The French data protection agency Commission Nationale Informatique & Libertes (CNIL) announced Wednesday, March 17, 2021, that it had launched a probe into Clubhouse, the newly popular audio app.
Launched in 2020, Clubhouse is an exclusive mobile audio app that works on an invite-only basis and where members can engage in conversations with people in digital “rooms.”
The probe comes as a complaint about the iPhone app resurfaced saying that it may be breaking privacy data rules in Europe, reports the Financial Times.
Besides this, Tech Crunch also notes that a petition signed by more than 10,000 people in France has called on the regulatory commission to intervene, accusing Clubhouse of compromising the information of users in a series of privacy breaches.
Just February of this year, the Financial Times reports that researchers from the Stanford Internet Observatory supposedly found that the user IDs of members were shared in plain text to a partner’s servers in China.
Although Clubhouse maintained that it has issued patches for the said flaws and that it had rolled out enhanced encryption services for the app, the Financial Times states that it brings up the issue of the Chinese government possibly gaining access to the credentials of the app users.
Besides this, Tech Crunch states that privacy concerns mainly stemmed from Clubhouse harvesting and uploading users’ phone book contacts to identify how many contacts or friends the users have on the service, especially when it comes to choosing which ones to invite.
In particular, the French regulator seeks to identify what possible rules apply to Clubhouse’s parent company Alpha Exploration. In the event CNIL finds the company in violation of European regulations, it aims to take measures against Clubhouse, states France 24.
In attempts to gain more answers into its investigation, the French authority said that it had already reached out to the United States-based parent company of Clubhouse.
CNIL has since confirmed that Alpha Exploration does not hold office anywhere in the European Union. Following this, Tech Crunch reveals that the French regulator maintained that should the app receive complaints about its data use, it can be investigated by any member of the EU DPA.
This is also to determine if the data privacy laws and protection of the app complies with the General Data Protection Regulation (GDPR) in the European Union, notes the Financial Times.
In a statement, CNIL said, “The European authorities are communicating with each other on this matter, in order to exchange information and ensure consistent application of the General Data Protection Regulation.”