Zoom’s New Terms of Service Create Data Privacy Concerns
Zoom, the virtual meeting platform, recently updated its Terms of Service (ToS) to include significant changes in how the company will use customer data to train its own Artificial Intelligence (AI) and Machine Learning (ML) programs, Zoom IQ Meeting Summary and Zoom IQ Team Chat Compose. While the intent of the new ToS is to clarify how Zoom will use customer data, there are concerns that the language is too broad and could pose significant privacy risks for businesses that use Zoom.
The vagueness of the ToS is concerning for customers because there is no clear distinction about what and how data will be used. Zoom executives have clarified that users can decline to use Zoom’s AI platforms, however, there is currently no option to opt out of Section 10.4 of the terms, which concerns Zoom’s use of customer content as a whole.
Section 10.4 of the ToS states:
“You agree to grant and hereby grant Zoom a perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary to redistribute, publish, import, access, use, store, transmit, review, disclose, preserve, extract, modify, reproduce, share, use, display, copy, distribute, translate, transcribe, create derivative works, and process Customer Content and to perform all acts with respect to the Customer Content…”
Zoom’s Chief Operating Officer, Aparna Bowa, responded to these concerns on Hacker News:
“To clarify, Zoom customers decide whether to enable generative AI features (recently launched on a free trial basis) and separately whether to share customer content with Zoom for product improvement purposes. Also, Zoom participants receive an in-meeting notice or a Chat Compose pop-up when these features are enabled through our UI, and they will definitely know their data may be used for product improvement purposes.”
Zoom’s Chief Product Officer further attempted to clarify the updates in a blog published on August 7th by affirming that Zoom does not use audio, video, or chat content to train their AI models without customer consent. However, the reassurance from Zoom’s executive team only affects the risk from their AI features.
Unfortunately, Zoom paid an $85 million settlement in 2021 for misleading customers about how their data was being handled, so the ambiguity of these terms has raised the alarm for customers once again. Because there is currently no option for users to opt out of the broad terms of Section 10.4 in the ToS, many are wondering whether to believe the company is using their data responsibly, or whether the gaps in the ToS will result in another customer data issue.
Our guidance
Businesses who utilize Zoom should review the updated terms of service to evaluate the risk of allowing Zoom broad content access. They should also consider disabling the use of Zoom’s AI features until the risks of the platforms are better understood. Furthermore, cyber executives should educate employees on the risks of joining Zoom meetings hosted by other businesses who may choose to enable the AI software and could subsequently expose confidential data.
How we help
We can help your firm develop, implement, and maintain the required information security program to meet regulatory requirements and industry best practices, including:
- Support and advice to build and to assess an organization’s cybersecurity risk, identify cybersecurity program gaps, and draft and execute against a mitigation roadmap.
- Policy development, business continuity planning, and impact analysis complete with robust policies, plans, and procedures to better protect your company from data breaches and efficiently recover from a cyber incident or significant business disruption.
For questions, or to find out how we can help you meet industry best practices contact us here.