How Private is Zoom® Videoconferencing?
Many of us find ourselves attending meetings by video conference, such as Zoom. You might even be having confidential interactions with your clients, medical providers, or legal providers. If you are wondering how secure those interactions are, we analyzed Zoom’s security, legal, and privacy policies (which were updated on March 18, 2020) to help you stay informed without having to read all the fine print. Here are the highlights:
- Zoom represents that its products are generally hosted and operated in the United States.
- Zoom boasts that communications are established using 256-bit TLS encryption and all shared content can be encrypted using AES-256 encryption.
- Zoom provides the following protections for meeting privacy that are available for the host to choose:
- Secure a meeting with end-to-end encryption
- Create Waiting Rooms for attendees
- Require host to be present before meeting starts
- Expel a participant or all participants
- Lock a meeting
- Screen share watermarks
- Audio signatures
- Enable/disable a participant or all participants to record
- Temporary pause screen-sharing when a new window is opened
- Password protect a meeting
- Only allow individuals with a given e-mail domain to join
- Zoom privacy terms say the host can choose to record Zoom meetings and Webinars. That means if you are not the host, you aren’t in charge of whether or not to record the meeting. The host should still comply with recording laws though. You will receive a notification (visual or otherwise) when recording is enabled.
- By using Zoom, you give Zoom consent to store recordings for any or all Zoom meetings or webinars that you join. It is unclear for how long Zoom stores the recordings, but there is the potential that someone in litigation could subpoena Zoom for that recording.
- Zoom says it meets industry standards in safeguarding to prevent unauthorized disclosure of or access to content. Zoom will notify you if there is a data breach.
- Zoom will generally not access, view or process your meeting content. There are some exceptions though, which they define as (a) authorized or instructed by you, (b) as required to perform its obligations; or (c) as required by Law.
- Zoom considers the content that you create while using its product as one of the sources of your “personal data” that it collects.
- Zoom reminds users that they can adjust certain settings to reduce the amount of Personal Data Zoom automatically collects from you, such as by turning off optional cookies in your browser’s setting or by using our Cookie Preferences link at the bottom of the Zoom homepage.
- Zoom discloses that it may use your identifiers, employment information, payment information, Facebook profile information, technical information, demographic information, usage information, and user-generated information to market to you and to allow its affiliates to market to you but you can email firstname.lastname@example.org to discontinue this.
- Zoom says, “in our humble opinion, we don’t think most of our users would see us as selling their information, as that practice is commonly understood.” What they mean by that is that they don’t allow marketing companies, advertisers, or anyone else to access your Personal Data in exchange for payment. However, Zoom does use standard advertising tools which require Personal Data (think, for example, Google Ads and Google Analytics) to target advertising to you.
- You can ask Zoom to opt you out of certain advertising practices related to your Personal Data by clicking on the “Do Not ‘Sell’ My Personal Information” link.
- Zoom reminds us that “in certain situations, Zoom may be required to disclose Personal Data in response to valid and lawful requests by public authorities or pursuant to requests from law enforcement.”
The take away is that as the host of a Zoom meeting, you have many options available to protect the content of the meeting. Participants have fewer options and must rely on the host to use the security tools that Zoom provides. Zoom also offers both hosts and participants opt-out preferences to protect your privacy and limit the marketing you receive.
About the Author: Maria Crimi Speth is a shareholder, intellectual property attorney and chair of the IP group at the Phoenix law firm of Jaburg Wilk. She has expertise in copyright law, trademark law, and Internet law. She focuses on litigation involving intellectual property rights, privacy and First Amendment rights. Ms. Speth is the author of the book, Protect Your Writings: A Legal Guide for Authors.