1. Who or what is Zoom?

Zoom is an American publicly traded company that has only existed since 2011 and has approximately 2000 employees. In 2019, it posted sales of $ 620 million. Via Zoom, it's easy to start a digital meeting with multiple people. This can be done by calling one of Zoom's phone numbers, but also via video calling software. You do not need to download a separate program, a conversation can be started via the browser.

2. Who is the founder / owner of Zoom?

The company was founded by the Chinese immigrant Eric Yuan, a smart student graduating in Computer Science and Mathematics. He successfully rose after he moved to the United States in the late 1990s.

Ties with China, where a third of its employees work, are still strong. Most R&D work takes place there. That makes the company cheap, but also vulnerable. In the run-up to the IPO in 2019, Zoom had to recognize that the close relationship with China can pose security and privacy risks.

3. Where does Zoom's success come from?

Zoom is very user-friendly and therefore comes in handy in times of lockdowns. It gives the user the opportunity to get in touch with family members, employees, students and so on.

This is also reflected in the figures. In 2019, Zoom had roughly 10 million users daily. In March and April this had risen to roughly 200 million users daily.

4. Can Zoom be used safely?

Zoom's security leaves much to be desired. Security experts have discovered quite a few flaws. For example, there is a bug that can steal the windows password(s). Another bug makes it possible for an outsider to enter a meeting and act as administrator or take over the microphone(s) or webcam(s) of user(s).

Zoom bombing is also possible. Strangers enter a meeting to leave their message of any kind there. There are more flaws.

5. If Zoom is not safe to use, what about user privacy?

Concerns about data retention and the possibility that third parties can break in are further compounded by the discovery that Zoom IOS app automatically passed data to Facebook. Zoom's privacy policy made no mention of this.

6. What can this lack of a good privacy code imply?

The flawed privacy code can have two worrying consequences:

• Firstly, there is a lack of transparency. This enables the host to undertake matters that remain invisible to Zoom's co-users. For example, he can record the conversations, elaborate them and discuss them later with third parties or pass them on to third parties.
• Lastly, the host / host can therefore pass on the information to third parties without asking or getting permission to do so. This is contrary to the GDPR / AVG. This requires that data collection may only take place on the basis of "free consent". So there should be no inequality in the mutual relationships. After all, in that case there can be no question of a free choice. Precedents of this are already known.

7. Is there any compliance at Zoom meetings in accordance with the requirements of the GPDR / AVG?

Depending on when family members speak to each other via Zoom, there seems to be equal right of privacy. But is that also the case when an employer wants to consult with his employees? In times of Covid-19, can employees refuse to cooperate for reasons of concern about their privacy under the GPDR regulations?

The employee's concern is justified. Zoom sees itself as a data processor rather than a data manager. According to Zoom, that is the host / host of the meeting / meeting. If the participants agree with the reasoning then the host / host is responsible for data management. This will certainly be the case if the host stores the data on its own servers.

8. What does Zoom say?

Under pressure from the erupted criticism, Zoom states it has tightened its security and privacy policy. It now states that "content" that users produce will not be shared. Zoom also claims to have never done this. Zoom also states that it has been overtaken by its turbulent growth. As mentioned, 200 million people now use Zoom every daily, including 90,000 schools in more than 20 countries. The problem with this statement is that there were concerns about Zoom's privacy policy before the case caught fire.

9. Are there any more questions about the privacy views or policies of Zoom?

In defense of its current rattling privacy policy, Zoom argues that it focused primarily on the business market. They never thought that home workers and school children would use Zoom en masse. At first sight, that is a strange reasoning. Other rules of the game in the field of security and privacy would apply to companies, citizens or even schoolchildren. This line of reasoning is therefore questionable and gives the impression that Zoom would have been the starting point for lack of privacy.

10. Is the progress being made on transparency and clarity sufficient?

Not exactly. Take the encryption of data, for example. Zoom has admitted that until recently there was no end-to-encryption of data. End-to-end means that the provider cannot access that data at any time. It can do that without that form of encryption. That doesn't automatically mean the provider will do that, of course. Zoom also nowhere says that it will not attempt to intercept data or record communications! So there remains doubt.

The points mentioned are possible with the new transparency policy. On March 27th, 2020, Zoom stated that it will record any meeting that the host desires. This means that Zoom has access to certain forms of content at all times. Zoom says nowhere that it does not store other forms of content. As long as Zoom does not state clearly that it uses end-to-end encryption, it can in fact have everything. We don't know if it will happen, nor how long it will keep the stored content.

11. Are there unexpected and unpleasant consequences?

Zoom says it complies with US law on government access to stored data. However, Zoom's field of activity is worldwide. That means that thanks to the Cloud Act, the U.S. government has access to foreign data. This means that the government can not only demand access to all kinds of company data, but even confidential data from foreign powers.

12. Is the government not concerned about this?

Yes, the New York prosecutor wrote a letter to the company in San Jose, California asking for clarification about Zoom's security policy. She points to Zoom's explosively growing popularity in times of Covid-19.