As tens of millions of people turn to videoconferencing to stay connected during the coronavirus pandemic, some applications pose security risks and create legal loopholes, the Turkish data privacy authority has warned.
“It has been observed that on the distance education platforms personal information including names and surnames of the students and some private personal data, such as voice and image samples that can be regarded as biometric data, are being processed,” said a statement by the Personal Data Protection Authority (KVKK).
“Most of the softwares used for distance learning are serving through cloud service providers and the data centers of these softwares are usually based abroad,” it added.
Data transfer to a foreign country can breach the Protection of Personal Data Law, said the KVKK. urging the users to read the Personal Data Security Guide carefully and the authority board’s decision on the responsibilities data controllers dated Jan. 31, 2018, before using those applications.
In a separate announcement on March 24, the KVKK said: “By taking into account that the different operational implementations [remote working, shift working etc.] are used with respect to the measures taken by data controllers, for each complaint or data breach notification, it is announced to the public respectfully that the Personal Data Protection Board will pay regard to the extraordinary conditions that we are in.”
The Personal Data Protection Authority was established under the Protection of Personal Data Law in 2016. Defined as a public legal entity with administrative and financial autonomy, it is composed of the Personal Data Protection Board and the Presidency.
Recently, the Education Ministry issued a warning to the provincial directorates not to use any video conferencing application for remote educational activities and advised them to opt for the ministry’s official Educational Informatics Network only.
Zoom, the video conferencing provider, has seen its stock soar to new highs in recent weeks. Its shares have nearly quadrupled compared to their IPO price just 11 months ago.
The use of Zoom has soared after political parties, corporate offices, schools, organizations and millions across the world started working from home after lockdowns were enforced to slow the spread of the coronavirus.
However, the huge influx of users on its platform has raised concerns ranging from its lack of end-to-end encryption of meeting sessions, routing of traffic through China and “zoombombing,” when uninvited guests crash meetings.
To address those concerns, the company has hired former Facebook security chief Alex Stamos as an adviser and formed an advisory board to look into its privacy and safety practices.
The U.S. Senate has told its members to not use Zoom’s video conferencing app due to data security concerns, the Financial Times reported on April 9, adding that the Senate had stopped short of officially banning Zoom Video Communications Inc’s service.
On April 8, Alphabet Inc’s Google banned the desktop version of Zoom from its corporate laptops.
Taiwan and Germany had already put restrictions on Zoom’s use, while Elon Musk’s SpaceX has banned the app over security concerns. The company also faces a class-action lawsuit.
“Zoom takes user security extremely seriously,” the company said in a statement. “Zoom is in communication with governments around the world and is focused on providing the information they need to make informed decisions about their policies,” it added.