[German]It’s a bang – various video conferencing systems were subjected to a short test at the Berlin Data Protection Commissioner. Microsoft’s teams or Zoom, as well as WebEx from Cisco, failed as a GDPR compliant video conferencing solution failed.
Some history about this case
It shouldn’t be love for life anymore. Facing an increasing number of video conferences during coronavirus-related contact restrictions, the Commissioner for Data Protection and Freedom of Information of German city of Berlin published in April 2020 checklists for the implementation of video conferences. In the two-page (German) “Checklist for conducting video conferences during contact restrictions”, Microsoft teams and other products did not come off so well. Or in plain words: The Data Protection Commissioner don’t recommended a use these products, due to their GDPR compliance. As a result, Microsoft resorted to legal action and sent something like a ‘cease and desist’ to the data protection commissioner of Berlin. I had written about this in the article Microsoft sends a cease and desist to Berlin’s data protection commissioner.
The checklist disappeared from the web for a few days, only to be published again. The Berlin data protection commissioners did not put up with Microsoft’s request and shortly afterwards followed it up with a new checklist and recommendations (I addressed this within my German blog post Berlin: Datenschutzbeauftragte legt gegen Microsoft nach).
Test: Zoom & Teams are not GDPR compliant
The Berlin data protection commissioner, Maja Smoltczyk, then initiated a short test common video conferencing solutions in terms of GDPR compliance. The German report Hinweise für Berliner Verantwortliche zu Anbietern von Videokonferenz-Diensten is available as a PDF file. The report contains a list of products and a traffic light that indicates whether a solution is GDPR compliant and can be used legally in Germany/Europe.
In short: Solutions such as Zoom, Teams and Skype from Microsoft as well as Google Meet, GoToMeeting, Blizz and Cisco Webex have failed as videoconferencing software to pass the GPDR compliance test. The products cannot be used in compliance with DSGVO. Martin Geuß from German site Dr. Windows mentioned that also in his German article is referencing to this (German) statment from Microsoft for the press. This statement contradicts the assessment of the data protection commissioners of Berlin. Let me put it this way: as long as this has not been legally clarified, I would adopt the position of the Berlin data protection commissioners and give little heed to Microsoft’s statements.
Microsoft Teams: Vulnerability allowed account takeover
Microsoft Teams and it’s security
Does Windows 10 VPN Bug-Fix Update cause Teams issues?
MS-Teams on Windows Server: Keep an eye on your RAM