Privacy-friendliness of Audio-only applications
The COVID pandemic has fast-forwarded the technological evolution by at least a decade. To cater to the fast-growing needs during the pandemic and the shift to the work-from-home culture, many new applications have come up. A significant surge in the usage of video applications such as Microsoft Teams, Google Meet, and Cisco WebEx amongst another plethora of applications can be witnessed during this time period around the globe.
Video conferencing applications like Zoom have become a part of our lives as most of the official meetings and tasks take place on the application. Overusing the application can result in burnout and tiredness which is known as ‘Zoom fatigue’[i]. It was because of factors like zoom fatigue it was felt that there is a need for audio-only applications.
Due to the exclusivity of the Clubhouse application as invite-only, and because it initially was only available for iOS devices and excluded the Android devices which had a ~72% share in the smartphone marketplace, an Indian application created waves on the Internet. The Bengaluru-based application ‘Leher’ is similar to one that is being seen as an alternative and a desi version of the Clubhouse application.
About the applications
The clubhouse is an audio-only drop-in, easy-to-use application which lets people simply join any ongoing ‘live’ conversation or chat by an individual. The live-only and real-time are two main USPs of Clubhouse. Since it does not have a feature of video conferencing or recording, and even of sending any type of media, the app is unlike any other conferencing application – successfully solving the zoom fatigues.
Clubhouse being an audio-only application has no feature of video conferencing. It is being advertised as a platform to share ideas and interact. The application being an invite-only app can only be joined if another user invites a non-user to join the app. There is an Indian alternative to Clubhouse, called Leher. The idea behind the application is similar to Clubhouse. An added advantage of using Leher is that there is no need for an invite to join the application. Anyone can register and join the app and join any room of their choosing.
The creation of a shadow profile of a non-user is one of the biggest privacy concerns that has emerged. The practice of shadow profiling is what landed Facebook in trouble[vi]. During the Congressional Testimony, Mark Zuckerberg was questioned on creating shadow profiles of non-users. A shadow profile is a profile of a non-user of the platform.
In the Clubhouse app, after a user creates a profile, they have an option to invite two other people to the platform. As a part of the process, you have to give the application access to your personal contacts for you to invite people[vii]. By using this information clubhouse checks for the number of times a contact has appeared in other users’ contacts and creates a shadow profile of the people who have not even joined the app. This shadow profile of non-users includes name, number, and potential contacts[viii].
The amount of information that the company has of the people who even do not use the application is alarming as this information might be sold to third parties without the consent of the people who do not use the app.
Automatically collected data
Sharing and disclosure of personal data
Clubhouse also shares some personal data without further notice to their service providers and vendors as a part of their business. They mention that they are collecting information about the people’s accounts. Afterwards, the application provides a list of things for the purpose for which the information might be used. It can be safely assumed that the information might be used at the whims and fancies of the application.
A personal data breach is defined under Section 3(29) of the draft Personal Data Protection (PDP) Bill, 2019 (The bill is yet to be passed) as “any unauthorised or accidental disclosure, acquisition, sharing, use, alteration, destruction of or loss of access to, personal data that compromises the confidentiality, integrity or availability of personal data to a data principal.”
While the PDP bill (which has not been passed yet) defines personal data breach and has given guidelines regarding it, there is no mention of breach of third party’s data. To join the clubhouse app, they require the user to share their phone’s contact book which is an important part of registering. It also helps them to invite other people from the contact book to the platform. This process involves sharing that friend’s phone number which is a huge privacy breach, since even under European Union Laws, disclosure of personal data without the consent of the person whose data is given out, is unlawful.
Are Clubhouse and Leher complying with the draft PDP Bill, 2019?
Under this proposed legislation, Section 3(14) defines a data principal as an individual whose personal data is being processed. The Bill covers the processing of personal data by both the government and companies incorporated in India. It also governs foreign companies, if they deal with the personal data of individuals in India. Section 2(c) of the bill states that the provisions of the Bill will apply even when there is the processing of personal data by data fiduciaries and processors are not present within the territories of India if it’s in connection with a business being carried on in India and offering goods & services to data principals within India or in connection with any activity which involves profiling of data principals within the territory of India.
Under this proposed bill certain rights are given to users for their personal data. Under Sections 17 and 18 of the bill the user can seek confirmation on whether their personal data has been processed, they can seek correction, or erasure of their data, and restrict disclosure of their personal data. Any processing of personal data can be done only after taking consent from the data principal.
Applications like clubhouse have the potential to cause a major threat not only to a user’s privacy but also to the privacy of a non-user. The amount of information the application has even before a user makes an account is alarming. Tracking IP addresses and automatic storage of persons’ email is just the tip of the visible iceberg. Risks after joining such an application include giving away the phone numbers of all the people in your contact list and having all your private messages recorded where someone has access to them.
This article can be cited as:
Shambhavi Sinha and Siddhartha Misra, Privacy-friendliness of audio-only applications, Metacept- Communicating the Law, accessible at https://metacept.com/privacy-friendliness-of-audio-only-applications/.
[i] Jenna Lee, ‘A Neuropsychological Exploration of Zoom Fatigue’ (Psychiatric Times, 18 November 2020) <https://www.psychiatrictimes.com/view/psychological-exploration-zoom-fatigue> accessed 14 March 2021.
[ii][ii] Rashi Varshney, ‘[App Friday] This ‘Made in India’ alternative to Clubhouse is trending among Indian entrepreneurs’ (YOURSTORY, 12 February 2021) <https://yourstory.com/2021/02/app-friday-leher-made-in-india-alternative-clubhouse> accessed 14 March 2021.
[iii] Prasid Banerjee, ‘Viral Lockdown video apps Zoom, Houseparty under scrutiny for privacy violations’ (Mint, 1 April 2020) <https://www.livemint.com/news/india/viral-lockdown-video-apps-zoom-houseparty-under-scrutiny-for-privacy-violations-11585716642493.html> accessed 15 March 2021.
[v] Information Technology Act 2000, s 72.
[vi] Andrew Quodling, ‘Shadow profiles – Facebook knows about you, even if you’re not on Facebook’ (The Conversation, 13 April 2018) <https://theconversation.com/shadow-profiles-facebook-knows-about-you-even-if-youre-not-on-facebook-94804> accessed 15 March 2021.
[vii] Barry Collins, ‘Clubhouse: The Hot New Social Network Has Big Privacy Problems’ (Forbes, 10 February 2021) <https://www.forbes.com/sites/barrycollins/2021/02/10/clubhouse-the-hot-new-social-network-has-big-privacy-problems/?sh=3bbc4e65e4c3> accessed 15 March 2021.
[viii] Zen Chan, ‘Clubhouse And Its Privacy & Security Risk’ (Medium, 7 February 2021) <https://medium.com/technology-hits/clubhouse-and-its-security-risk-201526fd06d1> accessed 16 March 2021.
[x] Alexander Hanff, ‘Clubhouse – the next privacy nightmare you’ve never heard of’ (LinkedIn, 27 January 2021). <https://www.linkedin.com/pulse/clubhouse-next-privacy-nightmare-youve-never-heard-alexander-hanff/> accessed on 18 March 2021.