Connect with us

Hi, what are you looking for?



Zoom Expands Privacy Options for European Customers

New options allow paid Zoom customers to specify certain data for meetings, webinars, and team chat to be stored within the EEA.

Zoom expands EU data storage options

Zoom has announced a slew of data privacy features, developed in collaboration with the Dutch education and research organization SURF, for its European customers. 

The key element is the option for European Economic Area (EEA) data storage. Paid customers will be able to specify certain data for meetings, webinars, and team chat to be stored within the EEA. “This data will only be shared with US teams in individual cases and exceptional circumstances, such as with Zoom’s Trust & Safety team,” says the announcement.

Associated with this is a new European support team. “All support information will be processed within the EEA by local employees during normal business hours,” says Zoom.

A second important announcement is the availability of a tool to facilitate data subject access requests (DSAR). This allows, says Zoom, “administrators to easily reply to data subject requests for access or deletion of their personal data for Zoom Meetings, Webinars, and Team Chat.” This facility is an important part of GDPR and CCPA compliance, and relevant because the meeting organizer is the data controller for the meeting.

Personal data is any data that can be used to identify a user (such as a display name or email address). “Zoom’s Data Subject Access Request tool can delete personal data that customers have access to that is not part of any recordings or other content,” Zoom told SecurityWeek

“Zoom’s tool does not delete personal data within any recordings or other communication content that a host records that is hosted by Zoom,” continued the spokesperson. “Zoom maintains a separate feature for meeting hosts to manage recordings for local records – because those recordings are held on a local device, Zoom has no ability to delete them.”

It is important to note that Zoom is providing enhanced privacy features where it can for paid customers. But it cannot guarantee privacy for the communications content since this may be recorded by an attendee and stored anywhere outside of Zoom’s reach.

Advertisement. Scroll to continue reading.

Furthermore, said the spokesperson, “It’s also worth noting that the host account is the ‘data controller’ for the meetings. If you’re a European user joining a meeting hosted in the US, any data collected or shared in those meetings will follow the host account.”

Despite the limitations to what it can achieve, SURF is happy with the outcome. “We are pleased with the adjustments Zoom has made to its software as a result of our collaboration,” said Jet de Ranitz, CEO and chairperson of SURF’s board of directors. “With Zoom’s new privacy features and recent modifications, the company has showcased a commitment to European privacy standards.”

But privacy remains a complex issue for Zoom meetings. The firm is enhancing privacy options where it can for its paid subscribers – but meeting attendees must remain aware that the privacy of what they say at such meetings cannot be guaranteed.

And the potential effect of the UK’s Online Privacy Bill and EU moves toward similar ‘bans’ on end-to-end encryption (E2EE) remains to be seen. Zoom has an E2EE option, but European governments are demanding that law enforcement should have access to plaintext (which means it would no longer be E2EE). If these moves become law in Europe, the concept of privacy becomes moot.

SecurityWeek asked Zoom for its position. It replied, “Zoom is committed to providing robust global data and privacy protections, and seeks to comply with all applicable regulations in the jurisdictions in which it operates. We are waiting to see the final text of the proposed regulations and remain committed to supporting our users in the EU and UK.”

Related: Zoom Paid Out $3.9 Million in Bug Bounties in 2022

Related: Zoom Patches High Risk Flaws on Windows, MacOS Platforms

Related: Zoom for macOS Contains High-Risk Security Flaw

Related: Zoom Patches Serious macOS App Vulnerabilities Disclosed at DEF CON

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...


The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.