Interrupted transmission- zooming in on video conferencing privacy policies

Apr 02, 2020

The outbreak of the SARS-CoV-2 pandemic has forced many people to work from home. Video conferencing tools and other remote means of communication make this possible, transforming our homes into our offices. They also help keep us connected with friends and family, regardless of where they are.

Video conferencing tools literally open a lens into our homes. The personal and professional spheres are increasingly merging. We phone with our parents and children, discuss business strategy with our colleagues, and perhaps relax with our yoga teacher after work, following her flow in front of our screen.

While we appreciate how video conferencing tool providers facilitate all this, the intimacy they permit calls for an equally intimate look into their compliance with EU data protection law. We zoomed in on the privacy policies of six tools: Zoom, Webex Meetings (Cisco), Meeting (LogMeIn), Skype and Teams (both Microsoft), and Wire.

While the video quality of the investigated tools may often be crystal clear, and the user interfaces well-thought out, the service providers’ privacy policies do not meet this standard. Static in the form of “may” or “might”, “as necessary”, or “as required by law” cloud the picture. Sometimes whole parts are missing, such as information about basic GDPR rights. Finally, poor structure makes accessing the available information challenging.

Video conferencing providers need to work on meeting their information obligations under the GDPR.

Read the full report here

Update (13 April 2020): revised the evaluation from red to yellow for Zoom for the element "Recipients or categories of recipients of the personal data".

Uploads