Uninett Zoom: Fakta om GDPR og personvern 

Uninett  Zoom: Facts concerning GDPR og privacy

Video conferencing and online teaching by means of  Zoom has increased dramatically due to the Covid-19 pandemic. Many are concerned with GDPR and privacy implications of using this service, and at Uninett we receive many questions. We emphasize that our framework agreement with Zoom provided by Uninett complies fully with GDPR and Norwegian privacy laws and regulations.

The following facts apply to Zoom provided by Uninett:

  • Norwegian universities and university colleges that use Zoom, are provided the service by Uninett 
     
  • Zoom provided by Uninett complies with GDPR and Norwegian privcacy laws and regulations.
     
  • Zoom in the U.S. provides a so-called public service. Zoom provided by Uninett is not part of this service, but is a private, limited service regulated through a Nordic framework agreement.
     
  • Data from Zoom users is not stored at Zoom in the U.S. We use dedicated servers in Copenhagen and Stockholm.
     
  • All organizations using Zoom provided by Uninett  choose how their users should log on. Most use the federated log-on solution Feide, which is also provided by Uninett .
     
  • Private information about users of  Zoom provided by Uninett  is handled within the EU, in compliance with current data processing agreements. This applies to information necessary for use of the service, such as first name, last name, email address, phone number, position/role etc.
     
  • No credit card information is stored by Zoom provided by Uninett  (See above for private information)
     
  • All organizations using Zoom provided by Uninett have one or more local administrators.
     
  • Zoom provided by Uninett  does not enable the option of recording sessions for storage with Zoom USA (cloud recording). Local Zoom administrators have deactivated this feature for their users.
     
  • Zoom provided by Uninett does enable so-called local recording. If you record a meeting, attendees are notified of this with a symbol in the browser/application window, and in the list of participants. The local administrator can configure Zoom so that all meeting participants must agree before a meeting can be recorded. The local administrator can also control whether or not other participants are able to make recordings.
     
  • A risk assessment has been carried out for Zoom provided by Uninett. Our customers can also have risk assessments carried out locally. Contact us at contact@uninett.no.
     
  • Zoom has a range of features intended to create safe meetings. Meeting hosts can for example require passwords. They can also lock meetings, so that only those invited are able to participate (furthermore, administrators cannot participate without being invited). All sound and video is encrypted. No one can use meeting rooms created by other users without their permission.
     
  • Zoom has a function called ‘attention tracking’ (normally deactivated). This function notifies the meeting host about whether or not participants keep the Zoom window active when screen-sharing. The meeting host receives no other information from participants’ computers.
     
  • As with other IT services, local Zoom administrators have greater access and insights than normal users. This is necessary in order to ensure sufficient quality of the service, and to assist users.

 

Contact

If you have questions, please contact us on contact@uninett.no.