Students at Zoom University Face Data Privacy Concerns
The shift to remote learning has created various privacy concerns for students, both in physical privacy and data privacy. While privacy means something different to everyone, videoconferencing from home presents serious issues, such as your colleagues potentially passing judgment on your living situation or your inability to keep a small house plant alive.
Collecting personal information such as name and email address and content from the video as well is a growing privacy concern, given the recent focus on social media platforms (like TikTok) and remote conferencing platforms (like Zoom) that collect not only your name, age, and location but also strip data from user-generated content including photos and videos, and provides them to third parties.[1]
However, Zoom, for example, emphatically states that they are (now) different, and that “[n]o data regarding user activity on the Zoom platform – including video, audio, and chat content – is ever provided to third parties for advertising purposes.”[2]
This is not the first time Zoom CEO Eric Yuan has made a remedial statement after correcting various breaches in its security.[3]
This is only one of many measures taken to assuage Zoom users’ privacy concerns over a myriad of issues that have come to light as a result of the rapid increase in its use during the COVID pandemic.[4] Zoom has already addressed numerous other privacy and security concerns, for example, its sending of unauthorized data to Facebook, hoarding user data, “using a rather novel definition of end-to-end encryption,”[5] and routing some calls through mainland China, subjecting them to the laws of that jurisdiction.[6]
Furthermore, there were issues surrounding Zoom’s cloud recording feature, which allowed any other authorized users to access the recordings if not correctly set up.[7] This type of inadequate security also lends itself to unwelcome and offensive guests joining the call, or “Zoombombing.”[8] Finally (and most concerning among law students), the infamous attention tracking that notified a host if participants clicked away to look at something else for more than 30 seconds.[9] Zoom has since taken measures to address these privacy concerns, by removing the attention-tracking feature on April 2, 2020.[10]
These numerous privacy issues faced by only one platform have emphasized the inadequacy of The United States’ data privacy laws. While the Constitution establishes a right to privacy, specifically in the Fourth Amendment, that right is far from comprehensive. [11] It only provides protection against government action and not private companies like Zoom. [12] Privacy risks in the United States are instead addressed by their specific industry.[13]
Specifically, Zoom argued that it is not liable for Zoombombing, and is protected under the broad safe harbor provisions of section 230 of the Communications Decency Act, because it “plays no role whatsoever in developing the offensive conduct, but instead engages in the quintessential type of publisher activity” that’s covered in the act.[14]
This also has more broad implications for the various laws that protect children’s privacy, specifically FERPA and COPPA, which provides extra privacy protections for child users under the age of thirteen.[15] However, there is a big hole in those student privacy laws because they don’t cover non-educational companies, even when those companies are being used in schools unless there’s a particular contract between them and the school.[16] Schools remain liable while tech companies are virtually free of all obligations despite marketing to schools.[17]
Some universities have laid out best practices guides on what type of information should and should not be shared over Zoom.[18] If these guides are followed, this could provide a partial stop-gap, although it puts the onus on the user rather than Zoom to improve their actions.[19] For example, Fordham urges the community to follow best practices for virtual meeting security and etiquette, [20] and provides a link to Zoom Safety Tips on Zoom’s official blog.[21] which is probably why many professors now require passwords to join the session or use the waiting room feature.
While Zoom and its users have made efforts to increase data security, as we become more dependent on online platforms and applications, it is important to be conscious of privacy policies and take measures to protect our data.
Footnotes