Sleuthing the Privacy Practices of Clubhouse

Caroline McCaffery
August 11, 2021

On January 29, 2021, ClearOPS sent a newsletter to its subscribers about the very popular Clubhouse app. The excerpt below is just a teaser for the rest of our CEO's op-ed. If you want to read the whole thing, we encourage you to sign up for our newsletter. Happy sleuthing!

"Caroline's Op-Ed

Have you heard of Clubhouse? It's an invite-only business social media site. They describe themselves as a "drop-in audio chat." It is all the rage with venture capitalists on Twitter.  It is invite only and I am not a member. But then The Rise of Privacy Tech conference happened and everyone was talking about Alexander Hanff's article on Linkedin about Clubhouse.

You see, Alexander is well-known in the privacy industry. He resides in Europe and he frequently advocates for the right to privacy with a particular focus on violations of GDPR, the EU data privacy regulation. He is an expert on GDPR and compliance.

So his article walks through how Clubhouse's privacy policy violates GDPR. He literally calls them out for unlawful practices, and he does so with a witty and sharp style.

So I did what I always do, I ran a ClearOPS SPR report on Clubhouse. I mentioned this at the end of the conference to a few other attendees. It piqued their interest so I promised to write about it.

At first glance, my reaction to the report was pretty neutral. Once you have seen over 1000 vendors' reports, you start to notice patterns and, frankly, get numb to common practices. So things like using TLS version 1, or relying on CloudFlare and Gsuite does not surprise me.

Anyway, so my first thought was to write this op-ed as a point by point reply to Hanff's Linkedin article comparing Clubhouse privacy policy to US laws. But I sort of did a huge privacy policy op-ed last week, so that idea seemed repetitive.

Then I noticed something. "