FYI I sent an email to Roon on Sunday inviting them to follow up on the questions raised in this thread, but I haven’t heard back yet.
1 Like
I hope you haven’t been holding your breath.
Haha no.
I did hear back from them, but no answers to my questions so I have posed them yet again. Since the point of this thread is to hear what the company says and not what some forum rando thinks, I won’t parrot their response if I get one but urge them to share it here.
3 Likes
Quick update which is really no update at all: Still waiting for a reply, one week after my last e-mail.
Two weeks since my last e-mail and coming up on three weeks since their last.
Here’s what I wrote:
Hi Kevin,
Thanks for getting back to me.
As you see from my thread in your forum, my concern is tied to the practice you have of collecting logs containing personal data without the customer knowing that you are doing it. This is concerning because it suggests that:
-
Roon to some unknown extent can fetch personal data from each and every Core without the customer knowing
-
there are open communication channels between the Core and Roon which can be compromised
-
Roon deals with personal data in a bigger scale (considering the potential for 24/7 access) than the Privacy policy suggests
In the thread I asked three questions:
-
how does Roon pull the logs? Does it happen in a secure way?
-
what regulations are in place to avoid the misuse of this data by actors internal or external to Roon?
-
is this practice and its implied consequences admissible within the framework of the GDPR?
This has not been addressed in the forum yet (not by Danny either) and for your information there are a handful of other users there who are hoping for an official answer.
5 Likes
Hopefully you will receive an answer soon.
1 Like
Thanks. I agree. I haven’t heard from them since before 21 October, which is when I sent the e-mail copied above. That’s four weeks ago. I’ve sent reminders about once a week since.
I’m honestly baffled if they think this is acceptable customer service.
1 Like
Out of interest, why is the information contained within their privacy policy insufficient for your specific needs @Hestepare? I genuinely ask, as for me personally it seems OK and there is plenty of information on this forum to fulfil my requirements. But that’s me …, so what are your particular circumstances / reasoning? What are your next steps if any - would you cease using Roon for example? You are pushing and pushing with this topic, so it would be useful for people to understand your motivation.
2 Likes
Sure Oliver, I can reiterate.
In the first post of this thread I linked to another thread in which Roon said explicitly that they can at any time “pull” personally identifiable data from any user at any time, without the user even knowing. This they do in order to save time on support, which in itself is a good idea.
However, the fact that they can pull this data at will, and the fact that this data is personally identifiable, as well as the fact that it contains information about stuff like the user’s home network enviroment, is not mentioned in the Privacy policy, which you can read here:
https://roon.app/en/privacypolicy
Therefore, I am asking Roon whether this is all done in a secure manner, and to make it more specific, I am wondering if they have thought about this in terms of the GDPR regulations as these fairly concretely limit how personally identifiable data should be accessed, used and stored.
@Jim_F rightly notes that @danny has written two responses in this thread, but both his responses misinterpret the GDPR’s definition of “personal data” (even though he actually links to the EU commision’s web page on the topic). He writes:
But in the link he provides, the definition is rather different:
Personal data is any information that relates to an identified or identifiable living individual .
@DaveN showed here that there is a lot of such information in the logs, which means that even if @danny has responded, these responses are not answers to my questions.
At this point, the question is why Roon won’t simply answer “hey guys, it’s all OK, we promise, but because of reasons we can’t tell you how” or whatever is very strange to me. In fact they answer nothing at all. What motivates this silence?
If Roon isn’t following the GDPR regulations, that means that users are less protected than they should be by law. That can be solved, and the company would be better off if it was.
If Roon is following the regulations, then all is well and a quick note in this thread or a response to the e-mail I sent four weeks ago would be welcome.
So what’s at stake here? I find it curious that the company seems unwilling to answer whether they are operating lawfully. I find it baffling that they provide no answer at all.
3 Likes
What is your intent?
I would be repeating myself.
If you don’t like the thread you can read something else maybe? ‡
‡ This was a response to a now redacted suggestion to move on.
4 Likes
Thank you for responding to my post with your summary of the interaction to date Hestepare. You did not really answer my questions however, particularly in regard to your motivation. I also asked what your personal reasons / circumstances are in regard to this, what are your next steps - i.e. would you stop using Roon if you are not satisfied?
If you could provide this background, I believe it would help. Thanks.
I’m not sure what you think that would help?
It will provide context. Thanks.
I fear you may go in to overdrive now with Harman/Samsung taking over…. 
I can see how that might be interesting to some, but this is about the principle of the thing.
Haha. To the contrary, these guys can’t ignore stuff like GDPR so in this regard I’m more optimistic now.
4 Likes
Interesting maybe but more so contextual to understand your motivation, as previously stated / queried.
However, you have now alluded that it is about the principle for you. On that basis, noting your current position with this, I guess one of my earlier questions is now more relevant than ever - will the principle dictate that that you must abandon the Roon platform given you are unfulfilled with the information provided? Otherwise this thread has just become nothing more than a diatribe of pedantic hot air.
I didn’t mean to allude anything, I meant to be explicit that my issue with this is about the principle. A law exists that ensures some users some rights, and my question has been whether Roon follows this law. If you read back I think you will find that I have been pretty consistent.
You are saying that you don’t find this thread interesting unless it’s about my person, which I find flattering but unfortunately it misses the entire point.
That’s fine Hestepare, I was trying to encourage you to be specific, so poor choice of word on my part, but we got there in the end - it is indeed about the principle, as you say!
So you quoted me above on the question I put to you, but then went off on a tangent. So my question remains unanswered - what are your thoughts?
In regard to your tangent and whether I find the thread interesting - of course!, albeit personally I was satisfied with the level of response provided by Roon at that point. You are not and that’s fine; I have merely been trying to understand your motivation and your context, which I think we will all now be a little clearer on.
It is about the principle, and that’s what it is. But I can offer a reflection: If Roon (before the acquisition) had messed up GDPR compliance, that could be make or break for them: What are the GDPR Fines? - GDPR.eu
Then nobody would be able to use Roon.
After a little over five weeks of silence, I got a reply that gave little confidence that GDPR is a handled issue for Roon. Let’s hope the new owners take this seriously. I expect them to.
3 Likes