Zoom quietly changes policy to allow AI models to be trained on user data - updated

And there's no way to opt-out

Zoom tweaks policy to allow training AI models on user content

Image:

Zoom tweaks policy to allow training AI models on user content

A change to Zoom's Terms of Service means users' data can now be used to train AI models.

According to the updated policy, Zoom maintains exclusive rights to all "Service Generated Data" (SGD), granting the company the authority to modify, process, distribute, share, store and maintain such data for any purpose, in compliance with applicable law.

SGD refers to any telemetry data, diagnostic data, product usage data or similar information that Zoom collects in association with users' use of its software or services.

Zoom's policy was last updated on the 26th July, though it's unclear if that's when the company added the text about AI.

A subsequent update to the terms of service on 7th August, and a blog released the same day, clarifies that Zoom will not use audio, video or chat content to train AI models.

In a statement, the company told us, ""Zoom customers decide whether to enable generative AI features, and separately whether to share customer content with Zoom for product improvement purposes. We've updated our terms of service to further confirm that we will not use audio, video, or chat customer content to train our artificial intelligence models without your consent."

The policy raises concerns due to its specific mention (section 10.4) of the company's right to use SGD for AI and machine learning, which includes training and fine-tuning models and algorithms.

That could lead to privacy and data security implications for users, as their content and information could be used in ways they did not explicitly consent to.

Another point in section 10.4 says Zoom has obtained a "perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license," which allows it to take various actions related to Customer Content.

These actions include redistributing, publishing, accessing, using, storing, transmitting, reviewing, disclosing, preserving, extracting, modifying, reproducing, sharing, displaying, copying, distributing, translating, transcribing, creating derivative works and processing.

Zoom claims these actions are necessary for several reasons, including providing and supporting services, and enhancing the quality of its own software, services or other products.

However, privacy advocates are likely to pay close attention to these updated terms, as they may push the boundaries of what is considered acceptable in terms of data privacy, consent, and individual rights.

Growing interest

Zoom alluded to its increased emphasis on AI products earlier this year, in response to the growing interest in the technology.

The company said it intends to offer a feature that allows customers to create meeting summaries without recording the entire session, catering to those who prefer a more concise sharing option.

Zoom also said it plans to enhance the capabilities of intelligent recording to streamline repetitive tasks and automate follow-ups.

The company launched key features of Zoom IQ in June, describing the product as a smart companion designed to harness the potential of generative AI and facilitate collaboration.

"With the introduction of these new capabilities in Zoom IQ, an incredible generative AI assistant, teams can further enhance their productivity for everyday tasks, freeing up more time for creative work and expanding collaboration," said Smita Hashim, chief product officer at Zoom.

"There is no one-size-fits-all approach to large language models, and with Zoom's federated approach to AI, we are able to bring powerful capabilities to our customers and users through Zoom's own models as well as our partners' models."

In 2021, Zoom agreed to settle a class action privacy lawsuit in the US for $86 million (£61.8 million).

The lawsuit, filed in 2020, accused Zoom of violating the privacy of millions of users by sharing their personal data with Facebook, LinkedIn and Google.

The company was also alleged to have failed in preventing threat actors from disrupting Zoom meetings and misled users by falsely claiming to provide end-to-end encryption.

Although Zoom denied any wrongdoing during the lawsuit, it committed to enhancing its security practices as part of the settlement agreement.

This article was updated on 8/8/2023 with a statement from Zoom.