2 min read.Updated: 19 Aug 2021, 03:02 PM ISTLivemint
The German watchdog said the on-demand version of Zoom sends user data to the US and it doesn’t comply with the requirements laid down by the GDPR for sending data outside of the EU’s jurisdiction
Video conferencing tool Zoom may have more regulatory troubles in store. The acting Hamburg Commissioner for Data Protection and Freedom of Information has asked the German government to avoid using the “on-demand" version of the popular platform.
The watchdog claimed that Zoom doesn’t comply with Europe’s General Data Protection Regulations (GDPR), an important piece of legislation meant to protect user privacy and how companies handle user’s data.
The German body said that the on-demand version of Zoom sends user data to the US and it doesn’t comply with the requirements laid down by the GDPR for sending data outside of the EU’s jurisdiction. “The European Data Protection Committee has formulated requirements in order to be able to transfer personal data to a third country such as the USA in accordance with the GDPR," the regulator said in a press release.
“The HmbBfDI is based on this standard in business and public administration. The documents submitted by the Senate Chancellery on the use of Zoom show that these standards are not being adhered to. Other legal bases such as the consent of all parties concerned are also not relevant here," it added.
“Public bodies are particularly bound to comply with the law. It is therefore more than regrettable that such a formal step had to be taken," said Ulrich Kühn, the acting Hamburg commissioner for data protection and freedom of information. The commissioner noted that the government has compliant systems it can use and that Zoom is “highly problematic" from a legal point of view.
The popular video conferencing tool had amassed millions of users after the pandemic led to lockdowns in various countries. At the time, Zoom ran into trouble with governments, regulators, and others, who found the platform lacking security. The company, in turn, announced plans to focus specifically on security, saying that it never imagined a boom like this and was hence unprepared. To its credit, Zoom has announced fixes to many known issues, though the platform is still not preferred by many governments, including in India.
The company also settled an $85 million lawsuit on 1 August, accusing the company of violating user privacy rights by sharing personal data with Facebook, Google and LinkedIn, and for Zoombombing incidents that allowed outsiders and hackers to disrupt Zoom meetings.
The GDPR is seen as a key piece of legislation in the global scurry to formulate privacy and data security regulations, including India. As reported by Mint earlier, companies preparing for the Personal Data Protection (PDP) bill look at GDPR as the north star that India’s regulations will take cues from.