Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Zoom Expands Privacy Options for European Customers

New options allow paid Zoom customers to specify certain data for meetings, webinars, and team chat to be stored within the EEA.

Zoom vulnerabilities

Zoom has announced a slew of data privacy features, developed in collaboration with the Dutch education and research organization SURF, for its European customers. 

The key element is the option for European Economic Area (EEA) data storage. Paid customers will be able to specify certain data for meetings, webinars, and team chat to be stored within the EEA. “This data will only be shared with US teams in individual cases and exceptional circumstances, such as with Zoom’s Trust & Safety team,” says the announcement.

Associated with this is a new European support team. “All support information will be processed within the EEA by local employees during normal business hours,” says Zoom.

A second important announcement is the availability of a tool to facilitate data subject access requests (DSAR). This allows, says Zoom, “administrators to easily reply to data subject requests for access or deletion of their personal data for Zoom Meetings, Webinars, and Team Chat.” This facility is an important part of GDPR and CCPA compliance, and relevant because the meeting organizer is the data controller for the meeting.

Personal data is any data that can be used to identify a user (such as a display name or email address). “Zoom’s Data Subject Access Request tool can delete personal data that customers have access to that is not part of any recordings or other content,” Zoom told SecurityWeek

“Zoom’s tool does not delete personal data within any recordings or other communication content that a host records that is hosted by Zoom,” continued the spokesperson. “Zoom maintains a separate feature for meeting hosts to manage recordings for local records – because those recordings are held on a local device, Zoom has no ability to delete them.”

It is important to note that Zoom is providing enhanced privacy features where it can for paid customers. But it cannot guarantee privacy for the communications content since this may be recorded by an attendee and stored anywhere outside of Zoom’s reach.

Furthermore, said the spokesperson, “It’s also worth noting that the host account is the ‘data controller’ for the meetings. If you’re a European user joining a meeting hosted in the US, any data collected or shared in those meetings will follow the host account.”

Advertisement. Scroll to continue reading.

Despite the limitations to what it can achieve, SURF is happy with the outcome. “We are pleased with the adjustments Zoom has made to its software as a result of our collaboration,” said Jet de Ranitz, CEO and chairperson of SURF’s board of directors. “With Zoom’s new privacy features and recent modifications, the company has showcased a commitment to European privacy standards.”

But privacy remains a complex issue for Zoom meetings. The firm is enhancing privacy options where it can for its paid subscribers – but meeting attendees must remain aware that the privacy of what they say at such meetings cannot be guaranteed.

And the potential effect of the UK’s Online Privacy Bill and EU moves toward similar ‘bans’ on end-to-end encryption (E2EE) remains to be seen. Zoom has an E2EE option, but European governments are demanding that law enforcement should have access to plaintext (which means it would no longer be E2EE). If these moves become law in Europe, the concept of privacy becomes moot.

SecurityWeek asked Zoom for its position. It replied, “Zoom is committed to providing robust global data and privacy protections, and seeks to comply with all applicable regulations in the jurisdictions in which it operates. We are waiting to see the final text of the proposed regulations and remain committed to supporting our users in the EU and UK.”

Related: Zoom Paid Out $3.9 Million in Bug Bounties in 2022

Related: Zoom Patches High Risk Flaws on Windows, MacOS Platforms

Related: Zoom for macOS Contains High-Risk Security Flaw

Related: Zoom Patches Serious macOS App Vulnerabilities Disclosed at DEF CON

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

SpecterOps has appointed Tim Bender as CFO, Pat Sheridan as CRO, and Bryce Hein as CMO.

CISA has officially announced the appointment of Madhu Gottumukkala as its new deputy director.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.