logo

Is it legal to record a meeting via Zoom?

LetsLaw / Digital Law  / Is it legal to record a meeting via Zoom?
grabar reunion zoom

Is it legal to record a meeting via Zoom?

In today’s technological era, we have adapted to new digital tools and it is very common for face-to-face meetings to be replaced by videoconferences, which are held via different applications on the market, such as Zoom. It is common for the organisers of these meetings to record the sessions so that the attendees can consult them later or so that there is a record of the attendance of the students in the case of online classes. But what about the data processing involved in making these recordings?

Do I need to ask permission to record a Zoom meeting?

When we record a person we are capturing their voice and their physical appearance, that is, we are capturing their personal data. In this sense, and in accordance with the General Data Protection Regulation (GDPR), personal data refers to all information relating to an identified or identifiable natural person, that is, all data that allows a person to be identified, such as elements of the person’s physical, physiological, genetic, psychological, cultural or social identity. Therefore, yes, permission must be sought before recording a meeting on Zoom or a similar platform.

Requirements to be met

Taking into account the above, if the organiser of a Zoom meeting wants to record the session, it will be necessary to comply, in the first place, with the duty to inform set out in Article 13 of the GDPR.

In this regard, when personal data relating to a data subject are obtained from him or her, the controller, at the time they are obtained, must provide the data subject with information on: (i) the identity and contact details of the controller; (ii) the contact details of the data protection officer, where applicable; (iii) the purposes of the processing of these data; (iv) the legitimate interests of the controller or of a third party; (v) the recipients of the personal data, where applicable; and (vi) the controller’s intention to transfer the data to third countries or organisations.

On the other hand, in order for the processing to be lawful, one of the grounds of legitimacy in Article 6 of the GDPR must be met. Taking this article into account, and with regard to this specific case, it would be most appropriate to obtain the consent of the participants of the session, once they have been informed of the points referred to in the aforementioned Article 13.

Steps to take into account when recording a telematic meeting

Virtual meetings via voice, video or web services are a constant feature of today’s work and teleworking, which has been greatly enhanced by the pandemic. While we are increasingly aware of the need to protect our privacy and security in the online world, with virtual meetings we need to take specific measures.

It is necessary to be careful when recording an online meeting and to comply with data protection regulations. In this sense, recording a zoom session should not be a problem as long as you have the informed consent of the attendees and there has to be recorded evidence that you have been informed and have permission to record or even to publish this information.

In the event that the regulations are not complied with, the act of recording a video call by telematic means could lead to a sanction by the Spanish Data Protection Agency (AEPD), as has recently happened with the Royal Spanish Football Federation, which is facing a fine of 200,000 euros for infringing articles 6 and 13 mentioned above. In this case, the Royal Federation recorded without the consent of the participants two meetings through the Zoom platform and subsequently disseminated audio extracts of these meetings through the media.

On the other hand, the AEPD reminds that neglecting the organisation of virtual meetings and preparing them without taking into account privacy risks can facilitate the practice of disloyal conduct on the part of interlocutors, former colleagues, disgruntled staff or even cybercriminals who may spy on or sabotage them. Among the basic advice that the AEPD considers appropriate, it stipulates that meetings should not be recorded unless necessary and that, if they are, those attending should be properly informed of the purpose of the recording and at what point the recording starts and stops.

In cases where highly sensitive data or information is to be processed, it is advisable to consult with a security professional and, where appropriate, take additional precautions such as, for example, if recordings are made, that they are encrypted using a robust algorithm and strong passwords, and to delete any recordings that may have been stored on the provider.

Contact Us

    By clicking on "Send" you accept our Privacy Policy - + Info

    I agree to receive outlined commercial communications from LETSLAW, S.L. in accordance with the provisions of our Privacy Policy - + Info