During the past eighteen months, a consortium of six data protection and privacy authorities reviewed the security and privacy practices of the major video teleconferencing (VTC) platforms — Cisco, Google, Microsoft and Zoom.
The consortium included cybersecurity representatives from across the globe:
- Office of the Australian Information Commissioner (Australia)
- Office of the Privacy Commissioner (Canada)
- Gibraltar Regulatory Authority (Gibraltar)
- Office of the Privacy Commissioner for Personal Data (Hong Kong)
- Federal Data Protection and Information Commissioner (Switzerland)
- Information Commissioner’s Office (United Kingdom)
These discussions began with an open letter issued in July 2020, continued with direct engagement between the consortium and VTC companies, and culminated in a set of joint observations issued by the international group in October 2021. The observations consist of learnings from the engagement process as well as a set of recommendations around three core issues — encryption, secondary use of data and data centers.