Skip to main content

Virtual Conferencing Software Must Improve Data Protection, Regulators Warn

by Chris Brook on Monday November 1, 2021

Contact Us
Free Demo

Following an investigation, six countries and four companies outlined best practices for mitigating privacy risks in video conferencing apps.

Last year, in the pandemic's infancy, it quickly became clear that video teleconferencing platforms were essential, both for work and day-to-day life.

They’re not going away: a research study released last week forecast the video conferencing market to surpass $75 billion by 2027. In order to keep up with that growth, companies are hiring third party firms to help them manage the IT needed to manage video conferencing software. The software companies need to keep pace too, ensuring solutions are free from vulnerabilities and privacy concerns.

Those concerns were top of mind for six data protection and privacy authorities during a recently concluded investigation into video teleconferencing (VTC) company practices.

Authorities from Australia, Canada, Gibraltar, Hong Kong, China, Switzerland, and the UK released a report last week recapping the investigation, urging some of the biggest video conferencing companies to improve privacy for users.

The companies, Microsoft, Google, Cisco and Zoom, referred to as joint signatories in the report, worked with the countries on outlining a series of recommendations to follow.

The countries first called for an investigation into their practices last July, after the countries issued an open letter, reminding them of their obligations to comply with the law and handle people’s personal data responsibly.

Those involved agreed that when it comes to encryption, making end-to-end encryption available to all users, whether enterprise, consumer, paid, or free is important, as is outlining information for users about the difference between "standard" and "end-to-end encryption."

The report also encourages companies to be clearer about information each maintains on their users, specifically if it makes any secondary use of it. Organizations should only use customer information in a way users would reasonably expect. Doing otherwise could impede trust, the report warns.

"Where personal information is used for secondary purposes, VTC companies should explicitly make this clear to users with proactive, upfront, and easily understandable messaging about what information is used and for which purposes.”

Similarly, as it pertains to user data, the groups pushed for transparency, recommending companies if possible give users the choice as to where their data is routed through, make known where it's stored and that measures are taken to ensure its protected when shared with third parties.

Based on the report, it sounds like the investigation was a lesson in civil discourse for everyone involved. It called the dialogue between all parties “effective, efficient and mutually beneficial” and acknowledged that going forward, all involved would “would benefit from open dialogue to help set out regulatory expectations, clarify understanding, identify good practice, and foster public trust in innovative technologies.”

It's important to note that for the most part, the investigation didn't get into specific examples around the use of teleconferencing software for sharing sensitive information, nor did it examine risks around use of the platforms for telehealth or educational purposes. It did stress to companies that when it comes to those fields, security is paramount, however.

“VTC companies must ensure robust privacy and security safeguards to adequately protect personal data in these more sensitive environments,” the report reads.

Tags:  Government

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.