I actually consider the act of doublespeak potentially insinuating ill intent.
What you and what you say need to be consistent to preserve user trust and then being inconsistent shows mismanagement by senior leadership or even potentially intent to deceive or spin the situation while still implementing the policy. It’s the PR classic do one thing say another.
Edit: Oh, and then this hits almost at the same time…
>I actually consider the act of doublespeak potentially insinuating ill intent
I agree with this sentiment and it feels like a heuristic at this point.
I think it comes from a decade of watching when corporate officers get caught red handed then try and denial of service the bad press with their jingoistic pablum.
Well, the practice of being able to take your case to the government is a great one. The government - already paid for with free money from non-government people working - is the one letting itself be corruptable.
I have not had a chance to read up on this yet but does zoom not have a paid version or corporate version that would not follow under these same TOS? If not it seems crazy like a shot in the foot because lots of businesses use zoom and I know most want or are required to use privacy preserving programs.
> We will not use ... protected health information, to train our artificial intelligence models without your consent.
> We routinely enter into ... legally required business associate agreements (BAA) with our healthcare customers. Our practices and handling of ... protected healthcare data are controlled by these separate terms and applicable laws.
To my understanding there is nothing in the separate terms (BAA) or applicable laws (HIPAA) that actually guarantees this.
I don't want to assume malice but if in good faith I would have expected an updated BAA with an explicit declaration regarding data access and disclosure in a legally-binding fashion rather than a promissory blogpost vaguely referencing laws that don't themselves inherently restrict the use of PHI for training by Zoom.
> You agree to grant and hereby grant Zoom a perpetual, worldwide, non-exclusive, … [rest already quoted several times in the thread]
so that promise to not do it without consent is meaningless as they have consent from anyone who has agreed to the ToS which anyone using the service/product has done.
The BAA still states: Zoom shall not Use and/or Disclose the Protected Health Information except as otherwise limited in this Agreement ... for the proper management and administration of Zoom ... Zoom will only use the minimum necessary Protected Health information necessary for the proper management and administration of Zoom’s business specific purposes
As discussed in my comments on yesterday's post "proper management and administration" is vague language copied from HHS and can be construed as improving products as described in a legal analysis I quoted. I would also hazard a guess that a provider signing this agreement could be construed to have implied consent.
Nevertheless, it would not be hard to explicitly state that this does not include training models in the only truly legally binding agreement at play. An explicit declaration was also recommended in said legal analysis.
In Europe/UK, it is established law that agreeing to TOS is not consent for everything in it, especially when referring to the use of personal data for things that aren't strictly necessary to do what the user has asked, and also especially given that in order for it to be consent freely given then there must be no difference in service depending on whether consent is given or not.
However, many companies reckon they'll get away with it, the enforcement is not universal and rapid, and I don't trust Zoom as far as I can throw it on this particular score.
