Skip to content

Media Statements

Media Statement - Data Protection Authorities Issue Co-signatory Letter toVoice Out Global Privacy Expectations of Video Teleconference Providers

Date:21 July 2020

Data Protection Authorities Issue Co-signatory Letter to
Voice Out Global Privacy Expectations of Video Teleconference Providers

The Privacy Commissioner for Personal Data, Hong Kong, Mr Stephen Kai-yi WONG (PCPD), together with five Data Protection and Privacy Authorities from different jurisdictions, today published an open letter to video teleconferencing companies reminding them of their obligations to comply with the law and handle people’s personal data responsibly.
 
The COVID-19 pandemic has resulted in a sharp uptake in the use of video teleconferencing software, increasing risks around the collection and use of personal data. The open letter provides video teleconferencing companies with principles to help them identify and address some of the key privacy risks, and better protect people’s personal data. Awareness of security risks, adoption of “Privacy by Design” and “Privacy by Default”, understanding of audience, transparency and fairness, as well as end-user control are some of the key principles being advocated.
 
Noting the frequent use of video teleconferencing tools during the pandemic and the associated privacy risks, the PCPD has since April issued guidance to users of video teleconferencing software, with particular regard to schools and parents. Video teleconferencing companies have been encouraged to adopt “Privacy by Design” and “Privacy by Default” in their products[1].
 
The open letter is signed by six authorities brought together through the Global Privacy Assembly (GPA)’s International Enforcement Cooperation Working Group (IECWG): the Office of the Australian Information Commissioner, the Office of the Privacy Commissioner of Canada, the Gibraltar Regulatory Authority, the PCPD, the Switzerland Federal Data Protection and Information Commissioner and the UK Information Commissioner’s Office. The letter is for all video conferencing companies, but has also been sent directly to Microsoft, Cisco, Zoom, House Party and Google.
 
GPA, formerly known as International Conference of Data Protection and Privacy Commissioners, is a global forum for more than 130 data protection and privacy authorities seeking to provide leadership at international level in data protection and privacy. As a member of the IECWG of the GPA, the PCPD advocates cross-jurisdictional cooperation among data protection authorities and helps drive cross-jurisdictional enforcement collaboration. The PCPD is also a co-chair of GPA’s Permanent Working Group on Ethics and Data Protection in AI, advocating data ethical stewardship based on respect, mutual benefits and fairness to enterprises and organisations.
 
The open letter can be downloaded here.

[1] The PCPD has since April 2020 issued media statements and responded to media enquiries, advising members of the public on practical guidelines on how to enhance personal data security in using video conferencing applications:
https://www.pcpd.org.hk/english/media/media_statements/press_20200401.html
https://www.pcpd.org.hk/english/media/response/enquiry_20200409b.html
https://www.pcpd.org.hk/english/media/media_statements/press_20200402.html
 
The PCPD and Singapore’s Personal Data Protection Commission have also released a jointly-developed Guide to Data Protection by Design (DPbD) for ICT Systems. The Guide encourages organisations to pro-actively incorporate data protection considerations when developing ICT systems from the onset. The Guide assists organisations in applying DPbD principles through practical guidance for all phases of software development and good data protection practices for ICT systems. The Guide can be downloaded here:
https://www.pcpd.org.hk//english/resources_centre/publications/files/Guide_to_DPbD4ICTSystems_May2019.pdf


-End-