On 22 July 2020, data protection authorities from Australia, Canada, Gibraltar, Hong Kong, Switzerland and United Kingdom (together the Authorities), issued an open letter (Letter) on global privacy expectations of video teleconferencing companies (VTC companies).
Why there is such a Letter?
As a result of the COVID-19 pandemic, the Authorities have witnessed an increasing use of VTC tools, both in social and business contexts. In the Letter, the Authorities provided VTC companies principles to help them identify and address some of the privacy concerns, which were reported in the media as well as made directly to them.
The Authorities were brought together through the Global Privacy Assembly (GPA)’s International Enforcement Cooperation Working Group (IECWG) to issue this Letter to all VTC companies around the world. The Letter has also been sent directly to Microsoft, Cisco, Zoom, House Party and Google.
What does the Letter say?
The Letter sets out principles for VTC companies to address some of the key privacy risks in designing and delivering their services. We summarise the principles as below:
VTC companies are invited to respond to the Letter by 30 September 2020, to demonstrate how they are taking the above principles into account in the design and delivery of their services.
What else can VTC companies refer to?
Back in May 2019, the Privacy Commissioner for Personal Data of Hong Kong and Singapore’s Personal Data Protection Commission have released a jointly-developed Guide to Data Protection by Design (DPbD) for ICT Systems (Guide).
The Guide sets out DPbD principles to be applied to all phases of software development as well as existing information and communications technology (ICT) systems. It also recommends good data protection practices for ICT systems in detail, from creating online forms and testing to exporting data and retention of personal data in the system.
Concern for data privacy is growing as online communication tools are being used heavily as means of staying connected during COVID-19 lockdowns and border closures. While it is uncertain how long the current situation will last, the user base of VTC platforms will undoubtedly continue to expand, and data privacy will be an issue we must address adequately and promptly. VTC companies play a critical role in the development of new trends of communication, and should pay attention to their social, in some cases, legal responsibilities in data protection. Users of VTC platforms, whether businesses or individuals, should also be aware of their rights and obligations in dealing with their own and others’ personal information on the platforms.
 The Letter can be downloaded here: https://www.pcpd.org.hk/english/media/media_statements/files/VTC_Open_Letter_upload_updated.pdf.
 The Guide can be downloaded here: https://www.pcpd.org.hk//english/resources_centre/publications/files/Guide_to_DPbD4ICTSystems_May2019.pdf.