The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Open letter

On 21 July 2020 the Information Commissioner’s Office (ICO) and five other data protection and privacy regulators from around the world jointly signed an open letter to companies providing video teleconferencing services.

The letter recognised the value of video teleconferencing in keeping people connected, but set out concerns about whether privacy safeguards are keeping pace with increased risks from the sharp uptake of these services during the current pandemic. The joint signatories provided video teleconferencing companies with principles to guide them in addressing some key privacy risks.

The joint signatories sent the letter directly to Microsoft, Cisco, Zoom, Houseparty and Google. These companies were invited to respond and demonstrate how they take the principles into account in the development and operation of their video teleconferencing offerings.

Responses

Microsoft, Cisco, Zoom and Google replied to the open letter. The joint signatories thank these companies for engaging on this important matter and for acknowledging and responding to the concerns raised. In their responses the companies highlighted various privacy and security best practices, measures, and tools that they advise are implemented or built-in to their video teleconferencing services.

The information provided by these companies is encouraging. It is a constructive foundation for further discussion on elements of the responses that the joint signatories feel would benefit from more clarity and additional supporting information.

The joint signatories have not received a response to the open letter from Houseparty. They strongly encourage Houseparty to engage with them and respond to the open letter to address the concerns raised.

Next steps

Moving forward, the joint signatories will undertake further engagement with these companies. They will invite more detail on the privacy and security safeguards built-in to the video teleconferencing services, and give the companies the opportunity to demonstrate how they achieve, monitor, and validate the measures set out in their responses.

Following this engagement, the joint signatories will issue a more substantive public statement on their findings, learnings, and outcomes from this activity in 2021.