Zoom updated its terms of service (TOS) in March 2023 to include section 10.4 Customer License Grant, which reads:
“You agree to grant and hereby grant Zoom a perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary to redistribute, publish, import, access, use, store, transmit, review, disclose, preserve, extract, modify, reproduce, share, use, display, copy, distribute, translate, transcribe, create derivative works, and process Customer Content and to perform all acts with respect to the Customer Content, including AI and ML training and testing.”
In this update to their TOS, there was no option to opt-out, meaning that all Zoom users’ meetings would be subject to this license grant. This prompted immediate concern and backlash from users who viewed the new TOS as posing privacy concerns.
After receiving overwhelming criticism, section 10.4 was updated on Aug. 11 to 10.4 Customer Responsibilities, reading:
“You are solely responsible for compliance with all Laws and regulations pertaining to the Customer Content, including Laws requiring you to obtain the consent of a third party to use, license or generate Customer Content and to provide appropriate notices of third party rights. Zoom may delete any Customer Content, at any time without notice to you if Zoom becomes aware that it violates any provision of this Agreement or any applicable Laws. You retain all ownership rights in your Customer Content subject to any license or other rights granted herein.”
While this would have been a decent TOS change had the original issue been resolved, another section, 10.2 Permitted Uses and Customer License Grant, was updated to read:
“Zoom will only access, process or use Customer Content for the following reasons (the “Permitted Uses” ): (i) consistent with this Agreement and as required to perform our obligations and provide the Services; (ii) in accordance with our Privacy Statement; (iii) as authorized or instructed by you; (iv) as required by Law; or (v) for legal, safety or security purposes, including enforcing our Acceptable Use Guidelines. You grant Zoom a perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary for the Permitted Uses.”
Note the terminology “Permitted Uses.” Under Zoom’s current TOS, permitted uses include (but are not limited to):
- Account Information
- Profile and Participant Information
- Contact Information
- Settings
- Registration Information
- Device Information
- Content and Context from Meetings, Webinars, Messaging, and Other Collaborative Features
While all permitted uses listed above are problematic, Content and Context from Meetings, Webinars, Messaging and Other Collaborative Features are especially notable. Under that label, Zoom has access to who leaves or joins a meeting, keystrokes and mouse movements. Essentially, Zoom will track and log which buttons you press and the mouse movements you make when the application is in use, participant messages and who messages were sent to, transcript text when authorized by the user and many more.
Zoom claims that they will not use this data to train their AI models, yet they have been caught lying about previous statements. In 2021 they settled a class-action lawsuit for deceiving users on how their data was being used, Zoom was likely worried about a similar lawsuit. However, regardless of use in AI training, the fact that Zoom has access to these massive amounts of personal data makes the service dangerous for government agencies, universities and other institutions or people who handle sensitive information. In the case of universities, this access to data could make confidential information public, such as students’ performance.
When I contacted the university’s interim President, Sheahon Zenger for comment, I was put in contact with Associate Vice President for Technology & CIO Vincent P. Mangiacapra, who was forthcoming with information. After meeting with Zoom, he gave me the following statement:
“I [Associate Vice President for Technology & CIO Vincent P. Mangiacapra] spoke with Zoom this morning [Sept. 8, 2023] regarding their use of collecting user data to be used for Artificial Intelligence modeling. They made it clear that it was never Zoom’s intent to collect data from Higher Education customers. Further, in response to Zoom user feedback, they are not going to use any data collected by their customers to help build their machine learning models. Zoom’s legal and contractual agreements with education and healthcare customers already prohibit these activities.”
On Monday, Sept. 11, Mangiacapra also sent out an email to the university community to reiterate this message.
Thus, the new AI policy is seemingly officially dead in the water. Regardless of whether or not Zoom keeps the revised update, the policy will not affect university students or professors using Zoom through their college emails. Additionally, due to public outcry, Zoom has pledged not to use everyday customer content and data to train its AI models.
While seemingly a win for Zoom users, we must remember that if a company as large as Zoom were bold enough to try such a radical change in the first place, they could do so again.
As customers in the digital age, we are responsible for keeping on guard for future Zoom TOS updates and the TOS updates of all companies who will no doubt wish to use “free” data to train their future machine learning algorithm models. As a race, we have flung the doors of machine learning open, and it is up to us to ensure that we not only remain in control but keep our privacy and fundamental rights intact.