Zoom committed to sharing its first transparency report later this year in a blog by CEO Eric Yuan tracking the progress of its 90-day feature freeze to address privacy and security issues. The freeze, which was announced on April 1st, was put in place after Zoom usage went up dramatically during the COVID-19 pandemic, which revealed numerous privacy and security flaws in the videoconferencing software.
“We have made significant progress defining the framework and approach for a transparency report that details information related to requests Zoom receives for data, records, or content,” said Yuan in today’s blog. “We look forward to providing the fiscal Q2 data in our first report later this year.” A Zoom spokesperson declined to comment when asked for more detail about the planned release timeline.
In his blog, Yuan also pointed to a recently created guide detailing how the company responds to government requests for Zoom data, the types of data that Zoom collects, the company’s data retention practices, and more. Zoom has also updated its privacy policies, “mostly to make them easier to understand,” according to Yuan, and it created a separate California Privacy Rights Statement section in those policies.
Zoom has come under scrutiny for how it has handled requests for data in the past. Recently, the company suspended one account in Hong Kong and two in the US for hosting meetings commemorating the Tiananmen Square massacre after the Chinese government informed Zoom of the meetings. Zoom later reinstated the accounts and said it was developing technology that would let the company remove or block individual participants based on geography. That technology, had it been available, may have allowed Zoom to block participants from mainland China from attending the meetings instead of shutting down the entire meeting.
The advocacy group Access Now wrote an open letter calling on Zoom to release a transparency report on March 19th, but it criticized the company’s decision announced today to publish a report later this year.
“Though it is commendable that Zoom has taken steps over the last 90 days to update some of its security and privacy practices, the decision to delay the transparency report signals that Zoom does not prioritize reporting,” said Isedua Oribhabor, a US policy analyst for Access Now, in a statement to The Verge. “The pressure that Zoom has faced from the Chinese government to restrict accounts underscores just why a transparency report is essential — without it, users have no insight into the extent of government interference with their accounts and data or the steps Zoom takes to push back.”
Yuan’s blog covered many other moves the company has made since instituting the 90-day feature freeze, including a commitment to offer end-to-end encryption for all users, turning meeting passwords on by default, giving users the ability to pick which data center calls are routed from, consulting with Alex Stamos and other security experts, enhancing its bug bounty program, launching a CISO council, and working with third parties to help test the security of its products.
“Going forward, we have put mechanisms in place to make sure that security and privacy remain a priority in each phase of our product and feature development,” Yuan said.