Audacity Controversy continues with newly published Privacy Notice
The last couple of months have been anything but pleasant for the new owners of the open source audio editor Audacity. It all began in May 2020 with news that Audacity was acquired by MuseGroup; what acquired meant exactly was not made clear back then, considering that Audacity was an open source project.
- Data is not sold or shared with third parties.
- The only data that is collected is the IP address, pseudonymised and "irretrievable after 24 hours", basic system info, and error report date if enabled by the user.
- Personal data refers to the IP address.
- Only data mentioned above may be handed over to law enforcement, and only if compelled by a court.
Tip: check out our Audacity alternatives here.
Also in May of the same year, plans to add Telemetry to Audacity were introduced on GitHub. These plans were dropped a week later because the move was criticized highly.
An update to the Desktop Privacy Notice was published in July 2021, and it too is generating uproar. The note lists the data that Audacity is collecting as well as the reason for collecting the data, with whom the data is shared and under which circumstances, how the data is protected, and how it is stored and deleted.
The following data is or may be collected by Audacity:
- App Analytics and App Improvements:
- OS version
- User country based on IP address
- OS name and version
- Non-fatal error codes and messages (i.e. project failed to open)
- Crash reports in Breakpad MiniDump format
- For legal enforcement
- Data necessary for law enforcement, litigation and authorities’ requests (if any)
The "legal enforcement" data collecting part of the Desktop Privacy Notice is vague, as it does not list the data that Audacity may provide for "law enforcement, litigation and authorities’ requests". It is unclear why it is not listed. While it is clear that a company does not know which data law enforcement may request, a list of information that Audacity collects or may collect could be listed there.
Another paragraph that is seen as problematic is 7.1 Data storage and transfers of data. Audacity data is stored on servers in the European Economic Area according to the paragraph, but personal data may be shared occasionally with the group's main office in Russia and the group's external counsel in the United States.
Controversy surrounding the new project owners of Audacity continues. It should be clear by now that any changes made that may affect user privacy are under scrutiny, especially if they are vague or may reduce the privacy of users.
The undefined data that Audacity may collect for law enforcement purposes falls into the category. The transferring of data to Russia or the United States is also problematic from a privacy point of view.
Now You: what is your take on the privacy note?Advertisement