GRA and other Data Protection Authorities provide update on expectations of Video Teleconferencing Companies

Open letter 

On 21 July 2020 the Gibraltar Regulatory Authority, as the Information Commissioner, and five other data protection and privacy regulators from around the world jointly  signed an open letter to companies providing video teleconferencing services. 

The letter recognised the value of video teleconferencing in keeping people connected,  but set out concerns about whether privacy safeguards are keeping pace with  increased risks from the sharp uptake of these services during the current pandemic.  The joint signatories provided video teleconferencing companies with principles to  guide them in addressing some key privacy risks. 

The joint signatories sent the letter directly to Microsoft, Cisco, Zoom, House Party and  Google. These companies were invited to respond and demonstrate how they take the  principles into account in the development and operation of their video  teleconferencing offerings. 

Responses 

Microsoft, Cisco, Zoom and Google replied to the open letter. The joint signatories  thank these companies for engaging on this important matter and for acknowledging  and responding to the concerns raised. In their responses the companies highlighted  various privacy and security best practices, measures, and tools that they advise are  implemented or built-in to their video teleconferencing services. 

The information provided by these companies is encouraging. It is a constructive  foundation for further discussion on elements of the responses that the joint  signatories feel would benefit from more clarity and additional supporting information. 

The joint signatories have not received a response to the open letter from House Party.  They strongly encourage House Party to engage with them and respond to the open  letter to address the concerns raised. 

Next steps 

Moving forward, the joint signatories will undertake further engagement with these  companies. They will invite more detail on the privacy and security safeguards built-in  to the video teleconferencing services, and give the companies the opportunity to  demonstrate how they achieve, monitor, and validate the measures set out in their  responses. 

Following this engagement, the joint signatories will issue a more substantive public  statement on their findings, learnings, and outcomes from this activity later this year. 

For further information, please contact the Gibraltar Regulatory Authority on +350 200  74636 or email: privacy@gra.gi.