Clubhouse app violations

Clubhouse app faces court action in Germany over serious failings under data protection and consumer law

Germany’s largest consumer protection organisation calls on Clubhouse operator Alpha Exploration Co. to cease and desist from illegal business practices and data protection violations

According to a statement by the Executive Director of the Federation of German Consumer Organisations (vzbv) on Twitter, the California-based company Alpha Exploration Co. is accused of the following consumer law and data protection violations:

No “imprint”

In e-commerce, the obligation to publish an Impressum – a form of legal notice – under Section 5 of the German Telemedia Act (Telemediengesetz, TMG) is designed first and foremost to protect consumers. It is essential that they are informed about a service provider. Only with this information can they check whether the provider is trustworthy and assert any contractual or tort claims – but also their right to information under data protection law.

Platform terms and privacy notice in English language only

Although the company’s platform is also geared towards the German market, its terms of service are only available in English, which is a violation of German and European consumer protection law.

Note: in a lawsuit filed by the vzbv against WhatsApp back in 2016, the Berlin Kammergericht ruled that a company that only makes its T&Cs available to German users in English is acting “in a non-transparent manner that disadvantages all consumers in a breach of good faith”. Foreign-language T&Cs do not apply to German-speaking users.

Serious violations of data protection law

It is not yet clear exactly which violations are alleged in this case. Even so, an examination of the app reveals a lack of appropriate data protection notices, which would be required under the GDPR and the TMG. In addition, the fact that the app requires users to upload their address books has attracted public criticism, as has the claim that Clubhouse could use the contact information obtained in this way for advertising purposes.

Note: courts already banned social media platforms from requiring users to upload their address books years ago, as this was deemed a violation of consumer protection rules. It was also following a complaint by the vzbv that the German Federal Supreme Court (Bundesgerichtshof, BGH) ruled against Facebook’s Friend Finder tool back in 2016.


If the company does not undertake to cease and desist from the business practices complained of and, in particular, does not issue a cease-and-desist declaration with a penalty clause, the vzbv will take legal action against it. In addition, the severe data protection violations mean that the company not only risks lawsuits from consumer protection groups, but also sanctions from data protection authorities under the GDPR.

Originally posted on JDSUPRA

Image by William Krause on Unsplash

Share on facebook
Share on linkedin
Share on twitter
Share on pinterest
Share on print
Share on email

Latest Blog Posts

dpa gdpr

Data Protection Authorities (DPA)

Data Protection Authorities (DPA) Data Protection Authorities (DPA) are independent public authorities that supervise, through investigative and corrective powers, the application of the GDPR. They

Read More »

Zpracovává vaše společnost osobní údaje?

Zpracovávat vaše společnost osobní údaje fyzických osob, jako jsou:

  • Údaje zaměstnanců, zákazníků, uchazečů o zaměstnání nebo pacientů včetně:
    • Jméno nebo osobní identifikační číslo
    • Kontaktní údaje (e-mailová adresa, telefonní číslo, adresa)
    • Bankovní údaje, plat, údaje o pasu nebo jiné osobní údaje


Ar Jūsų įmonė renka ir tvarko fizinių asmenų asmens duomenis? 

Asmens duomenys gali būti:

  • Kliento, darbuotojo. paciento, kandidato į darbo vietą ir kt. 
    • Vardas ar asmens  numeris 
    • Kontaktinė informacija (el.pašto adresas, telefono numeris, adresas ir kt)
    • Banko sąskaitos  duomenys, atlyginimo dydis, paso duomenys ar bet kokia kita asmeninė informacija. 

Onko yrityksessäsi enemmän, kuin 250 työntekijää?

Kas teie ettevõte kogub ja töötleb isikuandmeid?

Kas teie ettevõte kogub ja töötleb füüsiliste isikutega seotud andmeid nagu näiteks:

Töötajate, klientide, tööle kandideerijate, patsientide:

  • Nimi, isikukood
  • E-posti aadress, telefoninumber, kodune aadress
  • Pangakontonumber, palgasumma, krediitkaardiandmed või mõnda muut tüüpi isiklikud andmed

Does your company collect any personal data?

Does your company collect and process any personal data of natural persons such as:

  • Employees, Customers, Job Applicants or Patients including:
    • Name or personal ID number
    • Contact details (Email address, Phone number, Address)
    • Bank details, Salary amounts, Passport details or any other personal data