Zoom’s problematic privacy policy raises red flags

Zoom may seem like a godsend for the countless individuals and organizations who have begun to rely on it to function or even just stay in touch while under strict lock-down with the COVID-19 pandemic. However, Consumer Reports has recently raised concerns over the platform’s sketchy privacy policy.

Too much data for undefined purposes

While it’s not uncommon for platforms to collect browsing data and share it with third parties, Zoom’s privacy policy includes an overly broad umbrella of data in what it collects. Forbes relates:

Zoom’s policy also covers what it labels “customer content,” or “the content contained in cloud recordings, and instant messages, files, whiteboards … shared while using the service.”

This includes videos, transcripts that can be generated automatically, documents shared on screen, and the names of everyone on a call.

What’s worse is that Zoom is painfully vague about what purposes this data is used for. Your videos and private messages could potentially be used for the development of a facial recognition algorithm, or for targeted ads. Justin Brookman, director of privacy and technology policy at Consumer Reports, says:

Zoom should update their terms to ensure that data collected during meetings from any participant or host is explicitly excluded from any advertising or marketing use, and that they don’t view and tag video footage to train AI for facial or object recognition.

Concerns over meeting host powers

Brookman is also concerned that Zoom gives too much power to meeting hosts, granting them “rights that might not be immediately apparent to other participants—or, in some cases, to the hosts themselves.” Unclear indicators about when a host is recording a meeting could be problematic for participants discussing sensitive matters, such as a session with a psychologist or something of that nature.

And if your boss is a micromanager, Zoom might be the tattletale you never asked for. With its “attention-tracking” feature, Zoom has the capability to tell your meeting host when you have left the chat window for longer than 30 seconds.

Privacy expert Rowenna Fielding called Zoom’s privacy policy “a bucket of red flags,” noting that what is most concerning is their lack of transparency about just how they use personal data they collect:

They collect a potentially huge amount of personal data from accounts, calls made through the service and from scraping social profiles, but there’s no way to opt out of specific use purposes while continuing to use the service… For an employee or contractor whose boss or clients require them to use Zoom, this is bad news because they are required to expose, or accept the passive collection of, personal data which is not strictly necessary for the operation of the call, and which is then used for a variety of vaguely-described purposes by Zoom.

How can I protect myself?

There are other more secure alternatives to Zoom, such as the video chat provider Signal for professional use, and Houseparty for your social calls. If your employer requires you to use Zoom, there are still a few measures you can take to protect your data. For starters, turn off your mic unless you are speaking. Fielding also advises that you:

Create a separate email address expressly to use for Zoom
Clear cookies and block trackers after every call
Opt out of all secondary data usage when possible