Hello, I heard much about Clubhouse and recently got an invitation. I also hear that using it is in breach of the GDPR and that it is not safe to use it?
Can someone please explain to me what exactly what the problem is?
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
It would also appear they have a very leaky API that can be easily scraped – https://cybernews.com/security/clubhouse-data-leak-1-3-million-user-records-leaked-for-free-online/
My favourite bit to the story was them denying a breach via a twitter post saying ‘This is misleading and false. Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API.
That whilst the data scraped does not contain any special categories data, that statement alone would concern me!
The app was supposed to be private and “safe” to use for political discussion, but the Chinese government became very aware of the conversations. There is concern that the Clubhouse app is routing recorded conversations through servers and infrastructure in China. The Stanford Internet Observatory (SIO) claims to have uncovered that the Clubhouse app is built on services created by Agora, a Shanghai-based start-up. But Agora is not listed as a data processor or sub-processor.
Here is a link to an article and the SIO findings, if you want to form a view: –
It is not yet clear exactly which data protection violations are alleged in this case. Even so, an examination of the app reveals a lack of appropriate data protection notices, which would be required under the GDPR and the TMG. In addition, the fact that the app requires users to upload their address books has attracted public criticism, as has the claim that Clubhouse could use the contact information obtained in this way for advertising purposes.
(Note: German courts already banned social media platforms (e.g. Facebook’s Friend Finder tool back in 2016) from requiring users to upload their address books years ago, as this was deemed a violation of consumer protection rules.)
I read somewhere in one our my German data protection newsletters about court action in Germany against the Clubhouse over serious failings under data protection and consumer law.
There are some German specific things like no legal “imprint” the platform terms and privacy notice is in English language only.