Relevant text:
10.4 Customer License Grant. You agree to grant and hereby grant Zoom a perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary to redistribute, publish, import, access, use, store, transmit, review, disclose, preserve, extract, modify, reproduce, share, use, display, copy, distribute, translate, transcribe, create derivative works, and process Customer Content and to perform all acts with respect to the Customer Content: (i) as may be necessary for Zoom to provide the Services to you, including to support the Services; (ii) for the purpose of product and service development, marketing, analytics, quality assurance, machine learning, artificial intelligence, training, testing, improvement of the Services, Software, or Zoom’s other products, services, and software, or any combination thereof; and (iii) for any other purpose relating to any use or other act permitted in accordance with Section 10.3. If you have any Proprietary Rights in or to Service Generated Data or Aggregated Anonymous Data, you hereby grant Zoom a perpetual, irrevocable, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary to enable Zoom to exercise its rights pertaining to Service Generated Data and Aggregated Anonymous Data, as the case may be, in accordance with this Agreement.
Zoom is used by a lot of institutions for official, sometimes sensitive work (ex. Healthcare, education, etc.)
How are those plans affected by this change?
Zoom has a healthcare specific license for healthcare. Don’t think they could add that in and stay HIPAA compliant, but I can’t any exceptions in the ToS so maybe US healthcare is actually trash and this is “fine”
It’s definitely not fine, but they may be stupid enough to try and train a model on healthcare zoom meetings. I think I’m gonna let my healthcare company security team know. We do a lot of cross collaborative meetings with the university and I’m not sure their license is the healthcare one. Typically that’s all just resolved through a business agreement, but if it’s a part of the ToS now they may be violating HIPAA without knowing it even while having business agreements not to. Might be worth filling a complaint to give the hhs a heads up that they’re potentially noncompliant.
My synagogue uses zoom and I’m afraid of the potential risk this might place them with now
for meeting and other video conferencing needs: https://jitsi.org/jitsi-meet/ , not hard to set up and get going.
and of course just video chat with no back end there is always https://vdo.ninja/ though I strongly recommend rolling up a jitsi-meet server
for streaming https://obsproject.com/
Zoom could easily be replaced at little cost other than someone’s time and a donated fairly modern computer (note: businesses can often deduct the full value of the computer if it is two years or less old and is donated to a qualifying organization, such as a Synagogue).