Zoom trains AI on personal data it stores forever – 8/7/2023 – Tech

This Monday’s update to Zoom’s terms of use (7) provides that the company has the right to train machine learning and artificial intelligence models with user information. Authorization refers to “customer content”, which includes email, meeting dates and participants, and voice and image data of video conference participants. The contract also does not make clear the option for the user to refuse the storage of data.

In a note, the company states that the excerpt refers only to those who choose to use artificial intelligence resources available in the videoconferencing program, such as the virtual assistant Zoom IQ.

“Zoom participants decide whether to use generative AI tools and, separately, whether to allow data sharing for the purpose of improving the service.”

This limitation, however, is not explicit in the terms and conditions of the platform or in the privacy policy. Questioned, Zoom said it has updated policies to make it clear that it will not use personal data without consent. The update, for now, only appears on the English page.

In the agreement, Zoom also grants you a “perpetual, worldwide, non-exclusive, royalty-free, sublicensable, transferable license and all other rights required or necessary to redistribute, publish, import, access, use, store, transmit, review , disclose, preserve, extract, modify, reproduce, share, use, display, copy, distribute, translate, transcribe, create derivative works and process customer content.

According to the founding director of Data Privacy Brasil and law professor at ESPM, Bruno Bioni, the perpetual transfer of data violates the LGPD (General Data Protection Law) and the Consumer Protection Code. “In addition to not having [no contrato] an opt-out option, this leaves the customer without a mechanism to go back and revoke their consent.”

To avoid unnecessary data sharing, Zoom customers must be aware of the permissions they grant to access platform resources. Before accepting the privacy terms, it is recommended that the person check which data is requested for which treatments.

Zoom also defines that all rights related to data generated in the use of the videoconferencing program belong to the company. Bioni says that a large portion of this information is generated from data customer personal. “In this first stage of data processing there must be the incidence of personal data protection laws.”

In addition to the so-called telemetry data (mouse and keyboard movement), the excerpt includes program usage information and problem diagnoses. The company still fails to disclose the purpose of the AI ​​tools it works on.

Zoom says it uses this information to provide and improve services, develop products, machine learning and artificial intelligence models, marketing, analytics and quality assurance.

In May, the videoconferencing platform launched the Zoom IQ virtual assistant, capable of taking minutes of meetings and making suggestions for agendas and forwarding emails. The tool was developed in partnership with the creator of ChatGPT, OpenAi, and Anthropic .

PRIVACY PROBLEMS IN THE PANDEMIC

A series of videoconferencing hacks by teenagers with basic computer skills exposed Zoom’s difficulties in ensuring its customers’ privacy at the start of the Covid-19 pandemic, in the early months of 2020. The episodes became known as “zoombombing.”

Young people entered classes at schools in São Paulo, meetings of Brazilian scientists about the coronavirus and informal meetings, which generated distrust among users.

The company had to provide one kind of recall after another due to its exponential growth in the pandemic. The fame has put her in the crosshairs of trolls and security researchers.

In early 2020, the company was accused of passing data to Facebook and weak encryption. Fixed both issues, after the reports became public.

The company’s position is praised by the information security community, which highlights the speed with which it resolved problems amid the great demand provided by the pandemic. “I’ve never seen the need to climb a structure so quickly,” he told the report by Sheet, 2020, Ricardo Gajardoni, chief operating officer at NetSecurity.