• A French regulator opened an investigation into Clubhouse over privacy concerns.
  • More than 10,000 people signed a French petition calling for the action.
  • CNIL, the watchdog, said it would decide whether GDPR applied to US-based Clubhouse. 
  • See more stories on Insider's business page.

The French data privacy regulator has started an investigation into Clubhouse's use of data under GDPR, the European data privacy and security law. 

The Commission Nationale de l'Informatique et des Libertés said in a statement it received a complaint before opening the investigation. CNIL said it had put questions to Alpha Exploration Co. Inc., the American owner of Clubhouse, on March 12.  

"User privacy and security are a top priority at Clubhouse. We are actively working with organizations in the EU on GDPR compliance and have been grateful for their support and partnership," a Clubhouse spokesperson said in an emailed statement.

The spokesperson added: "As we look to expand our U.S.-based operations into new regions, we will always aim to meet and exceed the data protection laws of all territories in which we operate."

The company behind Clubhouse, the buzzy, invite-only chat app, doesn't have a footprint in Europe. As a result, the first question the CNIL investigation hoped to answer was whether GDPR was applicable to the company, the watchdog said.

If GDPR wasn't applicable, the French government could step in and impose sanctions or fines on the company, if it was found to violate users' privacy. 

"If it was confirmed that the application published by this company does not comply with the GDPR, the CNIL may, if necessary, use its own repressive powers," said CNIL's statement, translated from its original French. 

Along with the formal complaint filed with the CNIL, the watchdog said it had taken notice of a French petition on the Sum of Us website that had topped 10,000 signatures. 

The petition called into question Clubhouse's use of phone contacts. 

During the sign-up flow for the app, Clubhouse asked for access to new users iPhone's contacts. Users could skip that step, but others who have uploaded their contacts could still locate users who choose not to share their contacts, as Vox reported. 

The petition said: "The app's appalling privacy terms mean that when new members invite a friend to join, the names and numbers of all their contacts are uploaded to a secret database — and possibly shared with third parties."

An almost identical petition in the UK had more than 25,000 signatures as of Saturday. It called for UK regulators to enforce privacy laws, putting "an end to this blatant violation of our private lives."

After CNIL announced its investigation, the French language version of the petition added a new note: "VICTOIRE!!!"