Mastodawn

Video conferencing is not just a technical choice — it's a GDPR compliance decision. My new analysis examines Zoom, Teams, Google Meet, Jitsi, and Proton Meet through the lens of the CLOUD Act, end-to-end encryption, and Art. 48 GDPR. E2EE as a default — not an option — is both a technical and a legal safeguard.
Regulatory is not an academic luxury. It is a professional responsibility.
👉 https://www.nicfab.eu/en/posts/videocall-gdpr-compliance/

#Privacy #E2EE #DataProtection #AIAct #GDPR #AI #dataprotection
@protonprivacy

Video Conferencing and GDPR: Choosing a Platform in Light of the CLOUD Act and End-to-End Encryption

Which video conferencing platform is GDPR-compliant? A legal analysis of Zoom, Teams, Google Meet, Jitsi, and Proton Meet in light of the CLOUD Act

NicFab Blog — Privacy, GDPR & Artificial Intelligence

Show thread

eparto 5d ago

@nicfab

Related with "Provider access to content", E2EE doesn't prevent the provider to access the content in web applications. This term causes a lot of false perceptions. Since the application comes from the same provider, it is very easy to get keys and content even E2EE is enabled.

E2EE provides zero protection in web applications.

Show thread

Nicola Fabiano 5d ago

@eparto Valid concern. The trust model in web-delivered code differs from native apps with verifiable binaries — agreed.
My analysis is framed from a GDPR standpoint: the relevant distinction is between platforms with routine server-side access to content and platforms where content is encrypted client-side with keys the provider does not hold. That remains significant even acknowledging web trust assumptions.
Open-source clients and audits mitigate — imperfectly, but materially.