Zentrum für Datenverarbeitung (ZDV) (data center)

Video conferences and data protection

Video conferences represent a particular challenge for data protection, especially for use in teaching. The various services offered differ here, but there are also central similarities. On this page we would like to briefly inform you about the essentials with a focus on usage in teaching.

General

In the run-up to digital courses, participants must be informed about the techniques used.

All services offered can be controlled via a client or via a web interface. Zoom allows significantly more configurations via the web interface, while DFNconf (Pexip) is better controlled via the client. Especially with zoom, the configuration via the web interface should be used. If the client is used, particular care must be taken to always use the current version of the software.

In all cases it must be ensured that only the "invited" attend the conferences. For this purpose, the conference can be protected with a password, which is made available to the participants independently, for example via the learning management systems. Some systems offer the waiting room principle, in which users must first be activated by the provider (host). However, this is difficult to implement with large numbers of participants.

For the support of asynchronous teaching, it is useful to record the video conference and publish it subsequently. All participants must be informed of this in advance.

DFNconf

DFNconf is a video conferencing service operated by the DFN-Verein on the servers of German colleges and universities. The service ensures the confidentiality of the video conferences to a high degree.

 

Microsoft Teams

Teams is offered as part of the university Microsoft365 service (formerly Office365).

Like the cloud service, Teams is operated on servers in the EU and is subject to the GDPR.

BigBlueButton

The video conference service BigBlueButton, which will be offered centrally for the winter semester 2020/21, is operated entirely on the central infrastructure of the ZDV and can therefore be used for all purposes, including exams.

Zoom

Zoom uses globally distributed data centers, that are not necessarily located in the EU (this may change shortly). Therefore the validity of the GDPR cannot be assumed. The encryption used is not an end-to-end encryption and only secures the transport route. Zoom is therefore not suitable for use in the exam environment.

In consultation with the University of Tübingen, the State Commissioner for Data Protection and Information Security made a positive statement about the use of Zoom.

Insbesondere bei zoom sind die umfangreichen Konfigurationsmöglichkeiten zu beachten, die wichtige Einstellungen bieten (alle im Unterpunkt "Einstellungen" in der Web-Oberfläche von zoom). Hier sind teilweise je nach Größe der Veranstaltung verschiedene Empfehlungen notwendig. Die wichtigsten Hinweise hierfür sind (viele sind die Default-Werte):

Particularly with zoom, the extensive configuration options that offer important settings must be taken into account (all in the "Settings" sub-item in the zoom web interface). Depending on the size of the event the recommendations differ. The most important settings are (many are the default values):

Require a password when setting up new meetings yes
Require password for instant meetings yes
Require password for Personal Meeting ID (PMI) all meetings with PMI
Only authenticated users can join meetings from the web client no
Embed the password in the meeting link for one click to join no
Request password for telephone subscriber

yes

Data transfer (send files in chat) no
Feedback to zoom no
Co-moderation yes
Breakout-room yes
Waiting room yes - if the number of participants allows
Show a link "Participate from browser" yes
Remote control of the camera no

The client should be at least version 5 or newer.