1. Who or what is Zoom?

Zoom is an American publicly traded company that was founded in 2011 and has approximately 2000 employees. In 2019, it posted sales of $620 million. Via Zoom, it's easy to start a digital meeting with multiple people. This can be done by calling one of Zoom's phone numbers, but also via video calling software. You do not need to download a separate program, a meeting can be started via the browser.

2. Who is the founder/owner of Zoom?

The company was founded by the Chinese immigrant Eric Yuan, a smart Computer Science and Mathematics graduate. He came to success after he moved to the United States in the late 1990s.

Zoom’s ties with China, where a third of its employees work, are still strong. Most R&D work takes place there. That makes the company cheap, but also vulnerable. In the registration to the IPO in 2019, Zoom had to recognize that the close relationship with China can pose security and data privacy risks.

3. Where does Zoom's success come from?

Zoom is highly user-friendly and therefore comes in handy in the recent time of lockdown. It gives the user the opportunity to get in touch with family members, colleagues, students, and so on.

This is also reflected in the figures. In 2019, Zoom had roughly 10 million users daily. In March and April 2020, this had risen to roughly 200 million users daily.

4. Can Zoom be used safely?

Zoom's security is quite unsatisfactory. Security experts have discovered several flaws. For example, there is a bug that can steal the windows passwords. Another bug makes it possible for third-party to takeover a meeting and act as administrator or control the microphones or webcams of users.

Zoom bombing is also possible. Random strangers can enter a meeting to leave their message of any kind there. There are even more flaws to be discovered.

5. What about Zoom’s user privacy?

Concerns about data retention and the possibility that third parties can break in are further aggravated by the discovery that Zoom IOS app automatically passed the user’s data to Facebook. Zoom's privacy policy did not mention any of this.

6. What can this flawed privacy code imply?

The flawed privacy code can have two concerning consequences:

• Firstly, there is a lack of transparency. This enables the host to undertake matters that remain invisible to Zoom's co-users. For example, he can secretly record the conversations, elaborate them and discuss with or pass the information on to third parties without the co-users permission.
• This is contrary to the GDPR/AVG. This requires that data collection may only take place on the basis of "free consent". So there should be no loopholes in this mutual relationships. After all, in this case there is no question of mutual consent. Precedents of this are already known.

7. Is there any compliance at Zoom meetings in accordance with the requirements of the GPDR/AVG?

Depending on the case, such as when family members speak to each other via Zoom, there seems to be an equal right to privacy. But is that also the case when an employer wants to consult with his employees via Zoom? In times of COVID-19, can employees refuse to cooperate for reasons of concern about their privacy under the GPDR regulations?

In this case, the employee's concern is justified. Zoom sees itself as a data processor rather than a data manager. According to Zoom, that is the responsibility of the host of the meeting. If the participants agree with the reasoning, then the host is responsible for data management. This will certainly be the case if the host stores the data on its own servers.

8. What does Zoom has to say?

Under pressure from the erupted criticism, Zoom states it has tightened its security and privacy policy. It now states that the "content" that users produce will not be shared. Zoom also claims to have never done this. Zoom also states that it has been overtaken by its turbulent growth. As mentioned, 200 million people now use Zoom every daily, including 90,000 schools in more than 20 countries. The problem with this statement is that there were concerns about Zoom's privacy policy before the case was brought to public attention.

9. Are there any more concerns about the privacy views or policies of Zoom?

In defense of its current rattling privacy policy, Zoom argues that it focused primarily on the business market. They never thought that home workers and students would use Zoom en masse. At first sight, that is a strange reasoning. Other rules in the field of security and privacy would apply to companies, citizens, or even students. This line of reasoning is therefore questionable and gives the impression that Zoom would compromise its users' privacy.

10. Is there any progress being made on transparency and clarity?

Not exactly. Take the encryption of data, for example. Zoom has admitted that until recently there was no end-to-encryption of data. End-to-end means that the provider cannot access the data at any time. It can do so without End-to-end encryption. That doesn't automatically mean the provider will do that, of course. Zoom also never mentioned that it will not attempt to intercept data or record communications! So there remains a doubt.

The points mentioned are possible with the new transparency policy. On March 27th, 2020, Zoom stated that it will record any meeting that the host desires. This means that Zoom has access to certain forms of content at all times. Zoom says nowhere that it does not store other forms of content. As long as Zoom does not state clearly that it uses end-to-end encryption, it can, in fact store all the data. We don't know if it will happen, nor how long it will keep the stored content.

11. Are there unexpected and unpleasant consequences?

Zoom says it complies with US law on government access to stored data. However, Zoom's field of activity is worldwide. That means that thanks to the Cloud Act, the U.S. government has access to foreign data. This means that the government can not only demand access to all kinds of company data but even confidential data from foreign powers.

12. Is the government not concerned about this?

Yes, a New York prosecutor wrote a letter to the company in San Jose, California asking for clarification about Zoom's security policy. She points to Zoom's explosively growing popularity in times of COVID-19.