Communicating within and outside the company has never been easier. However, the security of video conferencing software is still rarely taken into account and often exposes users’ personal data.

The urgency of data protection

The GDPR 2022 barometer of Data legal drive indicates that 74% of the data and privacy professionals surveyed believe that employees are more and more attentive to the protection of personal data by the company.

This is not surprising when you consider that in 2021, one out of two French companies was the victim of a cyber attack (CESIN study). Computer attacks generally lead to data theft, which exposes employees and undermines the financial stability of organisations.

In companies, videoconferencing tools process and transmit a multitude of sensitive and confidential data and become prime targets for hackers.

The absence of a backdoor in the software

Some major video conferencing software, located outside the European Union, comply with foreign legislation. These authorise the listening of communications. This is the case of the Cloud Act, a series of extraterritorial American laws which allow the authorities to force publishers located on American territory to provide data relating to electronic communications. This data can be stored on American or foreign servers.

Video conferencing: is it necessary to choose a European solution?

Tixeo is committed to data protection

As a European and secure solution, Tixeo is 100% compliant with the GDPR and puts personal data protection at the heart of its commitments. Indeed, its customers, evolving in sensitive sectors (defense, health, industry…) require a reliable video conferencing tool with a maximum security level and with all the guarantees to respect the integrity of their employees’ personal data.

In the Tixeo GDPR guide, select your user profile to find all the essential information you need to know about

• the processing
• use
• hosting
• storage
• the protection

of your personal data.

Features of a secure video conference

A secure video conferencing software offers additional guarantees for personal data protection. This is the case of Tixeo.

Secure by Design: an architecture designed for data security

To be secure, a secure video conferencing software must be Secure by Design. In other words, it must take security into account from the very first steps of its design to its deployment. This process makes it possible to determine potential points of failure in the software at an early stage and to work out solutions to correct them during its development.

As a result, Secure by Design video conferencing software will be much more robust than traditional video conferencing software.

Deployment that minimises security impacts 

Deploying a video conferencing tool must not disturb the security of the company’s internal network. With Tixeo, Secure by design video conferencing software, there is only one port to open to deploy the solution. Thus, the security policy of the company network is preserved. This saves time and security!

Tixeo’s secure video conferencing includes end-to-end encryption through a server (AES 256 encryption), while easily adapting to network variations.

[How it works] End-to-end encryption

Taking into account the location of the publisher  

It should be noted that the location of the video conferencing editor is an important criterion to take into account, if the software claims end-to-end encryption. Indeed, in some countries, it is sometimes impossible to fully encrypt communications.

For example, since 2001 in the United States, the Patriot Act requires software publishers to add backdoors to their systems. This back door is a secret entrance that allows the authorities to access the software’s data. If a malicious entity discovers it, personal data can be compromised.

Video conferencing: do you (really) know how your personal data is handled?

The explosion of teleworking and hybrid working has led to the widespread use of video conferencing solutions in organisations. Tools that involve the processing of a multitude of personal data of your company’s employees.

Protect your employees and your business

Deploying a videoconferencing solution within your organisation involves processing the personal data of all your employees. This data is of various kinds and includes information about your employees but also about your activity.

Thus, depending on the request, the names, first names, or user IDs and passwords are personal data that can be collected, just like the titles of meetings, their dates or the list of participants.

In most organisations, especially those in sensitive sectors, this data must remain strictly confidential. It is therefore imperative to have a clear view on how personal data is handled.

5 essential questions to ask yourself

1/ Who processes my data?

The data controller determines the purposes and means of processing personal data. The personal data processor processes personal data on behalf of the data controller.

Depending on the use of its services, TIXEO is either a data controller or a data processor on behalf of its Cloud customers.

2/ Why are they used?

These are the purposes set by the controller that justify the use of personal data.

For example, Tixeo processes personal data during a videoconference meeting to generate a meeting history, which is necessary for its client, and to allow to find the participants who attended a meeting.

3/ Where are they housed?

This is a key issue as the hosting of personal data is a key factor in determining the level of protection.

Indeed, within the European Union, the GDPR excludes any possibility of hosting personal data abroad or transferring data to a third country, without a contractual agreement in advance.

Outside the European Union, regulations are much more flexible. In the US, the Cloud Act, a series of extraterritorial laws, allows authorities to force publishers located in the US to provide electronic communication data, whether stored on US or foreign servers.

Tixeo hosts all its data in France, with OVH, a French company and European leader in the cloud.

4/ How long is it kept?

Processed data may be kept for a limited period of time. This must be clearly specified.

5/ What personal data protection measures are implemented?

The GDPR compliance of a videoconferencing solution is a first guarantee of security.

Tixeo goes further by taking a number of precautions to maximize data security. Among them, the encryption of the hard disks of the staff’s workstations handling personal data or the verification of the subcontractors’ compliance with article 28 of the GDPR.

Indeed, security is part of Tixeo’s DNA: its European video conferencing solution is the most secure on the market and is certified and qualified by the ANSSI.

Discover how Tixeo handles your personal data

In its GDPR guide, Tixeo explains in full transparency its personal data protection policy.

In one click, select your user profile and discover all the information about how Tixeo, a 100% GDPR compliant video conferencing solution, handles your personal data.

While 42% of Europeans are worried about the use of their personal data (according to this study published in 2022), being compliant with the GDPR (General Data Protection Regulation) is an increasingly important issue for companies. In the age of digitalization of work, this compliance is now a real guarantee of reliability.

Tixeo, the European leader in secure video conferencing, is 100% GDPR compliant.

To protect users’ personal data

When a video conferencing solution is used within an organisation, personal data are collected and processed.

The following is an example of personal data that may be processed by the solution provider

• lists of participants in meetings,
• their names and e-mail addresses,
• the times and dates of videoconferences,
• identifiers or passwords

Even before using the solution, personal data may already have been collected. For example, if a test or contact request has been made: the name, e-mail address or telephone number of the requester has been processed.

It is therefore essential to be aware of all the measures taken by the videoconferencing publisher to protect data.

An essential condition: the European origin of the solution

In Europe, the GDPR firmly regulates the processing of personal data.

In particular, it excludes any possibility of transferring data to a third country without a prior contractual agreement. The GDPR also requires publishers to notify all information relating to the personal data they collect, such as: the means of collection, the purposes, the legal basis and the retention period. European videoconferences are subject to this regulation.

Outside the European Union, video conferencing solutions are not subject to the GDPR.

Most of the major publishers, particularly those present in the United States, comply with foreign regulations, which are very flexible in terms of data protection. The Cloud Act is one of them. This series of extraterritorial laws allows the authorities, under certain conditions, to compel publishers located on American territory to provide data relating to electronic communications stored on American or foreign servers.

Tixeo offers full transparency on personal data processing

As an actor committed to video conferencing security, Tixeo puts GDPR compliance at the heart of its commitments. It is imperative that its customers, operating in sensitive and strategic sectors, benefit from an optimal protection of their users’ personal data.

All security measures are implemented, particularly internally, to ensure this protection. These measures include the encryption of the hard disks of staff workstations handling personal data and the verification of the compliance of subcontractors.

But it is not enough to say so!

Tixeo provides its customers and users with an easy-to-understand GDPR guide.

In this guide, you just have to select your profile (Tixeo customer, solution tester, videoconference guest…), to access, in one click, all the information about the processing of your personal data.