Colombian watchdog to probe Zoom’s data privacy

The Colombian data protection regulator is looking into Zoom’s privacy and security practices after the number of people using the video-conferencing app has soared. 

The Superintendency of Industry and Commerce said on 24 April that it will carry out an investigation into video-conferencing company Zoom after “questions have been raised about security and privacy aspects of the technology platform”.

The authority said it will be looking into whether Zoom complies with Colombian regulations regarding security and restricted access to confidential information. 

“Additionally, the [regulator] seeks to establish whether said company has implemented the principle of demonstrated responsibility in the treatment of the data of citizens who use its services,” it said.

The regulator said the decision to launch an investigation comes as the covid-19 pandemic has caused a surge in the number of users of the platform.

The regulator also cited a comment by prominent digital security expert Bruce Schneier who claimed that “Zoom’s problems fall into three broad categories: bad privacy practices, bad security practice, and bad user settings”.

Danilo Romero, a partner at Holland & Knight in Bogota, said that the investigation comes as no surprise. “The Colombian authority has been strengthening its supervision of matters relating to the processing of personal data. In the last year, it has been appreciated that it is being stricter with privacy issues,” he said.

Romero also noted that if the regulator finds that Zoom does not comply with Colombian privacy law, it may impose a number of penalties on the company. “In the event of failure to comply with the orders given, the authority may impose fines of up to 2,000 minimum monthly wages or may order the temporary or permanent foreclosure of the company,” he said. 

Zoom told GDR that it “takes user security extremely seriously. A large number of global institutions ranging from the world’s largest financial services companies and telecommunications providers, to non-governmental organizations and government agencies, including across LATAM, have done exhaustive security reviews of our user, network and datacenter layers and continue to use Zoom for most or all of their unified communications needs.

"Zoom is in communication with governments around the world and is focused on providing the information they need to make informed decisions about their policies," it said.

Zoom has come under the spotlight recently after the company was hit with a securities lawsuit in early April for allegedly misleading investors about its cybersecurity and was later slapped with a class-action lawsuit over allegations that analytics data from the app was being given to Facebook. 

Unlock unlimited access to all Global Data Review content