Stack Diary: “Zoom’s Updated Terms of Service permit Training AI on User Content without Opt-Out”

Zoom’s updated policy states that all rights to Service Generated Data are retained solely by Zoom. This extends to Zoom’s rights to modify, distribute, process, share, maintain, and store such data for any purpose, to the extent and in the manner permitted under applicable law.

What raises alarm is the explicit mention of the company’s right to use this data for machine learning and artificial intelligence, including training and tuning of algorithms and models. This effectively allows Zoom to train its AI on customer content without providing an opt-out option, a decision that is likely to spark significant debate about user privacy and consent.

Additionally, under section 10.4 of the updated terms, Zoom has secured a perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license to redistribute, publish, access, use, store, transmit, review, disclose, preserve, extract, modify, reproduce, share, use, display, copy, distribute, translate, transcribe, create derivative works, and process Customer Content.

Alex Ivanovs

The recent change in the Zoom TOS caused some uproar online, forcing the company to publish various explanations on their blog and ultimately to amend the terms, though the changes remain controversial. Zoom still hasn’t clarified what they consider ‘Service Generated Data’ and the distinction between that and Customer Content. Their consent model for generative AI services sounds entirely incompatible with GDPR: the person starting the call can opt-in to Zoom IQ, but participants can only opt out by leaving the call… I can’t imagine any company would allow Zoom to train AI models on their internal conversations by generating meeting summaries; there’s always a risk for text snippets to ‘leak’, either to Zoom employees or to other companies.

A meeting participant’s view of the Meeting Summary notification once the host enables the feature. Credit: Zoom

Ultimately outsourcing crucial communications to another company raises significant trust issues, and Zoom isn’t doing itself any favors with rushed and ambiguous terms. The company has a rather weak track record of keeping promises about consumer privacy, after it mislead people about its level of encryption and was caught sharing personal data with other companies.

On a broader level, these aggressive TOS changes likely reflect concern inside the company that the business is doing poorly, and that future prospects are even poorer – thus the hurry to adopt the latest buzzwords of the tech space. Leaving aside the decline in remote work, the central issue is that a videoconferencing platform is less of a core product, but rather a feature best integrated into more comprehensive office suites. As such, Zoom may suffer a similar fate to Dropbox, an innovator in cloud storage that saw its market gradually eroded by larger platforms replicating its product inside their software bundles.