With over a million users from India alone reportedly regularly participating in Clubhouse discussion rooms, its data protection and data processing practices in the country have come under the microscope. And an Indian digitals rights privacy group has raised concerns over user privacy on the audio chat room app.
Internet Freedom Foundation (IFF), the Indian digital liberties organisation, has also urged Clubhouse to respect privacy, provide redressal against hate speech, and ensure due process and transparency when it censors content.
After the launch of its Android version in May 2021, India is Clubhouse’s top market, adding about 2.6 million users.
Clubhouse collects info more than it needs
Stating that everything is not rosy at Clubhouse, the IFF said concerns remain about its ability to secure users’ data, especially in the light of reports that scraped data of more than 1.3 million Clubhouse users was available on hacker forum.
Clubhouse collects a wide array of information, including your name, email address, contact details, phone number, IP address, device name, operating system, the people you interact with and the time, frequency and duration of your use. Clubhouse facilitates easy one-step sign-on by allowing the users to synchronise their social media accounts to the platform. “Such excessive collection of data is against the principle of data minimisation which requires that Clubhouse only collect such personal information as is necessary to provide its services,” IFF said in a blog post.
Clubhouse also collects phone numbers in your contact list even if those individuals are not on the platform. “This undermines the right to informational privacy of those persons whose phone numbers get exposed to Clubhouse without their knowledge, let alone consent,” it added.
Clubhouse’s content moderation needs to be evaluated
Stating that Clubhouse’s data sharing policies remain nebulous, IFF alleged that Clubhouse shares user data with vendors and service providers, business transferees as well as law enforcement agencies, if the need arises. “The scope of consent and clarity on what data is being shared and for how long is lacking. This contravenes the principles of data minimisation and purpose limitation practises endorsed in global privacy law legislations.”
IFF said the conversations retained by Clubhouse for investigations are protected by server-side encryption, but regular conversations remain unprotected. “Consequently, threats of plausible data leaks through vendors and back-end service providers persists.”
IFF added Clubhouse’s content moderation tactics would have to be evaluated and independent assessment of hate speech and disinformation needs to include systemic fixes in a way that trust and credibility is ensured in the review process.