Alpha Exploration Co. Inc. – €2,000,000 Fine (Italy, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Italy fined Alpha Exploration Co. Inc. EUR 2 million for mishandling user data on its Clubhouse app. The company failed to protect user data and didn't comply with GDPR rules, like having an EU representative. This case shows the importance of following privacy laws when offering services in the EU.
What happened
Alpha Exploration Co. Inc. was fined for not properly managing user data on its Clubhouse app, including failing to appoint an EU representative.
Who was affected
Clubhouse users in the EU who had their personal data processed without proper safeguards.
What the authority found
The Italian authority found that Alpha Exploration Co. Inc. violated GDPR by not having a valid legal basis for processing user data and lacking an EU representative.
Why this matters
This case highlights that companies outside the EU must comply with GDPR when offering services to EU users. It serves as a warning to businesses to ensure they have proper data protection measures and representation in the EU.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Since 2020, the US company Alpha Exploration Co. Inc. (the controller), has offered and operated the social network Clubhouse. The social network is based exclusively on voice interactions that take place in conversation rooms. Users can choose to open a thematic room or enter another person's room as a listener. From January 2022, using the platform's new features Clips & Replays, users can (i) store and record also part of the conversations on the platform and (ii) share the same recordings with third parties. On the basis of profiling activities, Clubhouse allows other users to find people who may have a common interest or connection. In addition, Clubhouse collects contact data from the address book of its users' devices. This collection would allow users to connect with people they know, and to invite friends to join them on Clubhouse. Following press reports that revealed the existence of several problems with the way personal data were processed by the controller, the Italian DPA opened an ex officio investigation. The DPA also received a report highlighting a number of critical issues of Clubhouse relating to security, the exercise of data subjects’ rights, the lack of an EU representative, profiling activities, and the retention of personal data. On the basis of the information gathered, the DPA informed the controller a number of violations that the DPA had found following a first assessment on the matter. The DPA started by considering whether it was competent to make a decision regarding the controller's processing activities. The DPA considered that the conditions for applicability of the GDPR set out in Article 3(2)(a) GDPR were met since the controller offered its services to data subjects in the EU. The DPA claimed jurisdiction on the basis of Article 55(1) GDPR because Clubhouse (i) was operated by a company that had no establishment in the EU and (ii) constituted cross-border processing of personal data within the meaning of Article 4(1)(23) GD
Related Enforcement Actions (0)
No other enforcement actions found for Alpha Exploration Co. Inc. in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
6 October 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€2,000,000
GDPRhub ID
gdprhub-5509About this data
Cite as: Cookie Fines. Alpha Exploration Co. Inc. - Italy (2022). Retrieved from cookiefines.eu
Last updated: