Recording of video conferences and online events permissible?

In the age of online events and video conferencing / home office / home schooling, many meetings now take place in digital form via hopin, Zoom, Skype, Microsoft Teams, Google Meet, BigBlueButton and other platforms. Among other things, these also offer the function of recording a meeting. There is a great temptation from both the organizer and participant sides to record these meetings. Be it because an informative digital meeting takes place at an inconvenient time of day or in order to save minutes in important meetings.

But is the recording of video conferences / online events at all permissible under data protection law?

When recording sound and images in a video conference / online event, personal data is processed. This is only permitted if it is also based on a legal basis.

Legitimate interest of the organizer according to Art. 6 I 1 lit. f DSGVO or purposes of the employment relationship according to § 26 BDSG

Video conferences / online events as such are primarily intended to replace face-to-face meetings. If face-to-face meetings are not possible, digital meetings serve to maintain business operations and thus establish a legitimate interest of the organizer.

Internal digital meetings of employees, for example, may serve to fulfill the employment relationship.

External digital meetings can be of an economic, legal or even ideal nature and also serve to protect the legitimate interests of the organizer.

Whether these digital meetings may be recorded, however, is a different matter from the justification for holding them.

A recording encroaches on the personal rights of the participants to a much greater extent than a pure live transmission. In a weighing of interests, the interest of the organizer of the digital meeting already described would take a back seat. Even if the recording of the digital meeting is intended to serve the implementation of the employment relationship, a written record is still equally suitable and less intrusive and therefore preferable.

Consent of the parties involved according to Art. 6 I 1 lit. a DSGVO

Consent remains as the final justification option / legal basis. This would have to be obtained from all parties involved and meet the high requirements of the GDPR. It must therefore be voluntary, informed and verifiable. In addition, the data subjects can revoke it at any time. Transparency is particularly important here: the purpose and nature of the processing must be clearly defined and communicated in advance.

Secret records

It should be clear that secret recording is therefore illegal under data protection law. In addition, secret recording even entails consequences under criminal law. It does not matter whether the recording was made by the organizer (e.g. the employer) or a participant (e.g. an employee). As an organizer, it is therefore advisable to disable the recording function for all participants as a matter of principle.

What else should be considered?

This does not cover everything that is relevant to video conferencing / online events in terms of data protection. There is also a lot to consider when it comes to selecting the right service provider and concluding the order processing agreement with them, as well as selecting the right default settings and complying with the information obligations. Expert advice should definitely be obtained in individual cases.

You can find further information e.g. on

Guidance on DSK video conferencing systems

Notes on videoconferencing services from the Berlin supervisory authority

 

DSB buchen
en_USEnglish