Coming to Terms (of Service) with your Organization’s Data | Firm Alert

Earlier this week, Zoom Video Communications, Qumu Corporation released updated terms of service on its Web site.  (https://explore.zoom.us/en/terms/).  While a network service updating terms of service is not particularly unique or newsworthy, Zoom has recently added new language in its general terms of service that may result in users granting Zoom a free license of customer data for Zoom’s own business purposes. These updated terms should, at a minimum, prompt an organization to review not only the terms of use of its Zoom services, but also the terms of all of the network services it utilizes.

Zoom’s Updated Terms of Service as an Example

Zoom’s updated terms of service appear to be quite broad in terms of language granting Zoom potentially significant rights to your organization’s data.  Specifically, Section 10.2 defines the term “Customer Content” as a collective term for Customer Input that includes “data, content, files, documents, or other materials” that are provided by customers during use of the Zoom service.  “Customer Content” also includes all the content/materials generated by the Zoom service during use. 

As updated this week, Section 10.4 goes beyond the typical licenses generally required by Zoom to host the service on behalf of its customers, and further grants to Zoom:  

“a perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary to redistribute, publish, import, access, use, store, transmit, review, disclose, preserve, extract, modify, reproduce, share, use, display, copy, distribute, translate, transcribe, create derivative works, and process Customer Content and to perform all acts with respect to the Customer Content . . .(ii) for the purpose of product and service development, marketing, analytics, quality assurance, machine learning, artificial intelligence, training, testing, improvement of the Services, Software, or Zoom’s other products, services, and software, or any combination thereof.” 

This unannounced change by Zoom reminds us that it is important to continually monitor the network services used by an organization, and evaluate the potential impact created by changes in terms of service. The organization may determine that its use of the service does not involve the types of data that would give rise to significant concerns or warrant additional policies or restrictions.  However, there are many situations where the use of network services many be problematic because they involve confidential or protectable content—especially network services that include video/audio conference services, generative AI services, etc.  Additionally, organizations may have specific license terms such as through an enterprise license, that may not be impacted by a change of general terms of service. Although Zoom has indicated in its media postings that its customers have the ability to opt out of such broad license grants (https://blog.zoom.us/zooms-term-service-ai), there is nothing in the current general terms of service that indicate that the granted licenses are optional in nature or require some condition precedent (e.g., an opt in selection) to be validly granted.

Moving Forward - A Comprehensive Approach to Managing Network Service Terms of Service

Zoom’s updated terms of services, which are purportedly deemed to be accepted if the service continues to be used, are yet another example of the data licensing clauses in many network services, including Open AI’s terms of use (https://openai.com/policies/terms-of-use), that should be carefully reviewed prior to adoption or use of the service.   A comprehensive review would include at least the following:

1. Assess, Confirm or Re-Assess Your Organization’s Use of Services
2. Update/Confirm Current Terms of Service for Services and Implications for Organizational Data
3. Develop/Update Risk Management Plans – Contractual Negotiations, Pursuing Opt-Outs (if available), Service Use Policies
4. Execute and Confirm Risk Management Plans
5. Repeat – Integrate as Part of IP Planning/Review

Implementation of a comprehensive approach, as modified to fit the needs of your organization, may be best discussed on an individual basis. 

About Knobbe Martens

Knobbe Martens is one of the most highly respected intellectual property law firms, offering all aspects of intellectual property and technology law. The firm’s litigation group handles cases throughout the U.S. and coordinates strategy for disputes worldwide. Founded in California in 1962, the firm has about 300 lawyers and scientists based in offices located in Orange County, Los Angeles, New York, San Diego, San Francisco, Seattle and Washington D.C.  Knobbe Martens serves a diverse international client base, from multinational corporations to emerging businesses of all stages. More information about the firm can be found at www.knobbe.com.