If you are someone who has worked with audio or music in the past, then you must be familiar with Audacity. The free audio editing software has been around for 21 years and on 30th April it was acquired by Muse Group, who promised that it will remain free and open source forever.
However, it looks like Muse Group has decided to make money through data harvesting as the company updated Audacity's privacy policy on July 2. The new updated privacy policy will allow Muse to collect and sell data of Audacity users. The data will include OS version and name, IP Address, CPU, non-fatal error codes and messages and crash reports. While most of it is standard, what concerns everyone is the vague message- "Data necessary for law enforcement, litigation and authorities’ requests". This statement does not specify what exactly the company will collect for law enforcement/litigation requests.
Furthermore, the policy also says that the data will be shared with staff members", "any competent law enforcement body, regulatory, government agency, court or other third party", and "our auditors, advisors, legal representatives and similar agents". Again, this is standard stuff that is mostly required for compliance as well as for debugging the software. However, the last point says that the data can be shared with "a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition". This is something that a lot of people are not happy with as it gives the company a blanket permission to sell data without notifying the user.
Lastly, the company also notes that the data will be stored on "servers in the European Economic Area (EEA)" but it will occasionally share "personal data with our main office in Russia and our external counsel in the USA." As you would expect, the ability to transfer data to Russia has angered a lot of users.
As a lot of users point out, adding telemetry to Audacity is border-line illegal in countries that follow General Data Protection Regulation (GDPR) that prohibits companies from collecting data from children under 16 years.
Daniel Ray, head of Muse has issued a clarification and blamed bad wording for the confusion. He noted that Muse is working on improving the wording of the policy.
We do understand that unclear phrasing of the Privacy Policy and lack of context regarding introduction has led to major concerns about how we use and store the very limited data we collect. We will be publishing a revised version shortly.
Furthermore, he also reminded users that the current version 3.0.2 is free of any data collection or telemetry and that the new privacy policy will come into effect starting from the version 3.0.3 update. You can get the current 3.0.2 version of Audacity for free here.
45 Comments - Add comment