One implication is that lawyers can no longer use Zoom for anything which is attorney-client privileged.
They claim they can’t read anything passing through the server. Is there some other way they’ll get access?
https://support.zoom.us/hc/en-us/articles/360048660871-End-t....
What you and what you say need to be consistent to preserve user trust and then being inconsistent shows mismanagement by senior leadership or even potentially intent to deceive or spin the situation while still implementing the policy. It’s the PR classic do one thing say another.
Edit: Oh, and then this hits almost at the same time…
https://www.sfgate.com/tech/article/zoom-return-to-office-an...
I agree with this sentiment and it feels like a heuristic at this point.
I think it comes from a decade of watching when corporate officers get caught red handed then try and denial of service the bad press with their jingoistic pablum.
> We will not use ... protected health information, to train our artificial intelligence models without your consent.
> We routinely enter into ... legally required business associate agreements (BAA) with our healthcare customers. Our practices and handling of ... protected healthcare data are controlled by these separate terms and applicable laws.
To my understanding there is nothing in the separate terms (BAA) or applicable laws (HIPAA) that actually guarantees this.
I don't want to assume malice but if in good faith I would have expected an updated BAA with an explicit declaration regarding data access and disclosure in a legally-binding fashion rather than a promissory blogpost vaguely referencing laws that don't themselves inherently restrict the use of PHI for training by Zoom.
It would really only require a single term.
> Notwithstanding the above, Zoom will not use audio, video or chat Customer Content to train our artificial intelligence models without your consent.
The BAA still states: Zoom shall not Use and/or Disclose the Protected Health Information except as otherwise limited in this Agreement ... for the proper management and administration of Zoom ... Zoom will only use the minimum necessary Protected Health information necessary for the proper management and administration of Zoom’s business specific purposes
As discussed in my comments on yesterday's post "proper management and administration" is vague language copied from HHS and can be construed as improving products as described in a legal analysis I quoted. I would also hazard a guess that a provider signing this agreement could be construed to have implied consent.
Nevertheless, it would not be hard to explicitly state that this does not include training models in the only truly legally binding agreement at play. An explicit declaration was also recommended in said legal analysis.
This should work: https://web.archive.org/web/20230808072418/https://explore.z...
they also got caught being malicious and/or dumb in the past (https://www.businessinsider.com/china-zoom-data-2020-4) so there's no reason to bother with them now.
Until the TOS clearly says otherwise, as far as I can see, the TOS at least implies this:
1. We will not use your data to train AI without your consent.
2. By accepting these TOS, you give your consent to everything in this long list (which includes training AI).
However, many companies reckon they'll get away with it, the enforcement is not universal and rapid, and I don't trust Zoom as far as I can throw it on this particular score.
> You agree to grant and hereby grant Zoom a perpetual, worldwide, non-exclusive, … [rest already quoted several times in the thread]
so that promise to not do it without consent is meaningless as they have consent from anyone who has agreed to the ToS which anyone using the service/product has done.
Well I might just take that heuristic and do some basic sentiment analysis to rank companies on their doublespeak.