Clubhouse is a booming new social networking app that recently entered the Turkish market. It is an audio-only platform that allows users to listen and participate in live conversations in temporary chat rooms. Currently, it is the most downloaded social networking app in Turkey’s App Store, and its popularity is growing exponentially in other countries in which it has recently become available, such as Germany and Japan.[1]

Clubhouse partly owes this hype to its “invitation-only” growth strategy and public figures adopting the app early on.[2] Within a week of its launch in Turkey, Clubhouse has seen chat rooms filled with prominent academics, journalists, singers, and social media influencers.

Among its Turkish users, Clubhouse has also quickly become a platform for political participation and discussions. Members of the Turkish Parliament, political party leaders, and other prominent political figures have attracted large audiences within days of the app’s launch in Turkey.

The booming popularity of Clubhouse in Turkey has naturally placed it in the limelight. Questions regarding the application’s compliance with Turkish regulations have already been raised by a number of academics and public figures. Based on these preliminary discussions, this article will address the legal challenges the app faces in Turkey.

Complying with Turkey’s Personal Data Protection Law

It is no surprise that a booming social networking application like Clubhouse will sooner or later come under the scrutiny of authorities in countries with strict data protection regulations. In fact, such a compliance risk has already been signaled in Germany by the Federation of German Consumer Organisations when it issued a cease-and-desist letter against Clubhouse for the app’s alleged violations of GDPR.[3]

While it provides less protection to data subjects compared to the European Union’s GPDR, Turkey’s Personal Data Protection Law (Law no. 6698) also requires a sound strategy of regulatory compliance. Turkey’s Data Protection Board, the administrative body that oversees the implementation of Law no. 6698, may exercise particularly close scrutiny and consider issuing administrative fines on the following features of Clubhouse:

  1. Address book access: Clubhouse accepts new users through invitations from existing users. If a person wants to join Clubhouse, they must grant access to their phone’s address book, unless they have a personal invitation.

This model of scaling is problematic from a privacy point of view. The app leaves its users almost no choice other than to grant access to their address book. Such access means that Clubhouse may be in the position of collecting the personal data of individuals who have not given Clubhouse any consent in this regard but happen to have their number saved in a new user’s address book.

This issue poses an imminent risk to Clubhouse since in 2014, in a similar scenario, the German Federal Court of Justice found that Facebook had violated Germany’s consumer protection laws due to its Friend Finder tool, which let users import their address books to find friends on Facebook.[4]

  1. Handling of Personal Data: Clubhouse is a free application that does not display any ads. This has raised a number of concerns among its users who questioned the company's monetization model – is Clubhouse making money from my data? The answer is no. The company has announced that it is currently testing different monetization models, and the three main models they are working on are tipping, tickets and subscriptions.[5]

Though Clubhouse may not be in the “data dealing” business, it still has to handle user data with utmost care. A closer look into the app’s privacy policy reveals that there is significant room for improvement, and certainly, tailor-made approaches are necessary for compliance with data protection rules in different jurisdictions, including Turkey.

For example, under Turkey’s Law no. 6698, personal data on, inter alia, religious affiliation, racial, and ethnic background are classified as sensitive data, and unlawful collection of such data has severe consequences under the Turkish Penal Code (Law no. 5237), including up to six years of imprisonment. This may pose a risk to Clubhouse because in its current form the app suggests that users join clubs based on faith and identity immediately after they sign up.

  1. Recording Conversations: Clubhouse has built its hype on the premise that users cannot record conversations; every conversation is live and “in the moment”. However, while users cannot record conversations, Clubhouse itself can.

The app’s current privacy policy states that users’ audio data is collected temporarily while the room is live, and this data collection is “solely for the purpose of supporting incident investigations.” Whereas if a user reports a trust and safety violation, then Clubhouse retains the audio data until the investigation is complete.

Although this practice in itself can be justified as a legitimate form of personal data processing under Turkey’s Law no. 6698, Clubhouse enters risky territory when it comes to the transfer of this data abroad.

  1. Data Transfer: Article 10 of Clubhouse’s privacy policy reads as follows: “By using our Service, you understand and acknowledge that your Personal Data will be transferred from your location to our facilities and servers in the United States, and where applicable, to the servers of the technology partners we use to provide our Service.”

