Having seen the take on the @joinClubhouse breach by self-styled GDPR 'experts' I'm reminded of this.

If Clubhouse is saying there's no breach, nothing to see here, move along now, then I hope that's based on good legal advice. What measures did Clubhouse have to prevent abuse
of the API and that was allegedly used to facilitate the bulk download of user data that included user_id; name; photo_url; username; twitter; instagram; num_followers; num_following; time_created; invited_by_user_profile

Was all of this data expressly made public by users in
the expectation that it would be made available by @joinClubhouse for download en-masse via an API? I mean it's not declared on the App Store or in the Clubhouse Privacy policy.

Did @joinClubhouse authorise the access and download or was it unauthorised @joinClubhouse ?
and remember YOU may not have joined @joinClubhouse but that does NOT mean they don't have YOUR data.

"If you choose to upload, sync, or import device information to Clubhouse (such as contacts in your address book), we may use this information to enhance your experience in
various ways, including, but not limited to, notifying you when a contact has joined the waitlist or the Service. "

"In addition, other users who have your contact information and have chosen to upload, sync, or import it from their device may be notified of when you join our
Service (e.g., so they can join your “welcome room”); they may be able to know the number of people on the Service who have your number in their uploaded contacts, so that they can choose to invite people with many friends already on the Service."

ANNNNNDDD
"Finally, may we use your list of contacts (if you choose to provide us with access to them) to recommend other users you might want to follow and to recommend your account and content to others"

If @joinClubhouse so easily dismisses concern over the current breach why should
anyone trust em with their data ... I wouldn't ..

But also what of the privacy of others? I hope MY DATA has not been uploaded if I'm in your contacts .. I won't be impressed if they have been.
I also cannot find that @joinClubhouse aka Alpha Exploration Co Inc has appointed an EU GDPR representative. It's possible they've had legal advice that Art 27 doesn't apply to them. In fact perhaps they think the GDPR doesn't apply per se ... cos that privacy policy 🤔
You can follow @PrivacyMatters.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: