Comments
  1. LinkedIn Pulse10 min
    20 reads6 comments
    7.5
    LinkedIn Pulse
    20 reads
    7.5
    You must read the article before you can comment on it.
    • thorgalle
      Top reader this weekScoutScribe
      3 years ago

      This is an interesting critique, and I appreciate it! But I actually didn't like the tone of it so much. It's inflammatory. Its goal seems to be to make you believe that Clubhouse people have the absolute worst of intentions, not to give constructive feedback to Clubhouse & its users. If I'm reading the quoted privacy policy passages, I also don't feel that Clubhouse has the worst of intentions... I tried to verify the person writing this (Alexander Hanff), and as far as you can glean from a LinkedIn profile, he does have very relevant experience. Maybe only no specific legal training. So here, my critique of a critique.

      First of all, he's berating Clubhouse for not having end-to-end encryption. As far as I can see, the company isn't claiming anywhere that they use E2E encryption. This is the only claim they make regarding "encryption" in their privacy policy (based on a Ctrl+F search):

      Audio from (i) muted speakers and (ii) audience members is never captured, and all temporary audio recordings are encrypted.

      Since when did it become immoral or unlawful for a company not to use E2E encryption? Clubhouse is maybe not a 100% privacy-focused service like Signal. So what. That's what you get when the service is "free". This leaves room for another alternative start-up to go that privacy-aware route.

      Including this in a critique on privacy & information law compliance mixes things up and makes them seem worse than they are, especially for skimming readers who don't feel like distinguishing real GDPR law vs personal opinion.

      Solely for the purpose of supporting incident investigations, we temporarily record the audio in a room while the room is live. [...] If no incident is reported in a room, we delete the temporary audio recording when the room ends.

      Ok, their "temporary" should probably be specified more clearly. But to me, on a human level, this sounds like a valid purpose for recording. How can you ever investigate and correct claims of discrimination, racism or verbal assault if there is no evidence after the fact? Especially if these recordings get auto-deleted right after a room ends without reported incidents, this seems super reasonable to me...

      I do very much agree with Hanff's concern about the address book though. I don't remember giving explicit consent for the use of it, and Clubhouse even shows you how many friends a potential invitee would have on Clubhouse. That's a really unethical and very likely unlawful use of personal data.

      Next, he critiques this passage:

      We may infer your preferences for content and features of the Service, or future products and services, based on the Personal Data we collect about you.

      Then he refers to an excerpt from the GDPR: "The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling...".

      I have heard about this GDPR excerpt before, and always thought about it in the case of an insurance firm making automated decisions based on deeply personal data without consent. Which, I agree, is something very ugly. But if Clubhouse's "inferring preferences for content and features" is illegal, then every company doing any kind of adaptive UI or personalization (read: Twitter/Facebook's news feed) is illegal. I'm not sure if this is a correct interpretation of the GDPR, and I'd love to see some specific examples where companies got fined because they personalized a news feed, or something similar. Maybe it's true that you should get consent to do this (at least it seems that Twitter/Facebook have to ask your consent to target ads at you. Not sure about their news feeds.)

      Big disclaimer: I'm not a legal expert, nor a GDPR expert. Just a human reading this article. I should probably read the whole Clubhouse privacy policy myself too soon.

      1. Update (2/15/2021):

        EDIT: Correction: there was a prompt for Contacts access. I had probably clicked OK without realizing/reading. Bad behavior 🙈

      2. Update (2/21/2021):

        It is fair to mention that Alexander wrote a response to my critique on LinkedIn here.

      • SEnkey3 years ago

        That is a fair response to the article.

    • Florian3 years ago

      This is by far the most entertaining privacy related article I’ve read in a very long time

      • SEnkey3 years ago

        I think a big take away is the line " they are just telling you they are going to do all the things the other services/platforms are pretending like they aren't doing".

        • Florian3 years ago

          It seems the EU is actually enforcing their regulations so those “pretending like they aren’t doing” will pay a price for that sooner or later

          • SEnkey3 years ago

            That is good news!