Zoom's Data Privacy Saga: Everything You Need to Know

6 min read
August 8, 2023

Update on Zoom's Privacy Statement (Last updated: March 17, 2024)

Zoom's latest Privacy Statement clarifies that it does not use any Customer Content (audio, video, chat, screen sharing, attachments, poll results, whiteboard interactions, and reactions) to train AI models. Additionally, while Zoom and its third-party partners may use your interaction data for marketing and promoting Zoom products, they do not use Customer Content for these purposes.

In today's tech-driven world, data privacy is a hot topic, especially with AI and ML technologies becoming more prevalent. Zoom, the popular video conferencing tool, recently found itself at the heart of this conversation. With its new product launch in March, Zoom made changes to its terms of service, which caused quite a stir.

The discussion about Zoom's AI guidelines remained unnoticed until a post on the topic ignited a debate on the popular platform, Hacker News, during the weekend.

The crux of the update was that Zoom could use data from its customers’ calls to enhance their AI. This means that the content of your business meetings could potentially be used to train Zoom's AI. And let's be real, many of us don't regularly read the terms and conditions, do we?

Here's a snippet from Zoom's terms:

Source: Zoom Terms of Service (August 7, 2023)

This change in terms and conditions raised eyebrows. Some opinion leaders were concerned about their personal privacy, while others were more worried about the broader implications of AI in the workplace.

There were also concerns about Zoom having too much control over the content of calls. Many users have already considered leaving the platform, while others wanted more clarity and control over how their data is used. 

Zoom’s New Launch

The new product, Zoom IQ, is a suite of tools designed to make a summary of the chat threads and assist in crafting automated replies to text chat queries. Using this tool during your calls is optional

  1. When activating these tools, there's a preselected checkbox within Zoom.
  2. If left unchanged, you're essentially giving the company permission to gather data to enhance and develop its AI.
  3. If a call commences with Zoom IQ active, other call participants receive a prompt stating "Meeting Summary has been enabled."
  4. This alert informs that "The account holder might permit Zoom to access and utilise your contributions and AI-produced content for delivering the feature and for refining Zoom IQ, encompassing model training."

For video conference attendees, there are two choices presented:

  • a muted "Leave Meeting" button
  • a more vibrant blue button labelled "Got it."

Essentially, if you remain on the call, another individual has granted Zoom the authority, on your behalf, to use your data for AI development.

Zoom Responds

If you want to use Zoom's AI features, they'll require access to some of your data, such as audio or chat transcripts. Whether you're a host or an attendee, you'll need to give consent or choose to exit the meeting.

Give it or leave it

Whether you're a host or an attendee, you'll need to give consent or choose to exit the meeting.

In response to the concerns, Smita Hashim, Chief Product Officer and a senior figure at Zoom, clarified in a blog post:

In Section 10.4, our intention was to make sure that if we provided value-added services (such as a meeting recording), we would have the ability to do so without questions of usage rights. The meeting recording is still owned by the customer, and we have a license to that content in order to deliver the service of recording. An example of a machine learning service for which we need license and usage rights is our automated scanning of webinar invites/reminders to make sure that we aren’t unwittingly being used to spam or defraud participants. The customer owns the underlying webinar invite, and we are licensed to provide the service on top of that content. For AI, we do not use audio, video, or chat content for training our models without customer consent.” 

Source: Zoom: How Zoom’s terms of service and practices apply to AI features (August 7, 2023)

A Newsweek article fairly pointed out that Zoom's response might not have covered all user concerns, especially about joining AI-enabled meetings.

Have You Unknowingly Shared Your Sensitive Data?

When signing up for new products, it's crucial for customers to be meticulous and thoroughly review terms and conditions. But how thorough is thorough enough? And if companies don't always send email notifications about changes, like what happened with Zoom, how often should you revisit their privacy policy?

For larger businesses, it's standard practice to have software vetted by an in-house or NDA-bound Data Protection Officer (DPO).

But the landscape is different for SMBs. In these smaller setups, teams often purchase software or add extensions to existing applications without fully understanding the potential repercussions.

It's a harsh reality that sometimes we can't foresee certain data usage scenarios until they're upon us, leading many to learn the hard way—either from personal experiences or others' missteps.

Digital Samba's Commitment to Privacy

Digital Samba stands firm in its commitment to user privacy. We don't gather or share customers’ or users’ data. We do monitor conversions on our sign-up page for marketing insights, but once a user logs in, a data-neutral approach is adopted.

made_in_EU-2

It ends where it begins

We do monitor conversions on our sign-up page for marketing insights, but once a user logs in, a data-neutral approach is adopted.

Proudly European, Digital Samba is fully aligned with GDPR standards. Prioritising privacy, Digital Samba has structured its platform to be data-agnostic. 

“As an EU company, we guarantee all your data stays in Europe, we don't work with any sub-processors that are not in the EU - plus we've designed our service to be data-agnostic. We don't track anything. We're proud to say we meet all GDPR requirements and make them available in a beautiful UI.”
01_robert
Robert Strobl,

CEO and Founder of Digital Samba.

When it comes to AI, we're all about responsible usage. Our models, used for tasks like voice transcription and automated subtitles, focus solely on their designated tasks without learning from your data.

Instead, these models are enhanced by experts like data scientists, professional translators, and customers keen on integrating specific terminology, ensuring end-user recordings remain untouched and private. Try it here, no signup required.


In Conclusion

Zoom's GDPR policy clearly states, “Zoom is committed to making every effort to build product features that align with GDPR requirements and foster protection of the personal data processed through our services. […] Zoom utilizes security measures to support the ongoing confidentiality, integrity, availability, and resilience of our processing systems and services.”

However, one can rightfully ask: does Zoom’s conduct truly reflect Zoom's proclaimed commitment to its users' security and privacy?

It should now be blatantly obvious that statements made by vendors like Zoom cannot be taken at face value. This recent incident yet again exposes that certain vendors put their corporate interests ahead of the interests of their customers.

Keep an eye out for pre-checked options masked as active consent, and make sure that you zoom in on the fine print.

Updated:

August 8, 2023

According to Axios.com, Zoom CEO Eric Yuan reiterated Hashim's comment that Zoom would gain user consent for any AI training in a LinkedIn post on Tuesday, adding that the March terms of service changes were a mistake: "We had a process failure internally that we will fix."

The advocacy group Fight for the Future wrote that it was "not convinced" by Zoom's response and launched an online petition to demand that Zoom revamp its policy.

August 9, 2023

To further enhance the clarity and authenticity of the blog post, we have included screenshots from official Zoom documentation as a reference to the information provided in this article.

Request a free consultation
Improve your UX with GDPR-compliant and E2EE video calls
Get a consultation

 

 

Get Email Notifications