The Privacy Commissioner of Canada, along with other global privacy authorities, have published an open letter to companies that offer video conferencing services.
The open letter reminds the companies of their obligations and duty to comply with the law and handle user personal information responsibly. It’s been signed by Commissioner Daniel Therrien and privacy authorities based in the U.K., Australia, Switzerland and China.
It’s intended for all companies that offer video conferencing services, and has been sent directly to Microsoft, Google, Zoom, Cisco and House Party.
The privacy watchdogs outline that although video conferencing tools are essential right now, the ease of staying in touch must not come at the expense of people’s data protection and privacy rights.
They note that the companies should have certain security safeguards in place and generally include effective end-to-end encryption for all data communicated, two-factor authentication and strong passwords.
“During the current pandemic we have observed some worrying reports of security flaws in video teleconferencing products purportedly leading to unauthorised access to accounts, shared files, and calls,” the letter reads.
Towards the start of the pandemic, Zoom faced significant backlash for its flawed security measures, and has since introduced privacy enhancements.
The letter also asks companies to ensure that they are taking a privacy-by-design approach to their services and making data protection and privacy integral to their products. This includes minimizing the personal information that is captured, used and disclosed by their services.
“Providers should also undertake a privacy impact assessment to identify the impact of their personal information handling practices on the privacy of individuals and implement strategies to manage, minimize or eliminate, these risks,” the letter notes.
Further, the watchdogs outline that failing to notify users how their information is being used may lead to a violation of law.
Companies are also advised to ensure that end-users of their services are empowered by having appropriate information and control.
The privacy authorities conclude by outlining that they are welcoming responses to the open letter from companies by September 30th to detail how they are taking these principles into account in the design of their services.
With no end in sight for the on-going pandemic, video conferencing tools continue to be essentia, so it’s important privacy watchdogs are working to ensure the safety and security of users.