IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Audacity privacy update sparks 'spyware' criticism

Users’ personal data will be shared with its parent company’s main office in Russia

Open source audio editor Audacity's latest privacy policy update has sparked outrage as users vehemently oppose to having their data potentially shared with law enforcement.

The update, which was announced on 2 July, states that Audacity may collect "data necessary for law enforcement, litigation and authorities’ requests (if any)".

Although data is stored on “servers in the European Economic Area (EEA)” and is protected by GDPR, the new update states that users’ personal data will be shared with its parent company Muse Group’s main office in Russia as well as its “external counsel in the USA”.

Users of Audacity took to Twitter to express their outrage, with one asking: “Wait what? Why is the most robust and widely used free audio recording software collecting personal data and sending it to [expletive] Russia? What the hell is going on?”.

Others have branded the software as “spyware”, with calls to delete the app or disconnect it from accessing the internet.

However, according to DPO and infosec lawyer Whitney Merrill, “nothing about this is unusual”.

“Updates - responding to [law enforcement] requests [and] sale of company language - here are misunderstood. But it’s a good example of why you need to thoughtfully explain data processing in policies: people will assume the worst,” she said, adding that most other privacy policies use “the same language”.

Related Resource

Owning your own access security

The key to building strong cloud security and avoiding the risk of vendor lock-in

Whitepaper front coverDownload now

Merrill also addressed another point of concern in Audacity’s new privacy update, which states that the app is “not intended for individuals below the age of 13”.

“This is because of COPPA (Children’s Online Privacy Protection Act),” she said on Twitter, referring to United States federal law which aims to protect children’s data by requiring companies to label their websites as 13+ to start collecting minors' personal information. 

“You have to include this to make clear you don’t intend to collect data from children subjecting you to COPPA,” added Merrill.

In a statement on GitHub, Muse Group's head of strategy Daniel Ray said that the company believes that users’ “concerns are due largely to unclear phrasing in the privacy policy”, which the company is “now in the process of rectifying”.

However, many users remained unconvinced, with some taking advantage of the software’s open source capabilities to create “a fork that removed all those features”.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Most Popular

Open source packages with millions of installs hacked to harvest AWS credentials

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022
16 ways to speed up your laptop

16 ways to speed up your laptop

13 May 2022
Microsoft finally adds Power BI integrations to PowerPoint and Outlook
business intelligence (BI)

Microsoft finally adds Power BI integrations to PowerPoint and Outlook

25 May 2022