Students at Zoom University Face Data Privacy Concerns - Fordham Intellectual Property, Media & Entertainment Law Journal
26895
post-template-default,single,single-post,postid-26895,single-format-standard,ajax_fade,page_not_loaded,,select-theme-ver-3.3,wpb-js-composer js-comp-ver-6.4.1,vc_responsive
 

Students at Zoom University Face Data Privacy Concerns

Students at Zoom University Face Data Privacy Concerns

The shift to remote learning has created various privacy concerns for students, both in physical privacy and data privacy. While privacy means something different to everyone, videoconferencing from home presents serious issues, such as your colleagues potentially passing judgment on your living situation or your inability to keep a small house plant alive.

Collecting personal information such as name and email address and content from the video as well is a growing privacy concern, given the recent focus on social media platforms (like TikTok) and remote conferencing platforms (like Zoom) that collect not only your name, age, and location but also strip data from user-generated content including photos and videos, and provides them to third parties.1

However, Zoom, for example, emphatically states that they are (now) different, and that “[n]o data regarding user activity on the Zoom platform – including video, audio, and chat content – is ever provided to third parties for advertising purposes.”2

This is not the first time Zoom CEO Eric Yuan has made a remedial statement after correcting various breaches in its security.3

This is only one of many measures taken to assuage Zoom users’ privacy concerns over a myriad of issues that have come to light as a result of the rapid increase in its  use during the COVID pandemic.4 Zoom has already addressed numerous other privacy and security concerns, for example, its sending of unauthorized data to Facebook, hoarding user data, “using a rather novel definition of end-to-end encryption,”5 and routing some calls through mainland China, subjecting them to the laws of that jurisdiction.6

Furthermore, there were issues surrounding Zoom’s cloud recording feature, which allowed any other authorized users to access the recordings if not correctly set up.7 This type of inadequate security also lends itself to unwelcome and offensive guests joining the call, or “Zoombombing.”8 Finally (and most concerning among law students), the infamous attention tracking that notified a host if participants clicked away to look at something else for more than 30 seconds.9 Zoom has since taken measures to address these privacy concerns, by removing the attention-tracking feature on April 2, 2020.10

These numerous privacy issues faced by only one platform have emphasized the inadequacy of The United States’ data privacy laws. While the Constitution establishes a right to privacy, specifically in the Fourth Amendment, that right is far from comprehensive. 11 It only provides protection against government action and not private companies like Zoom. 12 Privacy risks in the United States are instead addressed by their specific industry.13

Specifically, Zoom argued that it is not liable for Zoombombing, and is protected under the broad safe harbor provisions of section 230 of the Communications Decency Act, because it “plays no role whatsoever in developing the offensive conduct, but instead engages in the quintessential type of publisher activity” that’s covered in the act.14

This also has more broad implications for the various laws that protect children’s privacy, specifically FERPA and COPPA, which provides extra privacy protections for child users under the age of thirteen.15 However, there is a big hole in those student privacy laws because they don’t cover non-educational companies, even when those companies are being used in schools unless there’s a particular contract between them and the school.16 Schools remain liable while tech companies are virtually free of all obligations despite marketing to schools.17

Some universities have laid out best practices guides on what type of information should and should not be shared over Zoom.18 If these guides are followed, this could provide a partial stop-gap, although it puts the onus on the user rather than Zoom to improve their actions.19 For example, Fordham urges the community to follow best practices for virtual meeting security and etiquette, 20 and provides a link to Zoom Safety Tips on Zoom’s official blog.21 which is probably why many professors now require passwords to join the session or use the waiting room feature.

While Zoom and its users have made efforts to increase data security, as we become more dependent on online platforms and applications, it is important to be conscious of privacy policies and take measures to protect our data.


  1. See Robert McMillan, Liza Lin & Shan Li, TikTok User Data: What Does the App Collect and Why Are U.S. Authorities Concerned?, Wall St, J. (Jul. 11, 2020, https://www.wsj.com/articles/tiktok-user-data-what-does-the-app-collect-and-why-are-u-s-authorities-concerned-11594157084[https://perma.cc/CE4P-CM6H].

