New transnational report highlights need for better policies
Six national data protection and privacy authorities have published their findings after an investigation into the practices of video conferencing companies (VTC).
Organizations in Australia, Canada, Gibraltar, Hong Kong, China, Switzerland and the UK are generally satisfied with the level of engagement of affected companies, but are calling for improvements to their privacy measures.
With teleconferencing use skyrocketing as the Covid-19 pandemic took hold, authorities last summer asked Microsoft, Google, Cisco, Zoom and Houseparty to explain their privacy and security measures. Everyone except Houseparty responded.
Houseparty contacted the UK Information Commissioner’s office as part of a separate investigation and in any case shut down its video conferencing service two months ago.
“The dialogue between the VTC companies and the data protection authorities has proven to be effective, efficient and mutually beneficial”, state the authorities in their report.
“Going forward, the co-signers stress that this model of engagement is valuable and replicable in circumstances where emerging issues would benefit from open dialogue to help set regulatory expectations, clarify understanding, identify best practices and strengthen public confidence in innovative technologies. “
The report (PDF) sets out a number of recommendations. They call on VTC companies to make end-to-end encryption available to all users and to be the default for individual calls of a sensitive nature, such as telehealth communications.
Learn more about the latest privacy news.
They also want providers to clarify the secondary use of personal information.
“When personal information is used for secondary purposes, ride-hailing companies should explicitly let users know with proactive, direct, and easily understandable messages about what information is being used and for what purposes,” they write.
“Where secondary purposes include targeted advertising and / or the use of tracking cookies, it is recommended that VTC companies do so only if users have expressly agreed to such processing. “
Finally, the authorities are asking VTC companies to be fully transparent about where data is stored and how it is routed, and to give users the choice as much as possible.
They should also implement measures, contractual or otherwise, to ensure that information is adequately protected when shared with third parties, including in foreign jurisdictions.
The report comes as Zoom settles a US privacy class action lawsuit for $ 86 million after claiming to share personal data with Facebook, Google and LinkedIn, as well as authorizing a “Zoombombing ” unauthorized.
However, in a recent report, the Center for Strategic and International Studies (CSIS) found that the cybersecurity and privacy risks of VTC services are no greater than those found on the internet in general.
“Instead, the major services have all started to converge in the security and convenience of their applications,” he concluded.
YOU MAY ALSO LIKE Slack contains an XSLeak vulnerability that de-anonymizes users