Zoom and General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) begins to apply on 25 May 2018 and replaces the Swedish Personal Data Act (PuL).
The overall objective is to ensure and strengthen the individual’s right to his or her private life through the protection of personal data. This means that the individual, when KTH in any way processes his or her personal data, has the right to insight into how and why the information was processed and can upon request have that information transferred to a different external party (companies, authorities, etc.).
GDPR entails a tightening of the rules in PuL, but also sets some new requirements.
What is personal data?
Personal data is information which can be attributed, directly or indirectly, to a physical person such as his/her name, social security number, postal and e-mail addresses, video and audio data. Personal data also includes encrypted or encoded data that can be clearly linked to a certain person.
Processing of personal data at KTH
Personal information: Personal information about users of NORDUnet's Zoom service is processed within the EU in accordance with the applicable data processing agreement. This applies to personal information necessary for using the service, such as first name, last name, e-mail address, role, etc. Typically, as released by the home institution, using the national identity federation, through SAML attributes. No credit card details, telephone numbers or other similar information is stored in the Zoom instance provided by NORDUnet
NORDUnet Zoom: GDPR and Privacy Facts
Utdrag ifrån SUNET:s tjänstebeskrivning
The SUNET e-meeting service is based on the product zoom which can be used as a standalone application on a computer, smartphone or tablet or directly in a web browser [1]
The On-Premise solution provides “Corp” accounts which ensures meeting traffic (Audio, Video, Desktop sharing) stays within the NORDUnet installation. We also provide optional Meeting and Chat encryption for all On-Premise subaccounts.
NORDUnet creates a virtual zoom instance for SUNET-customer with their own so-called meeting connector. The customer configures and administers the instance themselves. The most common is that the customer links the authentication to their own identity management in SUNET, SWAMID . The customer can request their own domain address (vanity url) in the administration interface and choose to integrate zoom with other systems such as. learning platform
KTH: users of zoom asks some questions about security in Zoom. Answers to most of these questions are compiled at Nordunets hompage: NORDUnets FAQ .