Guideline Video conferencing software Zoom - Use at the University
Heidelberg University is not offering campus licenses for Zoom, but for Zoom X. If you would like to use Zoom, please consult the Guidelines below.
These guidelines are largely based on German Guidelines for Using the Video Conferencing System Zoom issued by Freiburg University
The development of these guidelines is still in progress and they are subject to change.
Introduction
At Heidelberg University, most of the demand for digital events in teaching, research and administration can be met with the video conferencing systems provided by the university itself. In addition to this and as possible alternative solutions, the university offers services from other manufacturers that are not hosted in-house.
Expanding on its portfolio of videoconferencing systems, Heidelberg University also allows the use of the Zoom X videoconferencing solution from Zoom Video Communications, Inc in cooperation with Deutsche Telekom.
The use of Zoom is intended for situations in which face-to-face events cannot be held and the university's own video conferencing systems cannot be used. Staff and students are explicitly not obliged to use Zoom X.
What is Zoom?
Zoom is a cloud-based video software solution for collaboration via audio and video conferencing as well as content sharing. From a user perspective, Zoom is easy to use, offers a variety of tools for moderation and is even suitable for large events. Zoom has also distinguished itself through efficient scaling despite increasing user numbers. Zoom Video Communications, Inc. is an American company headquartered in San Jose, California. Zoom offers a reliable cloud platform primarily for audio and video conferencing on mobile devices, desktops and phones.
When can I use Zoom?
Although it is assumed in principle that Zoom will be used in conformity with data protection laws, it still involves a cloud-based service of an external American contractor. Therefore, the university is dependent on the compliance of Zoom. According to the provider's statements, the contents of meetings are not stored or monitored in any form. When the Zoom client is used and the meeting is unrecorded, the provider states that all content is transmitted via encryption and not recorded. However, unlike the university’s self-hosted solutions, when Zoom is used, the university has no direct access to the data and its handling. Therefore, the university's own videoconferencing solutions should be relied on as the top preference.
No sensitive, confidential or classified content or data may be discussed or handled in the context of Zoom online meetings. Therefore, when using Zoom, it is important to ensure that no vulnerable personal data or content will be handled as such data must be handled in an anonymized manner. Examples of permitted uses of Zoom at Heidelberg University are given below. Please be aware that any communication could contain sensitive data.
The Zoom X service is provided by Deutsche Telekom GmbH in cooperation with Zoom Video Communications Inc. and offers the same user interface and application as Zoom, but is hosted on servers in Germany.
What is sensitive data?
Particularly sensitive or confidential data include the categories regulated by Article 9 of the EU-GDPR such as medical data and data regarding racial or ethnic origin, religious or philosophical beliefs and sexual orientation. It also includes data that is subject to legal or other privacy, confidentiality or non-disclosure regulations, as well as data in personnel files. Therefore, it is imperative to examine whether the use of Zoom is suitable for the anticipated meeting contents before it is used.
Possible uses of Zoom
The use of Zoom is allowed if no sensitive personal data or content will be involved. For reference, typical examples include:
- information sessions,
- public events,
- everyday communication.
Restricted uses of Zoom
The more likely it is that sensitive or confidential data will be handled, the more likely it is that the contents discussed while using Zoom must be handled anonymously. If the contents of a meeting must be handled anonymously, the use of Zoom is not permitted. Typical examples of scenarios which require careful deliberation include:
- staff meetings,
- committee meetings,
- interviews, presentations, conferences, etc.,
- meetings about sensitive research data,
- office hours, consultation meetings,
- job appointments,
- job interviews.
Prohibited uses of Zoom
The handling of especially sensitive or confidential information is often unavoidable - in these cases, the sensitive data is often the main topic of discussion. For such communications, the use of Zoom is not permitted. Typical examples include:
- examinations,
- psychological counseling sessions,
- doctor-patient meetings,
- (research) meetings whose content is subject to non-disclosure.
Recording with Zoom
Zoom offers university employees the option of recording online meetings. Besides one's own presentation (if possible, with a webcam), meeting organizers are not allowed to record the video, audio or chat record of participants. The meeting organizers are responsible for compliance with legal requirements.
General legal requirements
It is not permitted to record the privately spoken words of another without authorization (§ 201(1)(1) German Criminal Code ‐ StGB). As Zoom meetings at the university are generally not held in public form, the recording of an event without the consent of the persons concerned can result in a violation of § 201 StGB. It is not permitted to record contributions of participants without their consent, nor is it allowed for participants to record events, regardless of whether the recording is made with the video conferencing tool itself or with an external program.
Data protection regulations
Due data protection laws, the recording of participants in the context of educational courses is not permitted. The reason for this is that the consent of participating students in connection with educational courses does not meet the criteria of voluntary participation required by the EU-GDPR. Therefore, consent cannot be legally granted by the students.
Also, it is generally not possible to give valid consent within the context of working relationships due to the interdependent relationship between employer and employee.
Therefore, one should also refrain from recording online meetings in working contexts.
Recording oneself as the meeting organizer
Because the presenters or instructors are the creators of their presentation/course and its content, as a rule, it is considered acceptable for them to record themselves in the context of their own online meeting as long as no images, sounds or other content from other participants are recorded by which the participants could be identified.
In order to prevent inadvertent recording of the participants, it is necessary for the cameras and microphones of the participants to be deactivated by the meeting host before phases of recording or for the entire event. The question and discussion phases are to be held at the end of the event, and the recording must be stopped prior to these phases. During the event, questions from the audience can be asked under a pseudonym in a parallel chat and answered by the organizer.
Recommendations
The following criteria should be observed when using Zoom:
- Before using Zoom, Attention Tracking must be deactivated.
- Video conferences must be password-protected.
- Set up the participant Waiting Room; this ensures that no one can enter the online meeting without permission (“Zoom‐Bombing”).
- The use of the Zoom app is preferable to the use of the browser-based version.
Getting a Zoom license
You can find out more about licensing and access in the service catalogue.