Are video conferencing platforms GDPR compliant?

Date: 19.05.2020

Under the GDPR, any host of a video conference (i.e. the organiser of the video conference) is highly likely to be considered as a “data controller”. This means that the organiser of the conference (i.e. the Tribunal) will have to consider how the data should be processed so that no data protection laws will be breached. On the other hand, the video conferencing provider/platform will be considered as “data processor” under the GDPR. This menas that the video conferencing providers must also take into account and adhere to the parameters of GDPR if any of the participants are domiciled in the European Union (“EU”) or when the provider is established in the EU.

With the surge in popularity as people turn to video conferencing platforms, this begs the question of whether these major conferencing software platforms such as Zoom, Webex, Teams etc are GDPR compliant. This is beyond the scope of this article but it is noteworhty that recent security deficiencies of some of the major video conferencing platforms have made headlines, casting certain doubts on their adherence to the data protection laws. The reality is that the majority of the video conference softwares in the market nowadays do not seem to conform to ISO 27001 information security standards yet. As such, it remains to be seen how the data protection issues would be tackled by the providers.