GDPR and Clubhouse: What applies in the app?

Clubhouse is the hype of the week and companies are already thinking about how to use the app for themselves. But caution is advised here. Several experts have already come forward with legitimate data protection concerns.

Clubhouse is currently on everyone’s lips and ears, because the new app is based on audio. Users can switch between different chat rooms sorted by topic, in which participants do not write but talk to each other. Within a very short time, companies are now also considering using the app’s momentum for themselves. But here there are not yet foreseeable difficulties ahead. Some lawyers and data protection experts are already getting in touch who are very critical of the new app and question the compatibility of Clubhouse with the GDPR.

Clubhouse was launched in May 2020 and has now also arrived in Germany. According to the Handelsblatt The app has over 600,000 registered users and its value is estimated at around 100 million euros. However, concerns about data protection arose already at the launch in the USA. Now data protection experts fear that companies in Germany would violate the GDPR when using Clubhouse.

Is Clubhouse GDPR compliant?

Similar to Zoom at the beginning of last year, Clubhouse could not be up to the sudden hype in Germany. At the time, several data protection scandals reduced the reputation of the video app. Clubhouse could face something similar. The Hamburg commissioner for data protection and freedom of information, Prof. Dr. Caspar, his assessment of Clubhouse compared to OnlineMarketing.de:

The entire data protection architecture of the Clubhouse app shows that the service has evidently grown too quickly and does not meet the requirements of the GDPR.

The US would have acted quickly in order not to violate the California Privacy Act, but the GDPR has so far been left out:

The privacy policy, knitted with a hot needle, takes into account the rights of data subjects under the California Privacy Act, but not under the GDPR, which the service must observe: In general, international users are referred to, who are advised that with the use of the service the data is transmitted to the USA, where it is used in particular by the servers of the technology partners of the operating company.

In addition, no: e contact person is officially known for data protection issues, as the GDPR actually provides:

Whether a representative, who is required for those responsible outside the Union, has been appointed seems highly questionable. The data protection situation is the same as for other services that do not have a branch in the EU: the data protection supervisory authorities of each member state are responsible.

Access to the phone contacts: how is this allowed?

One point that is already being discussed in particular is the app’s access to all telephone contacts. The user who logs on allows this, but the contacts whose data is given to the company in this way have not agreed to this. This is questionable for private use, but in a business environment, data transfer is likely to be a violation of the data transfer regulation of the GDPR, explains the lawyer Christian Solmecke Network world across from. The data protection officer Prof. Dr. Caspar criticizes the rules on data processing and data storage, the usefulness of which is not clearly communicated by Clubhouse. These did not reveal “any relevant restrictions and largely open up all options for the operating company,” said Caspar. Instead, Clubhouse shifts responsibility to the users. Finally, they are advised that they are using the service at their own risk:

Nobody here likes to say they were not warned … From a data protection point of view, the app is problematic after all.

Commercial use of clubhouse

According to the lawyer Thomas Schwenke, who is on his Privacy blog has dealt in detail with the topic, the terms and conditions of the app do not explicitly allow use in a business environment. In the terms and conditions, there is only talk of “personal use”. According to Thomas Schwenke, this suggests “that business use of the service to get familiar with it or for personal exchange (also in a business context) is permitted or at least tolerated.” However, “commercial use” is not authorized. If you want to use the app to sell your services or offer seminars, for example, you are violating the app’s specifications, according to Schwenke.

Screenshot, datenschutz-generator.de

Under no circumstances should clubhouse be offered by companies as the only contact or service option. Informal roundtables or talks currently fall into an as yet undefined zone. These may be offered, but all participants (be they customers or business partners) should be made aware of the risks of use in advance. If you want to record the conversation, you need verifiable consent from all participants in the conversation.

Do employees have to use the new app?

Clubhouse profile of Thomas Schwenke
© Thomas Schwenke

Especially in agencies, in PR and marketing or for (tech) journalists: tests of new applications are standard programs. If this is part of the job description and is contractually agreed, the use of the clubhouse can be a necessary part of the job, explains Schwenke on his blog. Incidentally, employees should expressly declare that they agree to the use and are aware of the risks. As a tip for professionals who would like to use the platform to exchange ideas with others from the industry, Schwenke states that this should be made clear in the profile description with a note. This is especially true if the appearance on the platform otherwise looks very professional.

Use recommendation of the experts: inside

When using it privately, users must be aware that the app accesses personal contact details and saves voice recordings for a short time without providing any further information about the processing of this data. Similar to other social networks, it is up to the user to decide whether they can agree to this.

So far, the experts advise against business use. But as Zoom showed last year, the app could still adapt to data protection requirements and thus find a place in a business context.


Source: OnlineMarketing.de by onlinemarketing.de.

*The article has been translated based on the content of OnlineMarketing.de by onlinemarketing.de. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!