Zoom's updated terms of using data for training AI raise concern — the story so far

Video conferencing platform Zoom has been entangled in a data privacy issue due to its updated terms of service. It gives Zoom the permission to use service-generated data on its platform to train its artificial intelligence models, without giving users the option to opt-out. Since then, Zoom has released a statement offering more details.

Zoom’s new terms of service

Zoom quietly updated its terms and conditions a few months back to allow it to use some of the user data to train its artificial intelligence algorithms and systems. This update gained traction earlier this week after a discussion thread emerged on the Hacker News forum. This discussion, along with a blog by developer and writer Alex Ivanovs alleged the company has changed its terms of service to allow it to use consumer data without the option to opt out.

Two sections in Zoom’s document — 10.2 and 10.4 — have been particularly highlighted. As per these sections, the company is allowed to collect, modify, distribute, share, and store ‘Service Generated Data’. Such data would be then used for “product and service development, marketing, analytics, quality assurance, machine learning or artificial intelligence (including for the purposes of training and tuning of algorithms and models), training, testing, improvement of the Services, Software, or Zoom’s other products, services, and software, or any combination thereof”. It may be noted that service generated data here denotes telemetry data, product usage data, and diagnostics data, among others.

Section 10.4 also grants Zoom a worldwide, non-exclusive, and royalty-free license to use the data for training and product development activities.

Zoom’s statement

After receiving criticism, Zoom added a statement under Section 10.4, stating, “Notwithstanding the above, Zoom will not use audio, video or chat Customer Content to train our artificial intelligence models without your consent.” This statement also intends to provide the difference between customer content and service generated content.

In addition, the company also published a blog by chief operating officer Smita Hashim, which reiterated the same. Hashima wrote that customers own and control their video, audio, and chat content, even as the platform uses it to provide value-added service. On the service-generated data, the blog noted that “we consider this to be our data” which can be used to better user experience.

In an email statement to TechCircle, Zoom’s spokesperson said, “Zoom customers decide whether to enable generative AI features and separately whether to share customer content with Zoom for product improvement purposes.” Zoom recently introduced its generative AI Zoom IQ for meeting summarisation and chat composition.

Notably, a few years back, the US agency Federal Trade Commission accused Zoom of ‘deceptive and unfair practices’ that undermined user security on its platform. The agency said that Zoom’s encryption mechanisms were weaker than claimed. This led Zoom to launch a 90-day turnaround effort to address the issues raised. The company finally reached a settlement with FTC in late 2020.

India’s data privacy Bill

Earlier this week, Lok Sabha passed the Digital Personal Data Protection Bill. It now awaits clearance in Rajya Sabha. The DPDP bill lays down rules for the collection, processing, and usage of personal data of Indian citizens. It states that the collection and usage of personal data should be lawful. It also proposes that only relevant data be collected from individuals and such data should be used only for consented and pre-defined purposes. It also allows storing of this data only till consented purpose is served. The Bill applies personal data in digital form, excluding non-personal and data in non-digital formats.