The Berlin data protection authority has instructed the FU to end the use of Cisco Webex by the end of September. The university leadership is still looking for a conversation.
The Freie Universität (FU) Berlin is sticking to the use of the video conference software Cisco Webex despite massive criticism from the data protection authority of the city-state. The university announced that the provisional state data protection officer, Volker Brozio, was offered a discussion about the use of the system in mid-September: The Free University was “interested in continuing a constructive dialogue” on this matter.
In a letter dated August 3, Brozio had previously asked the university to “completely terminate the Cisco Webex services previously used by September 30 at the latest and to confirm this to us in writing”. The result that has already been announced remains that the supervisory authority currently sees no possibility of legally compliant operation of the US group’s video conference system.
Should the FU nevertheless want to continue using Webex, according to Brozio, it must fully prove “the lawfulness of the associated processing of personal data” in accordance with Article 5. This involves, for example, compliance with principles such as earmarking, data minimization, timely deletion and correction as well as storage limitations. On the other hand, the supervisory authority wants to examine the initiation of a “formal procedure to prohibit further use of the cloud version of Cisco Webex”.
AStA calls for switching to Jitsi or BBB
The AStA FU received Brozio’s letter in response to a request for the Freedom of Information Act (IFG) and published it on Sunday. Janik Besendorf, the spokesman for the Committee for Data Protection and Communication, welcomed the fact that the inspectors were finally getting serious: “For years, despite repeated criticism, the FU has not realized that it has to end the use of Webex.” It is now important to “quickly rely on data-saving alternatives such as Jitsi or BigBlueButton (BBB)” in order to be able to continue teaching in the winter semester.
According to the AStA, the actions of the supervisory authority are also relevant beyond the FU: the Senate and House of Representatives also use the controversial conference system and have so far ignored the warnings.
No further explanations
According to its own account, the FU has already “taken a large number of measures”, which the Monita of the former Berlin data protection officer Maja Smoltczyk “took up and constructively solved”. When asked by voonze online, a spokesman for the university did not initially explain these steps. He also did not go into a potential switch to other systems.
Two years ago, the data protection conference of the federal and state governments issued a guide according to which companies, authorities and other organizations cannot easily use widespread video conferencing systems such as Microsoft Teams, Skype, Zoom, Google Meet, GoToMeeting and Webex. Before that, the leading solutions from overseas had failed in a short test by Smoltczyk. On the other hand, the controller gave the green light for Jitsi and BigBlueButton instances.
The FU Presidium has now announced that it will “continue to respond to constructive suggestions for further improving data protection”. It wants to use the top-level discussion brought into play “to explain the whole complex and to show solution scenarios”. Researchers had recently found that Webex phoned home muted for a long time and revealed activities in the room.
(emw)
