Zoom Video Communications ("Zoom") is a cloud-based videoconferencing (VICO) platform enabling the successful organisation of events in a virtual environment such that effective interaction between participants is as close as possible to a face-to-face experience.
With a view to the needs of patent proprietors and users to continue enjoying access to all patent procedures the EPO has decided to launch a pilot project on opposition by videoconference. Within this framework, Zoom is tested to hold proceedings which require simultaneous interpretation and/or multiple opponents.
This pilot project forms part of our Business Continuity scenario (launched in response to the operational disruption caused by the coronavirus pandemic). As such, the data processing operation is based on Article 5(a) of the EPO Data Protection Guidelines ("processing is necessary for the performance of a task carried out on the basis of the EPC or in the exercise of official authority vested in the EPO").
Personal data is processed by the EPO for the purpose of organising these oral proceedings. Personal data is processed in the Zoom platform only for the purpose of carrying out the virtual event and ensuring the effective collaboration and communication between the Office and its stakeholders thus guaranteeing EPO business continuity and compliance with applicable legal obligations.
All the possible measures have been taken by the EPO to ensure the protection of personal data and to safeguard the confidentiality, integrity and availability of the information and moreover Zoom has committed in a binding agreement to comply with its data protection obligations stemming from the GDPR and the EPO Data Protection Guidelines.
Zoom has publicly announced that it stores all data on third-party secured servers where the following security measures are implemented:
Zoom has SOC 2 type II certification for compliance with security, availability, processing, integrity and confidentiality standards and its cloud services provider is ISO 27001 certified.
For more information on the processing of personal data by Zoom or its subcontractors, please consult their privacy policy. Zoom signs agreements with all its service providers that prevent them from processing of data for their own purposes or for the purposes of another third party.
When the EPO organises an oral proceeding on the Zoom platform and invites the parties to dial-in, we will do so according to the most secure options available; the EPO nevertheless strongly recommends its users to not share any confidential data when exchanging information using Zoom.
For more information, please refer to the User Technical Guidelines.
The data processed by Zoom for the purpose of oral proceedings in opposition by VICO is as follows:
Additional data could be collected depending on whether the user joins the virtual event through an Android or an iOS device. As part of the nature of a collaborative tool, additional personal data may be included in the information that is exchanged between the Office and stakeholders, such as instant messages, images, files, whiteboards, recordings (if previously agreed), contacts, metadata used for the maintenance of the service provided.
Personal data processed by the data controller or the service providers under its supervision are generally stored for the period of time necessary to achieve the purpose for which they have been processed. Zoom shall retain the personal data of the attendees strictly necessary for the organisation and management of a particular event/meeting for the maximum of one month.
This guidance will be further developed during the course of the pilot project.
Latest update: 9 October 2020
If you have any question on data protection matters, please submit it using our contact form and it will be routed to the EPO Data Controller.
