Video conferencing app Zoom has surged in popularity due to the coronavirus pandemic, prompting the questions: what data can the company collect about our conversations, and what could they do with it? Those questions were answered by the researchers behind Mapping Data Flows — John Batelle, Senior Research Scholar and Adjunct Professor at Columbia’s School for International and Public Affairs (SIPA), Juan Francisco Saldarriaga, Senior Data and Design Researcher at The Brown Institute, Columbia Journalism School M.S. graduates Matthew Albasi and Veronica Penney, and SIPA M.S. students Zoe Martin and Natasha Bhuta.
Mapping Data Flows began as an investigation into the data usage of the “Big Four” tech companies, Apple, Amazon, Facebook, and Google. The researchers catalogued every type of data that could be collected by each company, from credit card information and social security numbers to biometrics and camera feeds, and identified how each could be legally used by the company according to their Terms of Service (TOS). Last month, they did the same for Zoom: they read through the company’s Terms of Service and painstakingly catalogued which user data could be used for purposes such as ad personalization.
They found that while Zoom will not directly share user information collected via their app with marketers, they would be capable of selling ads that target users based on the data they do collect, similar to Facebook’s advertising model.
Deciphering Zoom’s data usage policies into clear, unambiguous definitions as the researchers did was challenging. “The Terms of Service are written in the most broad and vague way possible. It’s almost impossible to find an instance where they say ‘We collect this, this, and only this and use it for only this, this, and that,’” says Saldarriaga. To help understand the complicated flow of data a company collects about its users, Saldarriaga built an interactive visualization that filters their TOS by data source, type, and collection purpose to examine the kinds of things they could do with your information.
For example, here is a somewhat typical excerpt from the Zoom TOS:
“We do not allow marketing companies, advertisers, or anyone else to access Personal Data in exchange for payment. Except as described above, we do not allow any third parties access to any Personal Data we collect in the course of providing services to users. We do not allow third parties to use any Personal Data obtained from us for their own purposes, unless it is with your consent (e.g. when you download an app from the Marketplace). So in our humble opinion, we don’t think most of our users would see us as selling their information, as that practice is commonly understood.”
The Mapping researchers realized early into their initial analysis of the Big Four that the data usage patterns of these major tech companies are extremely similar to one another. That their Terms of Service and Privacy policies read similarly flies contrary to what many consumers might expect, since many perceive Apple as a data privacy advocate in contrast to, say, Facebook.
For a detailed analysis of Zoom’s business model and a comprehensive motivation for the project, read John Batelle’s recent blog post. The full visualization can be accessed at https://mappingdataflows.com/zoom/.