  2. Aparna Bawa, Zoom’s Privacy Policy, Zoom Blog (Mar. 29, 2020), http://blog.zoom.us/zoom-privacy-policy/ [https://perma.cc/HRP8-XV32].

  3. See Rishi Iyengar, Zoom CEO Apologizes For Having ‘Fallen Short’ on Privacy and Security, Cnn(Apr. 2, 2020), http://www.cnn.com/2020/04/02/tech/zoom-ceo-apology-privacy/index.html[https://perma.cc/AQ59-EB8X].

  4. See Jordan Novet, Zoom Has Added More Videoconferencing Users This Year Than in All Of 2019 Thanks to Coronavirus, Bernstein Says, Cnbc(Feb. 26, 2020), http://www.cnbc.com/2020/02/26/zoom-has-added-more-users-so-far-this-year-than-in-2019-bernstein.html[https://perma.cc/387U-S9NL].

  5. Mansoor Iqbal, Zoom Revenue and Usage Statistics (2020), Business of Apps (Jul. 20, 2020), http://www.businessofapps.com/data/zoom-statistics/[https://perma.cc/4YS2-CTTD].

  6. Id.

  7. Michael Goodyear, The Dark Side of Videoconferencing: The Privacy Tribulations of Zoom and the Fragmented State of U.S. Data Privacy Law, 10 Hous. L. Rev. 76, 80 (2020).

  8. See Taylor Lorenz, ‘Zoombombing’: When Video Conferences Go Wrong, N.Y. Times (Mar. 20, 2020), http://www.nytimes.com/2020/03/20/style/zoombombing-zoom-trolling.html[https://perma.cc/UAD7-7ENY].

  9. Jenna Amatulli, Zoom Can Track Who’s Not Paying Attention in Your Video Call. Here’s How., Huffington Post: Work/Life, (Mar. 25, 2020), http://www.huffpost.com/entry/zoom-tracks-not-paying-attention-video-call_l_5e7b96b5c5b6b7d80959ea96[https://perma.cc/SU9W-ZJGP].

  10. Attendee Attention Tracking, Zoom Help Center, https://support.zoom.us/hc/en-us/articles/115000538083-Attendee-attention-tracking (last visited Sept. 19, 2020)[https://perma.cc/PQX5-LETQ].

  11. See Goodyear, supra note 7, at 81.

  12. Id.

  13. Id.

  14. Peter Bloomberg, Zoom Seeks to Toss Privacy Suits over Strangers ‘Bombing’ Chats, BNN Bloomberg: Technology (Sept. 15, 2020), http://www.bnnbloomberg.ca/zoom-seeks-to-toss-privacy-suits-over-intrusions-data-sharing-1.1494281[https://perma.cc/VXU3-P369].

  15. See Molly Wood, With All This New Tech and Remote Schooling, What are the Privacy Implications?, Marketplace Tech (Sept. 14, 2020), http://www.marketplace.org/shows/marketplace-tech/remote-learning-online-classes-technology-data-privacy-students/ [https://perma.cc/3CZ5-UF2W].

  16. Id.

  17. Id.

  18. Goodyear, supra note 7, at 88.

  19. Id.

  20. Fordham IT, https://www.fordham.edu/info/29647/virtual_class_and_meeting_information (last visited Sept. 25, 2020) [https://perma.cc/8GY3-2LJV].

  21. Fordham IT, https://www.fordham.edu/info/25687/standard_software/11484/zoom_online_meeting (follow the link under the heading “Zoom Safety Tips”) (last visited Sept. 25, 2020)[https://perma.cc/JZX8-7SXP].

Catherine Wachtell

Catherine Wachtell is a third-year J.D. candidate at Fordham University School of Law and a staff member of the Intellectual Property, Media & Entertainment Law Journal. She holds a B.A. in English from Georgetown University.