Uncategorized

Online Meeting and Webinar Tools – a dataprivacy consideration

By 14 May 2020No Comments

With the CoVID-19 limitations regarding events, academies, trainings and meetings we have to move our activities from meetings in person to digital meetings.

A big variety of tools is available of which you can choose, offering various functions, various price models and also with different privacy settings.

Regina Stoiber, lawyer and member of JCI Germany has investigated various tools regarding data privacy and the ability to use them in your company. Please find the original document (in German) here.

Here you find an overview of various tools that have been checked for data protection. This is not a comprehensive list, but tools that we have heard are mainly used in Local and National Organizations of JCI Europe.

Additionally to the ones listed below, JCI Europe uses the tool Clickmeeting. This has been developped by “GetResponse”, and has been spun off as separate company, based in Poland.

Google Meet (Hangouts)

Criteria

Producer, Country
Google Ireland Ltd., Ireland
Representative in the EU (acc. Art. 27 GDPR) not applicable
SaaS (Server location) Yes (Ireland), part of the GSuite
Encrypted Transmission (TLS) Yes
Order processing contract Yes, for the GSuite
Link OP Contract https://gsuite.google.com/terms/dpa_terms.html
on-premise No
End-to-End-Encryption No
Ensuring the level of data protection EU-Privacy-Shield
Data Protection
https://support.google.com/a/answer/7582940?hl=de
GDPR-compliant (Producer’s specification) Yes
Use of the data for own purposes No specific statement on this, but Google assures that the data will not be sold and used for advertising. In addition, there is no user attention tracking.
URL https://gsuite.google.com/intl/de/products/meet/

GoToMeeting

Criteria

Producer, Country LogMeIn, USA
Representative in the EU (acc. Art. 27 GDPR) LogMeIn Technologies UK Limited
SaaS (Server location) Yes (USA)
Encrypted Transmission (TLS) Yes
Order processing contract Yes
Link OP Contract https://logmeincdn.azureedge.net/legal/20191226/DPA/LMI-Customer-Data-Processing-Addendum-2019-v2-SAMPLE.pdf (GDPR compliant addendum for processing customer data)
on-premise No
End-to-End Encryption
Yes
Ensuring the level of data protection EU-Privacy-Shield
Data protection https://www.logmeininc.com/de/legal/privacy
GDPR-compliant (Producer’s specification) Yes
Use of the data for own purposes According to AV, LogMeIn processes the data for the operation of the service.
URL https://www.gotomeeting.com/de-de

 

Teams

Criteria

Producer, Country
Microsoft Corporation, USA
Representative in the EU (acc. Art. 27 GDPR)
SaaS (Server location) Europe incl. Germany for EU clients
Encrypted Transmission (TLS) Yes
Order processing contract Yes
Link OP Contract http://www.microsoftvolumelicensing.com/Downloader.aspx?documenttype=OST&lang=German
on-premise No
End-to-End Encryption
No
Ensuring the level of data protection EU-Privacy Shield
Data protection
https://privacy.microsoft.com/de-de/privacystatement
GDPR-compliant (Producer’s specification) Yes
Use of the data for own purposes
Provision, further development, personalization, but also for personalized advertising mailing, the data is used according to the privacy policy.
URL https://www.microsoft.com/de-de/microsoft-365/microsoft-teams/

 

WebEx

Criteria

Producer, Country
Cisco, USA
Representative in the EU (acc. Art. 27 GDPR) The provider has various companies in Europe.
SaaS (Server location) USA
Encrypted Transmission (TLS) Yes
Order processing contract Yes
Link OP Contract https://trustportal.cisco.com/c/dam/r/ctp/docs/dataprotection/cisco-master-data-protection-agreement.pdf
on-premise Yes
End-to-End Encryption
Yes, but this may lead to limited functionality
Ensuring the level of data protection EU-Privacy Shield
Data protection
https://www.cisco.com/c/de_de/about/legal/privacy-full.html
GDPR-compliant (Producer’s specification) Yes
Use of the data for own purposes Use of functions, customer service, market information (the data protection declaration does not assign data to products)
URL https://www.cisco.com/c/en/us/products/conferencing/webex-meetings/index.html

 

Zoom

Criteria

Producer, Country
Zoom Video Communications, Inc., USA
Representative in the EU (acc. Art. 27 GDPR)
SaaS (Server location) USA
Encrypted Transmission (TLS) Yes
Order processing contract Yes
Link OP Contract https://zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf
on-premise No
End-to-End Encryption
No, according to the manufacturer, this security feature is under progress
Ensuring the level of data protection EU-US-Privacy Shield
Data protection
https://zoom.us/privacy
GDPR-compliant (Producer’s specification) Yes
Use of the data for own purposes
URL https://zoom.us