Data protection watchdog claims Zoom is incompatible with GDPR

Data protection
(Image credit: Wright Studio / Shutterstock)
Audio player loading…

A data protection watchdog in Germany has warned the Senate Chancellery of Hamburg to avoid using Zoom (opens in new tab) as its video conferencing software (opens in new tab) is now incompatible with the EU's GDPR (opens in new tab).

In a new press release (opens in new tab) from Ulrich Kühn, the acting Hamburg Commissioner for Data Protection and Freedom of Information has warned members of the German government not to use the on-demand version of Zoom as reported (opens in new tab) by The Register.

In his plea to government officials, Kühn refers to the European Court of Justice Schrems II (opens in new tab) decision which prevents businesses in the EU from carrying out data transfers to non-EU businesses. He goes on to claim that using Zoom violates GDPR as the software transmits personal data to the US.

Back in July of last year, the EU Court of Justice struck down the Privacy Shield (opens in new tab) data protection arrangement between the EU and US which has led to a great deal of legal confusion for EU businesses working with companies in the US.

Zoom and GDPR

In a paper (opens in new tab) about data transfers from the EU to the US, Zoom explains that it will sign Standard Contractual Clauses (SCCs (opens in new tab)) with customers in Europe as well as take additional safeguards to protect their data in such a way that it lives up the the standards laid out under GDPR.

While this will likely work for most EU businesses, Kühn made the point that government organizations in Germany already have access to video conferencing systems from Dataport which are fully in compliance with the EU's data protection laws, saying:

“In the FHH, all employees have access to a tried and tested video conference tool that is unproblematic with regard to third-country transmission. As the central service provider, Dataport also provides additional video conference systems in its own data centers. These are used successfully in other countries such as Schleswig-Holstein. It is therefore incomprehensible why the Senate Chancellery insists on an additional and legally highly problematic system."

The fact that Zoom is easy to use and quick to launch could be one of the reasons members of the Senate Chancellery of Hamburg have made it their preferred video conferencing solution despite already have access to Dataport's video conferencing systems.

TechRadar Pro reached out to Zoom regarding the matter and a company spokesperson provided the following statement:

“Zoom is proud to work with the City of Hamburg and many other leading German organizations, businesses and education institutions. The privacy and security of our users are top priorities for Zoom, and we take seriously the trust our users place in us. Zoom is committed to complying with all applicable privacy laws, rules, and regulations in the jurisdictions within which it operates, including the GDPR.”

Via The Register (opens in new tab)

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.