Alpha Exploration: Non-compliance with general data processing principles

The Italian DPA has imposed a fine of EUR 2 million on Alpha Exploration. Alpha Exploration operates the social network Clubhouse. In the course of its investigation, the DPA found numerous violations of the GDPR. For example, the DPA found that there was a lack of transpanency regarding the use of users' data and their chat contacts. In addition, users of the network were able to store and share audio messages from other users without their consent. Moreover, account information was shared with unauthorized third parties without a valid legal basis. In addition, the company failed to define retention periods for personal data. Also, the company failed to provide users with sufficient information about numerous aspects of the processing of their personal data and had not implemented sufficient technical and organizational measures to protect personal data. Finally, the DPA found that the company failed to conduct a data protection impact assessment. At the end of the investigation, the DPA not only imposed a fine but also ordered a number of measures to be taken by the company. For example, the company must define retention periods and introduce a function that informs users that their chats are being recorded.

GDPR Articles: Art. 5 (1) a), e), f) GDPR, Art. 6 GDPR, Art. 7 GDPR, Art. 12 (1) GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 27 (4) GDPR, Art. 28 GDPR, Art. 32 GDPR, Art. 35 GDPR
Industry: Media, Telecoms and Broadcasting