The dispute between the Berlin data protection officer Maja Smoltczyk and Microsoft over video conference solutions of the group goes into the next round.
The agency again issued a warning against “common products from Microsoft, Skype Communications and Zoom Video Communications”. Microsoft had written a letter complaining about a similar warning on the Berlin data protection website and asked for a clarifying discussion. As a result, Smoltczyk initially removed the allegations from the website.
The data protection authority said that the review of the documents did not result in any changes in the content of the recommendations. «Only a few minor details were added to the texts. In the old version of the controversial document on the use of video conferencing services in the Corona crisis, it said: “We would like to point out that some widely used providers do not meet the listed conditions, including Microsoft, Skype Communications and Zoom Video Communications”. In the new document, the verdict on the US providers is now as follows: “We would like to point out that at the time of going to press (May 22, 2020) some widely used providers do not meet all the legal requirements, including common products from Microsoft, Skype Communications and Zoom Video Communications. »
At Zoom, the document indirectly shows what the data protectionists are interfering with. They point out that if the international data protection agreement “Privacy Shield” is used, the certification must also extend to personal data. Such an HR certificate is missing from Zoom.
The document does not explain in detail why the Microsoft services Teams and Skype do not meet the requirements. However, the authority announces “shortly to provide a more detailed overview with more detailed information on various current providers of video conferencing services”.
Microsoft had previously dismissed concerns. The video conferences and telephony via Microsoft Teams and Skype for Business Online are always encrypted during transmission and are operated and secured according to the current state of the art. Both services could “be used for sensitive conversations and content without restriction”. The contractual agreements required under data protection law have also been concluded.