Zoom brings in new privacy measures following EU fine for Meta

Video communications business Zoom announced a handful of new privacy measures on Tuesday in the wake of a record fine for social media giant Meta for transferring European citizens’ data to the United States.

Zoom is to allow paying customers in the European Economic Area (EEA) to keep their data inside the EEA, only sharing it with U.S. teams “in individual cases and exceptional circumstances, such as with Zoom’s Trust & Safety team.”

Limiting the feature to paying customers is likely to prove contentious for Zoom, which was accused of breaking privacy laws in 2021 by Ulrich Kühn, the acting commissioner for data protection in the German city of Hamburg, for sending on-demand user data to the U.S.

Zoom’s video conferencing software surged in popularity during the COVID-19 pandemic, alongside scrutiny into its security practices and its links to China.

The San Jose, California-based company also was criticized for banning the accounts of Chinese dissidents who were using the software to commemorate the massacre in Tiananmen Square.

The software was also prohibited among government officials in Taiwan after the company admitted to routing users’ traffic and encryption keys through servers in China.

The privacy update follows Meta last month being hit with a record €1.2 billion fine (about $1.3 billion) for transferring social media users’ data to the U.S. where the European Union says the data is not adequately protected from the government’s surveillance practices.

The fine was the largest ever issued under the General Data Protection Regulation (GDPR), a landmark piece of legislation establishing privacy standards across the European Union and threatening companies with fines of up to 4% of their global turnover if they failed to comply with it.

The GDPR also introduced the right for individuals to make Data Subject Access Requests, allowing them to request that a company or organization hand over all data which they possess on the individual making the request. Zoom said it has developed a new tool allowing the company “to easily reply to data subject requests for access or deletion of their personal data for Zoom Meetings, Webinars, and Team Chat.”

Alongside these features, Zoom said it will allow users to opt out of marketing communications with a single click and will offer “more visibility into Zoom's data retention and deletion policies,” which are also moves taken in compliance with the GDPR.