Preceding posts in this blog series covered Clubhouse’s privacy failures and how its app rollout signals to consumers that it doesn’t care about them or their privacy. This post provides a blueprint for how Clubhouse can begin to fix its weak privacy foundation.

Last week, Clubhouse reportedly had a data leak involving 1.3 million Clubhouse users, whose user IDs, names, photo URLs, usernames, social media handles, and other profile and account information were scraped and posted on a hacker site.

As a result of Clubhouse’s privacy failures, privacy advocates and regulators all over the world are scrutinizing the new audio-based social media platform. Here in the United States, privacy advocates have notified both the Federal Trade Commission and California Attorney General of Clubhouse’s privacy failures. Overseas, French and German regulators are investigating Clubhouse’s privacy practices, and UK privacy watchdogs are paying close attention.


But this shortsighted approach is counterproductive to scaling

We’ve seen the story before: social media app enjoys meteoric rise unfailingly followed by a slew of privacy and security failures. Clubhouse is no different: it rolled out its app to a global user base with little regard for privacy, if any. In a nutshell: Clubhouse collected people’s personal information even before they engaged with the app. It made doubtful claims that it anonymizes the personal information uploaded to its servers. It engaged in dark patterns to get users to give access to their contacts and their Twitter information. …


Clubhouse, the new audio-based social media app where users enter rooms to talk about anything they could possibly want, is gaining lots of attention. Part of its popularity comes from it being pegged as the next social media giant. Beyond the hype, its epic product privacy failures are what warrants scrutiny.

While social media platforms are notorious for their privacy failures, Clubhouse committed its own set at a time when consumer privacy sentiment is increasingly in favor of privacy. What’s more, big tech brands like Apple have been publicly championing privacy, recognizing that privacy has value beyond compliance. Research also…


Photo by Louis Velazquez on Unsplash.

Earlier this month, a bipartisan group of US Senate and House lawmakers introduced the Promoting Digital Privacy Technologies Act (S.224). Senators Cortez Masto and Fischer introduced the bill to the Senate, while Representatives Stevens and Gonzales introduced it to the House floor. It has been referred to the Senate Committee on Commerce, Science, and Transportation.

S.224 has serious implications on privacy innovation. As such, I’ve taken the time to review it, break it down, and provide recommendations on how to improve it.

What S.224 Says

S.224 is a bill about privacy enhancing technologies (PETs). …


As I teach my experiential Privacy & Technology course at Santa Clara Law’s leading privacy program this semester, certain privacy and technology terms and concepts come up. I previously wrote about the course here, here, and here.

One of my course goals is to introduce my students to common nomenclature intersecting privacy and technology, a step to bridging the legal-technical gap in this cross-functional space.

Thus, we’ve created this glossary, which we will be periodically updating throughout the semester.

Anonymization. Anonymization is the process of rendering data anonymous in such a way that the data subject is not or no…


Last week in my Privacy & Technology course at Santa Clara Law’s leading privacy program, we tackled privacy engineering. As some of you may know, I am teaching my experiential Privacy & Technology course this semester. I previously wrote about it here and here.

Given last week’s privacy engineering focus, who better to have as a guest lecturer than Michelle Finneran-Dennedy (Mdennedy), whose book, The Privacy Engineer’s Manifesto, is one of the texts we’re reading for class (along with Prof. Woodrow Hartzog’s Privacy’s Blueprint: The Battle to Control the Design of New Technologies). For folks who don’t know Michelle, she’s…


This year, I had a Data Privacy Day “first”: I celebrated it with a group of aspiring privacy practitioners in technology, my Privacy & Technology course students. As some of you may know, I am teaching my experiential Privacy & Technology course at Santa Clara Law’s leading privacy program this semester. I previously wrote about it here. We meet twice a week, and it turns out that our sixth class meeting fell on Data Privacy Day.

Quick background: Data Privacy Day commemorates Convention 108, which was signed on January 28, 1981 and is the first legally binding international treaty dealing…


A Santa Clara Law experiential privacy course that will prepare law students for privacy practice in tech

This week, I begin teaching (remotely given the pandemic) my Privacy & Technology course at Santa Clara Law’s leading privacy law program. This course has been eight months and hundreds of hours in the making, so I am very much excited and just ready to begin working with the students.

Course Objectives

My main objective in creating the course is to prepare students as privacy professionals in the tech sector. In addition, I want to introduce them to the nascent privacy tech landscape, which is near and dear to my heart. More practically, I want them to be able to identify and…


As part of my fellowship with Santa Clara Law’s leading privacy law program, I’m curating the Let’s Talk Privacy & Technology video series. Each episode features a privacy expert, practitioner, academic, or innovator. We discuss the intersection of privacy and technology, covering topics ranging from privacy engineering, privacy enhancing technologies (PETs), and data ownership, to data ethics, privacy tech, cybersecurity, and more. I publish episode notes in this blog, including this post dedicated to episode 7. Other episode notes are available in the Privacy & Technology publication.

Episode Description

I sat down with Carnegie Mellon University’s CyLab Security and Privacy Institute Director…


On PRAs, PIAs, DPIAs, TIAs, …

Privacy concerns have become increasingly top-of-mind for many stakeholders today. This is true not just for privacy advocates and privacy practitioners, but also for consumers, business customers, regulators, and the mainstream media.

As a long-time privacy practitioner, I can’t count the number of times I’ve heard a startup CEO, a product or business leader, an engineer, or an app developer admit, after suffering a privacy incident, that they simply failed to account for privacy in building their product, project, app, initiative, or system.

Privacy reviews solve for this lack of privacy foresight. They force…

lourdes.turrecha

Founder & CEO @PIX_LLC @PrivacyTechRise | Privacy & Cybersecurity Strategist & Board Advisor| Reformed Silicon Valley Lawyer | @LourdesTurrecha

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store