Video conference data protection has become a central topic for companies in recent years. The use of video conference tools has increased tenfold during the Corona pandemic. In December 2019, around 10 million people worldwide used Zoom daily - in April 2020, it was around 300 million users, about 30 times as many.
This rapid development, however, brings with it considerable data protection concerns. The providers of video conference tools offer different prerequisites and settings on the topic of data protection.
In this practical guide, you will learn what you have to pay attention to when selecting and using secure video conference systems. You will learn which technical and organizational measures improve data protection and how you fulfill legal requirements. In addition, we present Bliro as a data protection-compliant alternative that works without audio or video recording and nevertheless enables efficient meeting transcription.
How do video conference systems work?
Modern video conference systems have developed into complex technical solutions that go far beyond pure image and sound transmission. However, every use of such services entails risks for the confidentiality, availability, and integrity of the transmitted data.
Voice and image transmission explained
Video conferences connect several people virtually via video and audio over an IP network. The most important components: a reliable internet connection, the video conference platform itself, a suitable end device, a camera, as well as speakers or headphones.
Group conferences with more than two participants use MCUs (Multipoint Control Units), which manage and control the conferences as star distributors.
Which data are processed?
Video conferences process numerous personal data. In addition to the obvious audio and video data, the following data categories arise:
- Metadata: Information about who participated when, for how long, and from which location
- Connection data: Details about used devices and networks
- Chat content: Text messages between participants
- Presentation content: Shared screens and documents
Modern video conference systems offer extended functionalities such as collaborative document editing, digital whiteboards, or automated minute-taking through AI technologies.
Differences between cloud and on-premise solutions
The mode of operation determines data protection and control: cloud solutions run on remote servers of an external provider and are accessible via the internet. They can be set up quickly, scaled easily, and require hardly any in-house IT infrastructure.
On-premise solutions are installed on a company’s own servers and internal IT infrastructure. This enables complete control over data and its security. On-premise systems also work offline and ensure business continuity during internet outages.
Smaller companies with limited budgets benefit from cloud solutions. Organizations with high data protection and data security requirements tend to choose on-premise solutions. Medium to large companies can fall back on private cloud solutions that combine the advantages of both approaches.
Legal foundations for GDPR-compliant video conferences
The GDPR significantly tightens the requirements for video conference systems. Data protection-compliant communication requires precise knowledge of the legal framework conditions.
Differences between cloud and on-premise solutionsGDPR requirements for video conferences
Video conferences process personal data and are fully subject to the GDPR. Commercial video conference system providers are considered telecommunications service providers and must comply with the data protection principles of the Telecommunications-Digital Services Data Protection Act (TDDDG).
Consent requirements for recordings
Video conference recordings intrude into the personal sphere and therefore require the explicit consent of all participants if video and audio recordings of conversations are made. The active consent must fulfill the following characteristics:
- Voluntary and informed
- Obtained before the start of the recording
- Verifiably documented
- Revocable at any time
Data transfer to third countries
Servers outside the EU require special caution. Data transmission to third countries is only permissible under certain conditions.
Technical and organizational measures for more data protection
Data protection in video conferences requires concrete protective measures. These technical and organizational measures minimize the risk of data protection violations and form the foundation for GDPR-compliant video conferences.
End-to-end encryption and transport encryption
At least transport encryption according to BSI guidelines is required for video conference data. Most providers use TLS encryption for communication. For sensitive conversations, end-to-end encryption (E2EE) is recommended - only the participants can decrypt the contents.
Password protection and waiting rooms
Access restrictions protect against unwanted participants. Passwords and waiting rooms prevent unauthorized access. Use strong, random passwords and activate waiting rooms - this way you as the organizer decide on the access.
Server location: EU vs. third country
The server location determines GDPR compliance. European providers with EU servers are fully subject to the GDPR and offer higher data protection guarantees. For providers outside the EU, additional protective measures such as standard contractual clauses are required.
Two-factor authentication
Two-factor authentication creates an additional layer of security. In addition to the password, a second factor is requested - for example, a temporary code via SMS or authenticator app. This method prevents unauthorized access even if passwords are compromised.
Privacy-friendly default settings
Configure video conference systems in a privacy-friendly way. This means: camera and microphone deactivated by default, tracking functions turned off, no automatic recordings. Limit the range of functions to what is necessary.
Deletion concepts and retention periods
The principle of storage limitation requires the deletion of data after the purpose has been fulfilled. Create a deletion concept for video conferences: recordings, chat histories, and shared documents should be automatically deleted after a defined period.
Bliro offers a special advantage here: conversations are documented through real-time transcription without storing audio or video data - an optimal compromise between documentation and data protection.
Bliro as GDPR-compliant meeting transcription
Classic video conference systems create data protection challenges. Bliro offers a fundamentally different approach as an AI-supported meeting assistant that fundamentally differs from conventional video conference solutions.
No audio or video recording
Bliro creates no audio or video recordings of the conversations. This significantly reduces sensitive data that could fall into the wrong hands. While conventional solutions require the explicit consent of all participants, Bliro fundamentally works without this hurdle. Users retain full control over the transcription process at all times and can start or end it at any time.
Real-time transcription without storage
Bliro uses a proprietary technology for anonymous real-time transcription, which was developed within the framework of a research project at the Technical University of Munich. The software accesses the computer’s microphone directly and works in the background like a normal app. This allows information to be extracted from conversations without recording them - a clear advantage over other meeting assistants.
Encryption and access control
Bliro relies on modern encryption technologies for the protection of data. The transcripts are encrypted with data keys, which in turn are encrypted under a secret key. No one, not even Bliro itself, can export these secret keys. Only the users have access to their transcripts and AI summaries.
GDPR-compliant
Bliro is designed to be fully GDPR-compliant. All data is processed exclusively on European servers in Frankfurt am Main. Nevertheless, the other meeting participants should be informed about the processing of their personal data.
Areas of application in companies
Bliro can be seamlessly integrated into existing workflows and supports tools such as Google Meet, Zoom, Microsoft Teams, as well as CRM systems like Salesforce and HubSpot. The solution is especially suitable for:
- International meetings thanks to support for more than 15 languages, including German, English, and Mandarin
- Sales teams through special features such as deal coaching and automatic drafting of follow-up emails
- Data-sensitive companies that want to implement results directly from meetings - without legal hurdles like consent declarations
Conclusion
Video conference data protection is developing into a competitive factor. GDPR-compliant communication is possible - if you make the right decisions in selection and configuration.
The principle of data minimization remains crucial. Not every meeting needs video, even less so a recording. Bliro offers a clear advantage here: AI-supported real-time transcription without audio or video recording enables efficient meetings with maximum data minimization.
Pay attention to technical protective measures: end-to-end encryption, secure passwords, European server locations. Take legal framework conditions such as consent requirements and data processing agreements into account.
Data protection-compliant meetings create trust and protect against legal risks. Solutions like Bliro show: efficiency and data protection are not mutually exclusive. AI-supported transcription documents all important information - without audio or video recordings.
See data protection as an opportunity, not as an obstacle. With this knowledge, you can now make well-founded decisions for secure video conferences in your company
