Since COVID-19 disrupted the lives of almost everyone across the globe, people have flocked to video conferencing and Voice over Internet Protocol (VoIP) platforms such as Zoom, for both work and play. How these platform providers operate, and what they do with our data, affects our rights online. Presently, when it comes to information regarding users’ data and privacy, many companies operate behind closed doors. We call on these companies to release transparency reports or to improve current reporting, and communicate openly with their users about how their policies affect our rights online and the steps they are taking to minimize interference. Access Now’s Transparency Reporting Index will be updated in July 2020, and this is an open call to technology companies to contribute.
We invite video and voice call providers to join us in a conversation on the steps they are taking to protect our rights at RightsCon Online, which will take place July 27 — 31, 2020.
Below is our open call.
In recent months, the world has moved online in unexpected ways: our social interactions, work, school, and essential services are now carried out through video conferencing and Voice over Internet Protocol (VoIP) platforms. We are calling on you, as the providers of the tools we increasingly rely on to maintain our daily lives, to be transparent about how your policies affect our rights online and the steps you take to minimize any interference.
Access Now is a global civil society organization committed to defending and extending the human rights of users at risk. Since 2014, Access Now has publicly issued and updated the Transparency Reporting Index, which compiles and promotes transparency reports from technology companies around the world. Regular transparency reporting is an effective way for technology companies to disclose threats to user privacy and free expression. Such reports educate the public about company policies and safeguards against government abuses, and contribute to an understanding of the scope and scale of online surveillance, network disruptions, content removal, and a host of other practices that affect our fundamental rights. In 2010, Google released the first transparency report, and since then the practice has proliferated, increasing to 70 companies to date.
The midst of a public health crisis is the time for more transparency, especially from video conferencing platforms. As your user and subscriber bases have exponentially increased over a very short period of time, your platforms have drawn attention from third parties, including law enforcement and malicious hackers, seeking people’s personal data, and to cause disruptions. Getting your own house in order helps companies to confront the increasing threats to your customers’ data — and your own interests.
To the companies already engaging in transparency reporting as a business practice: We commend you for reporting over the years, and the overview you have provided of your policies for enforcing your terms of service and responding to government requests across business operations. However, we are calling on you for granular reporting that discloses your specific policies regarding the video conferencing and VoIP tools you provide. This data would provide a clearer picture of the steps you take to protect your users’ rights in a time when they most rely on your services.
To the video conferencing and VoIP platforms who have not taken the step towards transparency reporting: Disclosing convoluted or vague privacy policies is not enough — it is imperative for you to implement and disclose strong protections for user information in order to keep your customers safe. Moreover, streamlined internal reporting improves your firm’s governance, giving compliance and security teams better insight into operations. It can also reflect well on your firm’s values and increase your rankings in investor surveys. After pressure from Access Now and the wider community, Zoom has committed to releasing a transparency report. We urge you to do the same.
We are asking companies to regularly disclose the following related to video conferencing and VoIP services:
- The number of government requests for user data you receive by country, with compliance rates, and your procedures for responding to these requests;
- The circumstances under which you provide user information to government authorities;
- Statistics on enforcement of your terms on content governance, including moderation and curation of content, and on account activity, by country, as well as the methods and standards used to enforce terms;
- Policies on notice to potentially affected users when their information has been requested or provided to government authorities, or exposed by breach, misuse, or abuse; and
- Policies and practices affecting the security of data in transit and at rest, including on multi-factor authentication, encryption, and retention.
We will update our Transparency Reporting Index in July 2020 and hope to include you among the companies that have taken this step to protect their users’ rights. We also invite you to join us in continuing this conversation at RightsCon Online, which will take place July 27 — 31, 2020.
U.S. Policy Analyst