Government Requests and Data Protection
Transparency is one of our core values at Zoom, and that informs all of our work involving government requests. At a time when data flows across borders more than ever before, we understand that our users may have questions about if, how, and under what circumstances we might disclose their information to a government. This is especially true for our enterprise and public sector customers, who may have operations in multiple jurisdictions and must move data among different countries and regions.
We have published a comprehensive Government Requests Guide to answer those questions. We also publish semi-annual Transparency Reports designed to provide information about the volume and kinds of requests we receive and how we answer them.
So, what are we doing to help safeguard your data when a government seeks information?
Data protection by default
We do not provide user information to any government unless required to by law or in bona fide emergencies. Any request for user information must come through our single point of intake. There are no exceptions.
We will challenge all government requests for public sector or enterprise customer data where there is a lawful basis for doing so.
We challenge overbroad or unlawful requests
We routinely challenge requests that:
- Are overbroad or vague
- Don’t have a legal basis in the requesting jurisdiction
- Are not about the good faith detection or prevention of crimes
- Ask for information about people who are not subject to the requesting jurisdiction
- Come from an entity without the authority to make the request
- Have nondisclosure orders without end dates
- Are improperly served or are deficient in other ways
Our user notification policies
It is our policy to notify our users when we must disclose their information to a government, except when we receive a valid delayed-notification order or where the matter involves child endangerment, a life-threatening emergency or a threat to Zoom services, rights or property.
We evaluate every delayed-notification order that we receive to ensure that it is legally valid. When necessary, we take all reasonable legal steps to challenge legally deficient delayed-notification orders. When a delayed-notification order expires, we notify the affected user.
Our Transparency Report
We publish semi-annual Transparency Reports that document the numbers and types of government requests we receive for user data, the jurisdictions submitting the requests, and how we act upon them. Our Transparency Reports are interactive, easy-to-understand, and you can download the underlying data. Transparency Reports are available on Zoom’s Trust Center.
Zoom offers feature-rich client software that leverages a range of encryption technology to assist with user privacy and security. Zoom is proud to be an industry leader in offering optional end-to-end encryption (E2EE). Zoom’s end-to-end encryption, when enabled, ensures that communication between all meeting participants using Zoom clients in a given meeting is encrypted during transit using cryptographic keys known only to the devices of those participants. Users can select E2EE for Zoom Meetings, and soon for one-on-one, intra-account phone calls that occur via the Zoom client.
We support global transparency initiatives
Zoom advances a thoughtful, balanced approach to governments’ use of technology by participating in or consulting with organizations such as Reform Government Surveillance, the Center for Democracy and Technology and the Global Network Initiative, among others.
We feel privileged that organizations, governments, and individuals worldwide entrust us with their most sensitive communications. We commit to maintaining strong protections to safeguard user data and innovating new ways to do so.