Alpha Exploration – €2,000,000 Fine (Italy, 2022)

€2,000,000Garante per la protezione dei dati personali6 October 2022Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Alpha Exploration, the company behind Clubhouse, was fined EUR 2 million by the Italian data authority for several GDPR violations. They mishandled user data by sharing it without consent and failed to inform users properly. This case shows the need for social networks to be transparent and secure with user data.

What happened

Alpha Exploration shared user data without consent and failed to inform users about data processing practices.

Who was affected

Users of the Clubhouse social network whose data was shared and stored without proper consent.

What the authority found

The authority found multiple GDPR violations, including lack of transparency and unauthorized data sharing, and ordered corrective measures.

Why this matters

This fine emphasizes the need for social networks to ensure transparency and obtain valid consent for data use. Companies should review their data handling practices to avoid similar penalties.

GDPR Articles Cited

AI-verified

Art. 6 GDPR
Art. 7 GDPR
Art. 13 GDPR
Art. 14 GDPR
Art. 28 GDPR
Art. 32 GDPR
Art. 35 GDPR
Art. 5(1)(a) GDPR
Art. 12(1) GDPR
Art. 27(4) GDPR
View original scraped data
Art. 5(1)(a) GDPR
e)
f) GDPR
Art. 6 GDPR
Art. 7 GDPR
Art. 12(1) GDPR
Art. 13 GDPR
Art. 14 GDPR
Art. 27(4) GDPR
Art. 28 GDPR
Art. 32 GDPR
Art. 35 GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll Alpha Exploration actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 2 million on Alpha Exploration. Alpha Exploration operates the social network Clubhouse. In the course of its investigation, the DPA found numerous violations of the GDPR. For example, the DPA found that there was a lack of transpanency regarding the use of users' data and their chat contacts. In addition, users of the network were able to store and share audio messages from other users without their consent. Moreover, account information was shared with unauthorized third parties without a valid legal basis. In addition, the company failed to define retention periods for personal data. Also, the company failed to provide users with sufficient information about numerous aspects of the processing of their personal data and had not implemented sufficient technical and organizational measures to protect personal data. Finally, the DPA found that the company failed to conduct a data protection impact assessment. At the end of the investigation, the DPA not only imposed a fine but also ordered a number of measures to be taken by the company. For example, the company must define retention periods and introduce a function that informs users that their chats are being recorded.

Related Enforcement Actions (0)

No other enforcement actions found for Alpha Exploration in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

6 October 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€2,000,000

Enforcement Tracker ID

ETid-1511

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Alpha Exploration - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: