Cisco Clarifies Privacy Policy for Webex Videoconferencing

After a Consumer Reports study, the company provides more details on what data is collected, and why

Allen St. John, Consumer Reports Senior Home & Tech Writer.

By Allen St. John
Senior Home & Tech Writer

May 11, 2020

Cisco is making it easier to find out what personal information the company collects and how it uses it during videoconferencing calls on its Webex platform.

The changes come in response to a Consumer Reports evaluation of the platform's privacy policy and terms of service. Consumer Reports also evaluated the privacy policies for two other big players: Google (with Hangout, Meet, and Duo) and Microsoft (Skype and Teams).

All of the privacy policies left unanswered questions. But the companies seemed to reserve the right to access recordings of meetings for business purposes, along with details such as who was on a call. Our researchers found that the documents were short on details and contained confusing language.

We have been looking into videoconferencing services because millions of consumers have recently taken to these platforms to stay in touch during the coronavirus pandemic.

Cisco made things clearer on Monday when it linked from the Webex sign-up window to a detailed description of the platform's data practices. The description, which Cisco calls a "privacy data sheet," had been posted on the website before, but in an obscure spot where a user was unlikely to ever come across it.

“It's progress," says Justin Brookman, director of privacy and technology policy at Consumer Reports. "The improved Cisco policy, with the more prominent placement of data sheet, does put in place some important and meaningful limitations on what they do with our data."

Such statements are legally enforceable, he says, and give organizations, including Consumer Reports, the information they need to do evaluations on behalf of ordinary users.

"This more detailed disclosure adds a level of clarity that other companies would do well to emulate," says CR privacy researcher Bill Fitzgerald.

The data sheet indicates that Cisco may collect dozens of pieces of data from hosts and participants, such as what browser you're using, what region you live in, how many meetings you attend, and whether people are sharing their screens. Some of that information is used to make improvements to both Webex and other Cisco products, the document says. Some other potential uses aren't addressed.

"Parts of Cisco's data sheet are pretty vague," Brookman says. "It's hard to know, for example, to what degree they use consumer information for marketing."

But the sheet should also reassure anyone worried about the most intrusive potential forms of snooping by a videoconferencing company. It says that meeting and call recordings and transcripts are used only to provide the service—the company doesn't mine that information for its own marketing or product development.

The Webex data sheet also says that while the platform supports facial recognition to help people in a meeting identify each other, the feature is turned off by default and can be activated only if both the administrator and the user opt in.

"We appreciate Consumer Reports' perspective on how to make our product documentation more readily accessible to users," says Harvey Jang, Cisco's chief privacy officer.

One takeaway from CR's study of all videoconferencing platforms, including the ones listed here as well as Zoom, is that hosts, administrators, and other participants can collect a lot of information about a call and share it freely. The data sheet reminds users, "The meeting host will control any meeting recordings or files shared during the meeting . . . which may be shared with others."

Guarding Privacy in a Videoconference

When you join a videoconference, you still face several potential threats to your privacy. Information about the call could be collected by the companies that built the platform, as well as the host or administrator of your meeting, or even by other participants. And that information can then be shared either publicly or with businesses.

Here are some strategies from CR's privacy and security experts for keeping your personal information safe while teleconferencing.

Pick a platform. Try to use any videoconferencing services as a "guest," to share as little information as possible. If you decide to sign up, perhaps to access more features, you can minimize your digital footprint by sticking to a single platform. That way, fewer companies are watching you. There's another benefit, too: You can become acquainted with the service's privacy and security features, and learn to use those tools more effectively.
Use outside privacy tools. This tip applies to almost anything you do online. First, if you decide to create a videoconferencing account, use a dedicated "burner" email that you don't use for anything else, or at least for important functions like banking, healthcare, and social media accounts. It's also smart to use a highly rated password manager with the platform's password function. That can help keep your meetings secure from a Zoombombing-style intrusion.
Assume you're being recorded. Anything you say or do in a meeting can be recorded. It can be captured officially by a host, administrator, or another participant, or just grabbed by someone with screencasting software or even a smartphone. The solution? Turn off your camera and mic whenever possible. When you do have to be onscreen, consider using a virtual or blurred background if you don't want to show co-workers, clients, or strangers the personal details that can be gleaned from books on your shelf, your children's toys, or art on your wall. Videos can leak into public or end up being shared with a wider circle of friends, clients, or co-workers.
Just make a regular phone call. Many meetings simply don't need video. When that's the case, pick up the phone to talk to a colleague or loop a small group into an old-fashioned conference call.

Allen St. John

Allen St. John has been a senior product editor at CR since 2016, focusing on digital privacy, audio devices, printers, and home products. He was a senior editor at Condé Nast and a contributing editor at publications including Road & Track and The Village Voice. A New York Times bestselling author, he's also written for The New York Times Magazine, The Wall Street Journal, and Rolling Stone. He lives in Montclair, N.J., with his wife, their two children, and their dog, Rugby.