Via Zoom into the data pro­tec­tion dilem­ma


Recently, the Hamburg State Commissioner for Data Protection warned the public against the use of Zoom. The U.S. service provider for video conferencing clearly violates the European General Data Protection Regulation by transmitting personal data.

Zoom became the new everyday work companion since the start of the pandemic. Seemingly from one day to the next, people began spending countless hours in digital spaces for both professional and private exchanges. But how would people behave if they found out this virtual space was never what it appeared to be? What if the security and privacy that Zoom users thought they posessed never existed in the first place?

Following YouTube, it's now Zoom that is caught in the public crossfire: Ulrich Kühn, the Hamburg State Commissioner for Data Protection and Freedom of Information, officially issued a warning against using the U.S. video conferencing service on Monday, August 16. The justification given was that the communications service violates the European General Data Protection Regulation (GDPR), as it transfers personal user data to the United States. In the wake of the Schrems II ruling, the Privacy Shield was already declared invalid due to the insufficient degree of data protection in the USA. Since then, American IT service providers have increasingly been the subject of criticism.

The fact that it is now also hitting Zoom, a leading figure in modern teleworking, is hardly surprising. Kühn stated in unequivocal terms that it was "incomprehensible" to use a "legally highly problematic system". Consequently, the Hamburg-based authority once again pushed for stricter application of the EU's General Data Protection Regulation. A spokesperson for Zoom, meanwhile, told EURACTIV that the company is committed to complying with all applicable data protection laws in the countries it operates in. However, it should be obvious by now that Zoom, as a U.S.-based provider, cannot and will not comply with these requirements. So, at this point, there are only two options left for any company: Either they close both their eyes and ears and consciously accept the risk, or they look for a GDPR-compliant alternative.

Further information on the topic at: