How Zoom delivers privacy commitments in Europe

At Zoom, we aim to be the one platform delivering limitless human connection. We are stewards of our customers, whether they are Fortune 500 companies, educational institutions, small businesses, or a group of friends. We are constantly working to improve our platform to earn the trust of our users. This is especially important in Europe, where data protection standards and policies are among the most robust worldwide.

To tackle these challenges, we collaborate with renowned EEA experts. They provide us with important external perspectives and challenge us to create the best possible platform for our customers.

By working with partners across Europe and around the world, we learn to see data protection issues from different perspectives, which helps us gain a broader understanding of them. This willingness to learn and improve, together with our commitment to Europe, helps us problem-solve to deliver better solutions for our customers. For example, the European Patent Office utilizes Zoom Meetings to digitize its processes, to work with distributed experts on patent applications, and to enable a digital courtroom. The same is true for Oracle Red Bull Racing. They leverage Zoom Events to connect with fans and Zoom Team Chat for fast and secure messaging. 

We’re also proud of our strong partnership with SURF, the collaborative organization for IT in education and research in the Netherlands. Since 2022, we have worked together with SURF to carry out a detailed Data Protection Impact Assessment (DPIA). This assessment analyzes an organization’s processing of personal data, identifies the risks associated with that processing, and provides recommendations to mitigate those risks. SURF assessed Zoom’s current capabilities and provided recommendations in the DPIA aimed at strengthening the privacy of European citizens. Partnering with SURF helped us to understand various privacy challenges, and we have made great strides to overcome these. 

“The University of Amsterdam has high privacy and security requirements. This naturally also applies to the deployment of Zoom within our institution. On the basis of the DPIA carried out, SURF held constructive discussions with Zoom on behalf of the affiliated institutions about the findings from this analysis. Zoom has taken this seriously and it is good to see that the risks have now been sufficiently mitigated by Zoom through continuous security updates.”

Lex Welman: Deputy Director ICT Services at the University of Amsterdam

Our efforts didn’t stop with the DPIA, however. In recent months, we have earned several new certifications and attestations from government agencies and other official institutions, further demonstrating Zoom’s commitment to European legislation and rules: 

• Italy, ACN: The cloud strategy in the Cloud Catalog outlines the strategy for a qualification path to comply with high standards of security, efficiency, and reliability, in accordance with the corresponding provisions. We are proud to meet the security, efficiency, and reliability requirements for cloud service providers set by the Italian government.
• Germany, BSI C5: C5 is a government-backed attestation framework, which was introduced in Germany by the Federal Office for Information Security (BSI) — an organization that we previously worked with on our Common Criteria certification. Zoom’s C5 attestation demonstrates our commitment to providing security assurance and transparency to our German customers.
• Spain, ENS High: This certification establishes security standards that apply to Spain’s government agencies, public organizations, and service providers, containing a uniform set of requirements for the sector, promoting continuous security management, and offering a reference for effective security posture in the modern day. The ENS High certification allows Zoom to provide services to Spanish public sector organizations satisfying specific security and information protection requirements. 

These are just the most recent additions to our certifications and attestations. Visit our Trust Center to see the full list.

Our commitment to privacy is an ongoing priority at Zoom, and we’re always looking for ways to improve. We are happy to announce a new major milestone: Paid customers based in the European Economic Area (EEA) will be able to select certain data for Meetings, Webinars, and Team Chat to be stored within the EEA going forward. This feature includes a dedicated support team, so even support requests stay within the EEA’s borders. This data will only be shared with US teams in individual cases and exceptional circumstances, such as with Zoom’s Trust & Safety team. 

We also recently announced the following additional features for our customers, giving them more insight and control over their data: 

• Data Subject Access Requests: Zoom has developed a new tool for administrators to easily reply to data subject requests for access or deletion of their personal data for Zoom Meetings, Webinars, and Team Chat. This tool facilitates compliance with GDPR and CCPA requests.
• Marketing Preference Center: With a single click, users can opt in or out of all marketing communications and newsletters from Zoom.
• Audit Log Tracking: Administrator audit logs record the specific actions that administrators take on behalf of their users. Now, account owners and administrators have the ability to track when logs are exported or deleted.
• Data Retention: Users now have more visibility into Zoom's data retention and deletion policies, as well as the standards and actions the company is taking to align with its policies. 

The tools for data subject access requests and data deletion are available in the Zoom web portal, under “Privacy.” The Marketing Preference Center can also be accessed through the “Manage Preferences” link within Zoom marketing emails, and European technical support is available at https://eu.support.zoom.us. For EEA-based paid customers, Zoom has also begun rolling out the ability to enable EEA-based data storage in the Zoom Privacy Center. Zoom’s data retention and deletion policies can be found in the company’s Privacy Data Sheet.

We have a strong commitment to Europe and respect the customer and regulatory expectations related to data privacy. Working with our partners, we continue to refine, adapt, and expand our strategy and platform to deliver for our customers in Europe and around the world. We plan to announce more news and initiatives in the near future and look forward to keeping you updated.