The above article is entitled “International Users”. This title gives us a hint regarding the perspective in which Clubhouse’s privacy policy was drafted – it is very much U.S. focused as Clubhouse is based in California. However, this rule falls quite short of complying with Turkey’s data protection legislation.

Article 9 of Turkey’s Personal Data Protection Law exhaustively lists in which cases personal data of users from Turkey can be transferred abroad, these are:

  1. With the express consent of users,
  2. Transfer to a safe country to be announced by Turkey’s Data Protection Authority, or
  3. With the data controller’s written commitment to provide sufficient protection and approval of this commitment by Turkey’s Data Protection Authority.

Based on the above, it is evident that the current data transfer policy of Clubhouse does not meet the minimum standards in Turkish legislation and needs significant amendments.

Appointing a Local Representative as per Turkey’s Recent Social Media Law

In 2020, Turkey amended its law regulating internet publications (Law no. 5651), which now requires social network providers to designate a representative in Turkey. It is important to note that this obligation is only imposed on social networking platforms with daily access of more than one million, which means that Clubhouse most likely does not yet fall under this scope. However, considering its booming popularity and media attention in Turkey, it will not be too long until Clubhouse reaches this threshold.

In such an eventuality, should Clubhouse fail to designate a local representative after reaching the one million daily access threshold, it will face significant sanctions. These sanctions are structured in a system of five tiers, with the initial tier being an administrative fine of TRY 10 million (approx. EUR 1 million) that would be levied on the app after a month of non-compliance. The second tier of sanctions is another administrative fine of TRY 30 million (approx. EUR 3 million) to be levied in the event that non-compliance has continued for a further month.

These administrative fines would be followed by the prohibition of Clubhouse’s advertising in Turkey and the final two tiers of sanctions include a 50% and up to 90% restriction of Clubhouse’s bandwidth, respectively, which would render the app practically inaccessible from Turkey.

While this sanctions regime is clear, what is not clear is how social networking platforms will balance compliance with this domestic regulation and the right to freedom of expression on the internet – a right that is guaranteed under the Turkish Constitution and international human rights treaties ratified by Turkey such as the ICCPR[6] and ECHR[7]. Therefore, whether to designate a representative in Turkey is a major public policy decision for Clubhouse with implications beyond Turkish borders, which is why this decision should not be taken lightly.

Moderation of Dangerous Speech on Clubhouse

Clubhouse’s early growth coincides with the pandemic, which could be one of the main reasons for the app’s sudden meteoric popularity – people have been longing for connection, and authentic conversations and Clubhouse provides just that. But Clubhouse’s growth also coincides with a challenging era of online misinformation. While social media companies that have long been around have come to realize the importance of content moderation on their platforms, or the lack thereof, Clubhouse has had a bumpy start in tackling this issue.[8]

Though after this bumpy start, Clubhouse has acknowledged the importance of content moderation and creating a safe space for users now that “users can report violations [of the Terms of Service or Community Guidelines] in real time directly from the room, which triggers an investigation from the Clubhouse Trust and Safety team.”[9]

However, this is easier said than done for Clubhouse since moderating free-flowing live conversations is much harder than on platforms based on text and images, like Twitter and Instagram.

Overall, content moderation is a global policy issue for Clubhouse and not exclusive to the Turkish market. With that said, like other countries, Turkey comes with its own prevalent forms of dangerous speech, such as terrorist propaganda, and Clubhouse should take these domestic and regional nuances into account when moderating content.

In addition to content moderation issues, due to the fact that it has the ability to retain audio data for the purposes of incident investigation, Clubhouse may find itself on the receiving end of requests from Turkish authorities regarding complaints made against individuals. Similar to requests received by other social network providers, such requests may focus on allegations of speech that constitute a crime under Turkish laws.

Conclusions

For a social media platform like Clubhouse that operates in different countries and regions, there is no one-size-fits-all approach to regulatory compliance and other legal risks. Of course, some of the issues discussed in this article, such as data protection compliance and content moderation, are global in nature.

However, the solutions are often local. This is why Clubhouse should adopt a broader and context-dependent perspective in facing such legal challenges and leave its U.S.-centric perspective behind. To this end, it is clear that operating in Turkey means creating tailor-made legal solutions for Clubhouse.