate whether the GDPR applies to the company.
Along with this, CNIL has further taken note of a petition on the ‘Sum of Us’ website with over 10,000 signatures, calling for questioning of the Clubhouse’s use of phone contacts. The online petition points at Clubhouse’s request to access iPhone contacts of the new users. This step could be skipped, however, users are still unaware why it is requested. It has raised data privacy concerns as users would be sharing names and phone numbers of those in their contacts who may not have heard about the app in the first place. This is evident where the petition states (translated from the original language of French):
“Have you heard of the new Clubhouse social network? Maybe not, but they probably already know a thing or two about you.”
The petition raises concerns that the gathered contact information is being put onto a secret data base which can consequently be sold to third parties.
As per CNIL’s statement, the investigation may have two possible outcomes – one outcome is if the GDPR does not apply, the French government may impose sanction or fines upon the company if there were to be any data privacy violations; and the second outcome is if the GDPR does apply, in which case, the CNIL may use its own repressive powers.
Reported by Sahel Bahman, Researcher at IntellecTech Law