Video conferences and data protection

Video conferences represent a particular challenge for data protection, especially for use in teaching. The various services offered differ here, but there are also central similarities. On this page we would like to briefly inform you about the essentials with a focus on usage in teaching.

In the run-up to digital courses, participants must be informed about the techniques used.

All services offered can be controlled via a client or via a web interface. Zoom allows significantly more configurations via the web interface, while DFNconf (Pexip) is better controlled via the client. Especially with zoom, the configuration via the web interface should be used. If the client is used, particular care must be taken to always use the current version of the software.

In all cases it must be ensured that only the "invited" attend the conferences. For this purpose, the conference can be protected with a password, which is made available to the participants independently, for example via the learning management systems. Some systems offer the waiting room principle, in which users must first be activated by the provider (host). However, this is difficult to implement with large numbers of participants.

For the support of asynchronous teaching, it is useful to record the video conference and publish it subsequently. All participants must be informed of this in advance.

DFNconf is a video conferencing service operated by the DFN-Verein on the servers of German colleges and universities. The service ensures the confidentiality of the video conferences to a high degree.

Teams is offered as part of the university Microsoft365 service (formerly Office365).

Like the cloud service, Teams is operated on servers in the EU and is subject to the GDPR.

The video conference service BigBlueButton, which will be offered centrally for the winter semester 2020/21, is operated entirely on the central infrastructure of the ZDV and can therefore be used for all purposes, including exams.

Zoom uses globally distributed data centers, that are not necessarily located in the EU (this may change shortly). Therefore the validity of the GDPR cannot be assumed. The encryption used is not an end-to-end encryption and only secures the transport route. Zoom is therefore not suitable for use in the exam environment.

In consultation with the University of Tübingen, the State Commissioner for Data Protection and Information Security made a positive statement about the use of Zoom.

Insbesondere bei zoom sind die umfangreichen Konfigurationsmöglichkeiten zu beachten, die wichtige Einstellungen bieten (alle im Unterpunkt "Einstellungen" in der Web-Oberfläche von zoom). Hier sind teilweise je nach Größe der Veranstaltung verschiedene Empfehlungen notwendig. Die wichtigsten Hinweise hierfür sind (viele sind die Default-Werte):

Particularly with zoom, the extensive configuration options that offer important settings must be taken into account (all in the "Settings" sub-item in the zoom web interface). Depending on the size of the event the recommendations differ. The most important settings are (many are the default values):

The client should be at least version 5 or newer.