'Zoom,' the popular videoconferencing app, has gained a foothold in the digital workplace - despite the growing number of privacy concerns with its business use. Employers would do well to first read the privacy terms of such services and determine their impact. After all, using Zoom may be at odds with privacy requirements under the General Data Protection Regulation (GDPR).
Those who read the Zoom Privacy Policy quickly discover that the company does a lot with users' personal data. Not only does it indicate that a lot of personal data is captured and shared with third parties, but active monitoring activities also take place. As a result, there are risks to the freedoms and rights of "Zoomers," of which they are most likely unaware.
Some processing activities that come to mind are:
Zoom collects personal data such as name, home address, e-mail address, phone number, job title, employer and everything the user does within the program.
The software has an "attendee attention tracking" functionality for the video conference organizer. This notifies the organizer if a user uses a program other than Zoom for more than 30 seconds. The user himself does not receive this notification.
Employers will have access to all participants' audio, video and chats when recorded.
Before using meeting software as Zoom for work meetings, the employer should consider the risks to its employees. It is likely that a so-called "Data Protection Impact Assessment" should be carried out, assessing the impact of processing activities on the protection of personal data. This may lead to the decision to stop using Zoom as a business video conferencing app, and instead consider alternatives.
