France’s data protection authority has opened an official probe into Clubhouse over concerns the trendy iPhone audio app may be breaking privacy rules in Europe.
The French authority said it had sent questions to Alpha Exploration, the parent company of Clubhouse, to assess whether the app was compliant with the EU’s General Data Protection Regulation (GDPR).
Since Clubhouse does not have a European office in another country, the French regulator asserted that it had jurisdiction over the case, but added that “competent” authorities within the EU were co-operating on the matter without further details.
“The European authorities are communicating with each other on this matter, in order to exchange information and ensure consistent application of the General Data Protection Regulation,” it said.
The French regulator said it had received a complaint about the app, and added that a petition with 10,000 signatures was circulating that alleged potential privacy breaches by Clubhouse.
In February, the Stanford Internet Observatory issued a report about data protection on Clubhouse, in which researchers alleged that the IDs of users were being transmitted in plain text to a partner company’s servers in China, which the Chinese government might be able to access.
Since then, the app said it had rolled out changes to add additional encryption and blocks to fix the flaw. Clubhouse, which did not immediately respond for comment, has previously said it is “deeply committed to data protection and user privacy”.
The probe comes at a time when regulators in Brussels have expressed concerns over the implementation of the GDPR almost three years after the law was passed.
They also followed calls by a leading MEP to overhaul the legislation and make it fit for the digital age in light of the pandemic and the growing number of people working remotely and relying increasingly on technology.