Is it legal to record a meeting via Zoom?
In today’s technological era, we have adapted to new digital tools and it is very common for face-to-face meetings to be replaced by videoconferences, which are held via different applications on the market, such as Zoom. It is common for the organisers of these meetings to record the sessions so that the attendees can consult them later or so that there is a record of the attendance of the students in the case of online classes. But what about the data processing involved in making these recordings?
Do I need to ask permission to record a Zoom meeting?
When we record a person we are capturing their voice and their physical appearance, that is, we are capturing their personal data. In this sense, and in accordance with the General Data Protection Regulation (GDPR), personal data refers to all information relating to an identified or identifiable natural person, that is, all data that allows a person to be identified, such as elements of the person’s physical, physiological, genetic, psychological, cultural or social identity. Therefore, yes, permission must be sought before recording a meeting on Zoom or a similar platform.
Requirements to be met
Taking into account the above, if the organiser of a Zoom meeting wants to record the session, it will be necessary to comply, in the first place, with the duty to inform set out in Article 13 of the GDPR.
In this regard, when personal data relating to a data subject are obtained from him or her, the controller, at the time they are obtained, must provide the data subject with information on: (i) the identity and contact details of the controller; (ii) the contact details of the data protection officer, where applicable; (iii) the purposes of the processing of these data; (iv) the legitimate interests of the controller or of a third party; (v) the recipients of the personal data, where applicable; and (vi) the controller’s intention to transfer the data to third countries or organisations.
On the other hand, in order for the processing to be lawful, one of the grounds of legitimacy in Article 6 of the GDPR must be met. Taking this article into account, and with regard to this specific case, it would be most appropriate to obtain the consent of the participants of the session, once they have been informed of the points referred to in the aforementioned Article 13.
Steps to take into account when recording a telematic meeting
Virtual meetings via voice, video or web services are a constant feature of today’s work and teleworking, which has been greatly enhanced by the pandemic. While we are increasingly aware of the need to protect our privacy and security in the online world, with virtual meetings we need to take specific measures.
It is necessary to be careful when recording an online meeting and to comply with data protection regulations. In this sense, recording a zoom session should not be a problem as long as you have the informed consent of the attendees and there has to be recorded evidence that you have been informed and have permission to record or even to publish this information.
In the event that the regulations are not complied with, the act of recording a video call by telematic means could lead to a sanction by the Spanish Data Protection Agency (AEPD), as has recently happened with the Royal Spanish Football Federation, which is facing a fine of 200,000 euros for infringing articles 6 and 13 mentioned above. In this case, the Royal Federation recorded without the consent of the participants two meetings through the Zoom platform and subsequently disseminated audio extracts of these meetings through the media.
On the other hand, the AEPD reminds that neglecting the organisation of virtual meetings and preparing them without taking into account privacy risks can facilitate the practice of disloyal conduct on the part of interlocutors, former colleagues, disgruntled staff or even cybercriminals who may spy on or sabotage them. Among the basic advice that the AEPD considers appropriate, it stipulates that meetings should not be recorded unless necessary and that, if they are, those attending should be properly informed of the purpose of the recording and at what point the recording starts and stops.
In cases where highly sensitive data or information is to be processed, it is advisable to consult with a security professional and, where appropriate, take additional precautions such as, for example, if recordings are made, that they are encrypted using a robust algorithm and strong passwords, and to delete any recordings that may have been stored on the provider.
Letslaw es una firma de abogados internacionales especializada en el derecho de los negocios.
More from my site
Adigital presenta Digital Marketplace, la plataforma B2B para la digitalización de las empresas y la economía española de la que Letslaw by RSM forma parte
Con los datos de menores no se juega: conoce cómo protegerlos
Online age verification of minors
Las ventajas del Consejo de Administración en una Sociedad Limitada
Contrato de distribución exclusiva
El Parlamento Europeo aprueba el Reglamento de Servicios Digitales