Exploring Personal Data Processing in Video Conferencing Apps

Abstract

The use of video conferencing applications has increased tremendously in recent years, particularly due to the COVID-19 pandemic and the associated restrictions on movements. As a result, the corresponding smart apps have also seen increased usage, leading to a surge in downloads of video conferencing apps. However, this trend has generated several data protection and privacy challenges inherent in the smart mobile ecosystem. This paper aims to study data protection issues in video conferencing apps by statistically and dynamically analyzing the most common such issues in real-time operation on Android platforms. The goal is to determine what these applications do in real time and verify whether they provide users with sufficient information regarding the underlying personal data processes. Our results illustrate that there is still room for improvement in several aspects, mainly because the relevant privacy policies do not always provide users with sufficient information about the underlying personal data processes (especially with respect to data leaks to third parties), which, in turn, raises concerns about compliance with data protection by design and default principles. Specifically, users are often not informed about which personal data are being processed, for what purposes, and whether these processes are necessary (and, if yes, why) or based on their consent. Furthermore, the permissions required by the apps during runtime are not always justified.