Washington, DC – Following CR’s Digital Lab investigation into Zoom’s privacy practices, CR sent a letter to Cisco, Google, and Microsoft based on an evaluation of its services to urge the companies to raise the standard of their privacy practices as more people turn to videoconferencing tools during the ongoing pandemic.
“These companies have a responsibility to minimize potential abuses on their platforms and raise the standard for privacy when it comes to videoconferencing,” said Katie McInnis, Policy Counsel at ConsumerReports.“Videoconferencing tools are in greater use than ever before, and these companies must ensure that they are respecting the digital rights of users.”
People are now using videoconferencing services to perform essential tasks like accessing medical care, continuing work and schooling, and connecting with family and friends. These tools have become critical services for millions around the world. However, examples of abuse of these platforms and fears of excessive data collection or sharing, in addition to the reported security vulnerabilities, have made consumers concerned about which platform to trust with their private communications.
For instance, CR found that Zoom, like many digital platforms, outlines in its privacy policy that it collects personal information about its users, but failed to disclose details about how that information could be used for advertising, marketing, or other business purposes. After these findings by CR, Zoom made significant changes to its privacy policies, which was announced in a blog post.
In light of the fact that people will depend on videoconferencing for the foreseeable future, CR’s Digital Lab conducted an evaluation of the privacy policies for three additional major videoconferencing platforms: Webex from Cisco, Skype and Teams from Microsoft, and Meet, Duo, and Hangouts from Google. CR’s researchers found that, like Zoom, the privacy policies of these other services were unclear to the point where making an informed decision based on privacy was beyond the reach of most consumers.
CR’s Digital Lab privacy researcher, Bill Fitzgerald noted that, “These privacy policies need to be clear. Without clear, simple, and direct language in privacy policies, consumers are left with uncertainty about what personal information is being collected and how their data is being used by these companies.”
This videoconferencing evaluation was informed by the Digital Standard framework that CR uses to evaluate privacy policies, and the set of ten recommendations to raise the standard for privacy practices can be found here. We call on these companies and other providers of videoconferencing platforms to begin adopting these recommendations as soon as possible.
Media Contact: Cyrus Rassool, cyrus.rassool@consumer.org