French watchdog begins investigation into possible Clubhouse privacy violations

The French privacy watchdog CNIL has launched an investigation into Clubhouse over concerns about the privacy protection of the app. CNIL wants to see whether the app must comply with European privacy legislation, even if it does not have a European office.

The Commission nationale de l’informatique et des libertés says it has launched an investigation and put initial questions to Alpha Exploration, Clubhouse’s US parent company. That happened after a complaint, although it is not known who it came from. The research revolves around the question of whether Clubhouse must comply with the GDPR and whether it does.

The CNIL already concluded on the basis of the first answers that it is allowed to enforce on Clubhouse. The company has no office in Europe. As a result, the so-called ‘one-stop-shop mechanism’ from the GDPR does not apply. Under that rule, a company with a European office must report to the regulator in that country, but that is not necessary at Clubhouse. CNIL therefore sees itself authorized to investigate the company. “The investigation should confirm that the GDPR applies to the business and determine whether it is being ignored,” the CNIL writes. The watchdog says it can take measures such as banning processing or handing out fines.

In addition to the official complaint to CNIL, a petition is also circulating in France calling on the CNIL to investigate the service for possible privacy violations. Clubhouse has been criticized for possible privacy violations for some time. For example, metadata was sent unencrypted, it turned out to be possible to listen in on conversations without a login and all telephone contacts were sent to the service by default. We wrote a Plus article about these problems in February. Clubhouse is an app for iPhones that makes it possible to have and follow live conversations.