Data protection in videoconferences – What you need to be aware of

Video conferencing has proven its worth in the pandemic. Nevertheless, videoconferencing raises questions about data protection. The German „Gesellschaft für Datenschutz und Datensicherheit“ has drawn up a checklist that is very useful to follow. Here we explain what you should look out for.

Jetzt smarte News für Selbstständige abonnieren!

a) Encrypted transmission

End-to-end encryption ensures the greatest security. This means that the transmitted data is already encrypted on the sender’s computer and decrypted on the recipient’s computer. In the meantime, many providers offer such encryption, but some only offer it for an additional charge. Under certain circumstances, however, transport encryption (TLS) is also sufficient, with the theoretical possibility that the service provider has access to unencrypted content. The rule is: the more sensitive the data, the higher the encryption requirements are. At the latest when it comes to special categories of personal data, such as medical video consultations, end-to-end encryption must be required.

b) Selection options for data protection-friendly default settings

It makes sense for the videoconferencing tool used to provide the option of selecting privacy-friendly default settings, i.e. ultimately deselecting functions that collect data but are not necessary for the videoconference. These include, for example, statistical data and evaluations.

Kompaktes Wissen für die Existenzgründung: Das Handbuch  Existenzgründung – In zehn Schritten zum Erfolg von Stiftung Warentest


c) Sharing with consent

If the screen can be shared, this must only be possible if the participants actively agree to it.

d) No data use by the provider for its own purposes

The provider should not collect data that is not necessary for the provision of the service.

e) Deletion

Data collected during the videoconference should be deleted by the system immediately after the conference. This applies to chat histories but also to exchanged files. It also applies to the data of the participants: who took part, for how long and with which contributions. The less the service stores, the better.

f) Blurr possibilities

Video conferencing systems allow insights into a very private area of the employee. To protect employees from this, the systems used should have the option of a blurr effect, which blurs the background, or the option of choosing their own background image.

g) Access restriction

It must be ensured that the videoconference is not accessible to everyone, but only to those who should actually participate. This can be ensured either by a login function or by requiring the organiser’s consent before a participant enters the conference.

h) Information obligations

The provider should fulfil its information obligations in terms of data protection and provide the information in a transparent manner.

Über den Autor Henning Zander

Henning Zander ist Wirtschaftsjournalist und externer Datenschutzbeauftragter (TÜV). Er arbeitet u.a. für FOCUS-Business, Legal Tribune Online und das Anwaltsblatt. Er ist Autor des Buches Startup für Einsteiger