We are using Zoom for virtual events open to more than 40 attendees. Although there are issues with Zoom’s privacy controls, when reviewing available solutions we found that there isn’t a perfect product and we have chosen Zoom for its usability and accessibility. We expand on the reasons for our choice in the guidance below, which we will keep under review.
For each event we will explain how you can participate (video, audio and/or written chat), though all will be optional.
Some of you will be very familiar with Zoom already. For newcomers, Zoom enables people to participate in virtual events. You can use the settings on the Zoom toolbar to choose whether you want to join using video or audio.
If you are interested in a Nuffield Foundation, Nuffield Family Justice Observatory or Ada Lovelace Institute event and using Zoom makes it hard for you to join, please contact events@nuffieldfoundation.org
Zoom enables keyboard navigation, screen reader support, and closed captioning. We are committing to providing closed captioning with human captioners at our public events. If there are further ways we can support your attendance please contact events@nuffieldfoundation.org
Before deciding on Zoom, we looked into the privacy policies and practices of a range of video conferencing platforms that provide an acceptable user experience, and that we could roll out in the timescale required. The results are disappointing: tools with good user experience generally fail to meet GDPR obligations (see analysis).
Zoom has had recent media criticism for its privacy practices. We share these concerns and encourage Zoom, as well as other video conferencing providers, to realise their responsibilities to user privacy, and particularly due to their increased role offering a high-demand service under the present social isolation. We welcome Zoom’s recent statement, updates and pledge to improve privacy but will look to them to do more to protect the privacy and security of their users.
What privacy concerns should I be aware of?
Zoom, similar to most mass-participation video conferencing applications, does not use end to end encryption. It uses transport layer encryption, which means the content of the communication can be visible to Zoom. It has also been reported that Zoom is leaking email addresses and photos. It is also unclear if, or how, Zoom combines data from third parties and available sources and how that data is used.
Why aren’t these issues explained in their privacy policy?
We don’t know. Their privacy policy doesn’t follow best practice and risks misguiding users. Questions and comments on their privacy measures can be sent to their privacy team at privacy@zoom.us or the support team at https://support.zoom.us.
Advice for minimising exposure while using Zoom
For advanced users, you may wish to run Zoom on a virtual machine or an operating system on a USB