Stop Using Zoom, Hamburg's DPA Warns State Government

Hamburg's state government has been formally warned against using Zoom over data protection concerns. From a report: The German state's data protection agency (DPA) took the step of issuing a public warning yesterday, writing in a press release that the Senate Chancellory's use of the popular videoconferencing tool violates the European Union's General Data Protection Regulation (GDPR) since user data is transferred to the US for processing. The DPA's concern follows a landmark ruling (Schrems II) by Europe's top court last summer which invalidated a flagship data transfer arrangement between the EU and the US (Privacy Shield), finding US surveillance law to be incompatible with EU privacy rights.

The fallout from Schrems II has been slow to manifest -- beyond an instant blanket of legal uncertainty. However a number of European DPAs are now investigating the use of US-based digital services because of the data transfer issue, and in some instances publicly warning against the use of mainstream US tools like Facebook and Zoom because user data cannot be adequately safeguarded when it's taken over the pond. German agencies are among the most proactive in this respect. But the EU's data protection supervisor is also investigating the bloc's use of cloud services from US giants Amazon and Microsoft over the same data transfer concern.

One of us.

[Ostracus]

But the EU's data protection supervisor is also investigating the bloc's use of cloud services from US giants Amazon and Microsoft over the same data transfer concern.

EU has their own data centers. [technavio.com]

Re:One of us.

[Mascot]

Which doesn't help if US law allows US authorities to compel US companies to hand over data even if stored in foreign data centers.(https://en.wikipedia.org/wiki/CLOUD_Act).

Re:

[Ostracus]

The point being despite all the consolidation not all data center companies [datacenterknowledge.com] are US companies.

Re:

[luvirini]

True, but.. more and more are.

We used to use a European provider for quite many years, but then they got bought by a US company and we had to move our services and clients to a new one.

Hopefully they will not be bought anytime soon..

Re:

[Mascot]

Fair enough, but I'm not sure I see the relevance. The warning was specifically with regards to US based service providers. Renting some server capacity on a non-US data center will not get you e.g. Office365. You _can_ specify a EU data center for Microsoft's offering, but that does not guarantee GDPR compliance, as per the warning.

Re:

[GoTeam]

I think that all we've learned is that politicians understand nothing about technology. They want to own all the ones and zeros within their reach. When they don't understand, the legislate. I hope they don't try to legislate Math(s).

Re:

[cusco]

What do you expect? Most of them are lawyers, a lot of them still insist on using Word Perfect for all their documentation. When personal and party loyalty is more important than competence they're not getting good advice either.

Re:

[GoTeam]

True. I also giggle when politicians say they've spoken with scientists and doctors. They don't mention their selection process. I am not saying I doubt the "science". I doubt the process that finds the scientists and doctors that politicians use. It seems any politician from any political party world-wide can find a group of professionals to confirm their talking points.

Re:

[HiThere]

FWIW, when I had the option I preferred Word Perfect over MSOffice. At that time Linux didn't *have* a decent word processor. AbiWord wasn't really adequate. Frequently I'd end up using Netscape html editor rather than rebooting.

So I don't find asserting they prefer Word Perfect to be any criticism at all. More an expression of intolerance. Perhaps the most current version has problems I'm not aware of, as I haven't used it in decades, but you didn't mention any.

Re:

[cusco]

My intent was that they're stuck in the 1980s. Personally I like keyboard shortcuts rather than mousing, but that's because I came up on DOS. The law office my mom worked at was still using Word Perfect 5.1 in the late '90s, she had a copy of MS Office that she had to use to convert pretty much every document that they sent anywhere that wasn't another law office. The lawyers that my niece works for are using pirated (really) versions of Word Perfect that are 10 years old at least, and I think she also h

Re:

[bn-7bc]

Holy hell a law farm that aren't license compliant, better call the BSA and whom every owns the WP IP atm, this can not stand lawyers realy shuld know berrer, your niece should update here CV and get a new job at a place that takes a littele mire care in such matters, rhan write an anon letter baming and shaming her current employer. Or just earn them that they really should get a non pirate version so they don't get into additional hot water when they are in av etably get breached ( probably for other

Re:

[cusco]

She's hoping to move out of South Redneckistan soon anyway, but they treated her very well through a really major illness so she isn't likely to cause them any problems. It's a small office of ambulance chasers, so a low value target and the SBA will just threaten them until they buy licenses anyway.

Re:

[andrewbaldwin]

In this case (and GDPR in general), it's less of the politicians wanting to own the ones and zeros and more of allowing end users to own their data. This is an honourable stance and, in general, the approach is a good one - it's the implementation specifics that are weak.

I would certainly want my town council / local authority / government to be able to discuss sensitive matters privately [with provision for freedom of information requests to be handled appropriately] -- just as most businesses would like t

Re:

[Ostracus]

You don't see the relevance in even having the choice in the first place? If every data center company was US based then the warning would be basically, do without. Not an option.

Re:

[Mascot]

I don't see the relevance because I don't see how any random data center is an actual choice when it comes to the services mentioned. Microsoft won't run Office365 for you off of a data center of your choice, unless it's a Microsoft one. I don't know about Zoom, but I expect it's much the same there. You're stuck with the data centers _they_ operate out of, you don't have free choice of all the world's data centers.

I also don't see the relevance because the entire point of the warning was that it doesn't ma

How far will this go?

[dark.nebulae]

So now we shouldn't zoom together.

What's next? We shouldn't slack together? We shouldn't text each other? We can't collaborate on a google doc? We shouldn't share the same Slashdot platform?

Where does it end?

Re:

[themusicgod1]

No, you shouldn't use slack. Slack is a proprietary alternative to IRC and web forums. Don't use it, and don't let people/institutions around you get away with using it without criticism.

Re:

[bn-7bc]

While I agree with you, I fear that peticular ship left the port a long time ago, no one under 30 that is not a serious hard core geek ( and quite a few older hard core geeks) have never heard about IRC let alone used it. In the general population it's hardly a blip on the radar. No body pushes it as " the hot no thing of the year ". Is it still useful, oh yes, but sadly without serverside histoery, attachment and all other other stuff slack et all have IRC will not compare well in a features chart so, if

Re:

[Joviex]

Where does it end?

When we drop dead. Seems easy enough.

Well, no shit?

[nagora]

They're only two years late.

Despite the law being manageable ...

[Qbertino]

... and coming with hefty fines for non-compliance, companies and authorities in German have huge difficulties even getting the fundamentals right. There was a huge breach and data protection neglect case with a German car rental a year or so back - every one involved including the authorities trusted with handling the case were so out of their depth the case is still lingering with not much happening in consequence for the company screwing up.

It's bizarre but sadly not all that surprising.

Thank you.

[BAReFO0t]

Using Zoom is insanity.
Like using WhatsApp/Facebook/Instagram. Or using Google.

Oh wait! *Everyone*'s retarded!

*hides his Signal Messenger and jitsi.meet under a [2+2=5] icon*

Local storage

[manu0601]

We railed Russia when it required data to be stored locally, but it is indeed a first step in the right direction. Having a local representative to go after in court, like in India would also help.

Way ahead of you

[dohzer]

I've been not using Zoom for years now!