Zoom drastically improved the security of Zoom for Education and Enterprise in Europe.

In 2021, SURF — a Dutch cooperative of more than 100 educational and research institutions — conducted a Data Protection Impact Assessment (DPIA) of Zoom. A DPIA identifies the privacy risks of a solution. SURF wanted to inform its members on Zoom’s security. The DPIA resulted in negative advice.

Zoom failed to transparently communicate about data processing. The organization collected too much data, and stored data for far too long.

Following the DPIA, Zoom worked with SURF to resolve the risks. Today, SURF announced that Zoom managed to address all concerns uncovered by the initial DPIA.

‘Zoom can be used safely’

Though some risks remain unpatched, Zoom made a promise for each vacant issue.

The organization will process all personal data of European Enterprise and Education customers within the European Union by the end of 2022. A new Privacy Data Sheet provides full transparency on data processing. Zoom is also introducing training programs to ensure that its employees protect the privacy of European customers when providing support.

“We believe Zoom can be used safely”, SURF concluded after the most recent DPIA.