noyb.eu report on video conferencing privacy policies
<https://noyb.eu/en/interrupted-transmission> The outbreak of the SARS-CoV-2 pandemic has forced many people to work from home. Video conferencing tools and other remote means of communication make this possible, transforming our homes into our offices. They also help keep us connected with friends and family, regardless of where they are. Video conferencing tools literally open a lens into our homes. The personal and professional spheres are increasingly merging. We phone with our parents and children, discuss business strategy with our colleagues, and perhaps relax with our yoga teacher after work, following her flow in front of our screen. While we appreciate how video conferencing tool providers facilitate all this, the intimacy they permit calls for an equally intimate look into their compliance with EU data protection law. We zoomed in on the privacy policies of six tools: Zoom, Webex Meetings (Cisco), Meeting (LogMeIn), Skype and Teams (both Microsoft), and Wire. While the video quality of the investigated tools may often be crystal clear, and the user interfaces well-thought out, the service providers’ privacy policies do not meet this standard. Static in the form of “may” or “might”, “as necessary”, or “as required by law” cloud the picture. Sometimes whole parts are missing, such as information about basic GDPR rights. Finally, poor structure makes accessing the available information challenging. Video conferencing providers need to work on meeting their information obligations under the GDPR. Read the full report <https://noyb.eu/sites/default/files/2020-04/noyb_-_report_on_privacy_policie...>
Grazie ...infinite per questo prozioso riferimento: lo meto in *cassaforte* :-) Se, ovviamente compatibilmente con le risorse di ciascuno e senza nessun impegno :-), i giuristi in lista avessero qualche contestazione sostanziale all'analisi svolta da noyb.eu noi siamo tutto orecchi La sostanza delle cose è che la quasi totalità - manca Google Classroom, si veda a pag. 8 del report - degli strumenti utilizzati per la scuola a distanza oggi non rispettano il GDPR. In altre parole, il GDPR serve solo a dare l'illusione che sia protetta la privacy dei cittadini della EU, oltre ovviamente a complicare (inutilmente?) la vita di tutti quelli che non ci pensano nemmeno di striscio a raccogliere *laqualunque* dai propri utenti. Alberto Cammozzo <ac+nexa@zeromx.net> writes:
[...]
Read the full report <https://noyb.eu/sites/default/files/2020-04/noyb_-_report_on_privacy_policie...>
--8<---------------cut here---------------start------------->8--- However, Zoom’s claims have been shown to be misleading and false. Zoom does not actually use end- to-end encryption as commonly understood, but only transport layer encryption [...] Zoom appears to also have poorly implemented their “Company Directory” feature, leaking both email addresses and photos [...] Often, policies were poorly structured, overly long, or simply not user friendly, with information distributed in various places and not clearly linked or accessible straight from the main privacy policy. [...] Most companies see themselves as processors and not as controllers in the context of their video conferencing service. This means that the user of the software would be the controller and could therefore be deemed responsible for compliance with the GDPR, which may indicate liability for any illegal processing by the processor. (Cosa?!? n.d.r.) [...] The GDPR imposes a number of responsibilities on controllers beyond the information obligations investigated in this report, ranging from implementing appropriate technical and organisational security measures to choosing only such processors that provide sufficient guarantees. [...] It is beyond the scope of this report to assess in detail in which circumstances a video conferencing provider qualifies as a controller or/and a processor in the context of video conferencing. However, since we assume that such providers all qualify as controllers for at least a part of the processing operations involved 17 , we assessed the privacy policies against the standard of being a controller. [...] --8<---------------cut here---------------end--------------->8--- Saluti, Giovanni -- Giovanni Biscuolo Xelera IT Infrastructures
participants (2)
-
Alberto Cammozzo -
Giovanni Biscuolo