Red Dots and Banners: Consent and Privacy Concerns in Videoconferences

GettyImages-1254705023-videoconferencing-300x200“One who invites another to his home or office takes a risk that the visitor may not be what he seems, and that the visitor may repeat all he hears and observes when he leaves. But he does not and should not be required to take the risk that what is heard and seen will be transmitted by photograph or recording, or in our modern world, in full living color and hi-fi to the public at large or to any segment of it that the visitor may select.” When Ninth Circuit Judge Shirley M. Hufstedler wrote these words in 1971 about surreptitious recordings made by newsmen, she probably had no idea that a global pandemic would give new meaning to her words.

Flash Forward Nearly 50 Years
It is the year 2020. COVID-19 has made a grand entrance and is not leaving any time soon. As if the coronavirus itself was not enough, many of us are now confined to our homes where we are subject to screen fatigue that, in at least my case, has completely ruined the restorative effects of my LASIK surgery. Whether it is work meetings, therapy, social or networking events, everything is happening on a screen. Technology has allowed us to stay more connected than ever. Furthermore, the prevalence of video conferencing, means we are often scrambling to find actual work clothes when our supervisors demand that we actually turn on our cameras. And for the convenience of all who “couldn’t make it,” virtual hosts can, with the click of a button, record the session and make it readily available. Or can they? Hosts of videoconferences, webinars and other virtual meetings seem unaware of what is legally required prior to recording. Meanwhile, this nonchalant recording and sharing of virtual meetings could result in negative consequences, including jail time or hefty fines.

Your Location Matters
Your state may require the consent of one or all of the videoconference attendees prior to recording. In one party consent states, at least one person has to consent to the recording. For instance, if you are doing a virtual conference in New York where there are various members of an organization in attendance (all of whom are in New York), then you can record the session if you are one of the attendees; however, if you’re not an attendee (for example if you’re part of the IT team making sure the conference goes smoothly from the background), then you’ll need to get the consent of at least one of the attendees (such as the person in charge) to record the session. Recording an in-person or telephonic conversation without the proper consent in New York is a felony.

But what if you are recording in California, Illinois or Florida? Although subject to variations, each of these states requires the consent of all parties to record conversations. In California, confidential conversations are protected while communications made in public gatherings are not protected. According to the California Supreme Court, a communication is confidential “if a party to that conversation has an objectively reasonable expectation that the conversation is not being overheard or recorded.” California also prohibits the intentional disclosure of the contents of private phone conversations without permission of the parties. Such rules only breed more questions. What is an “objectively reasonable expectation” that a conversation is not being recorded? Have expectations changed given the current situation? And is a virtual conference a public gathering? What if it is password protected? And what if it is advertised on a public social media account?

Just to make things a tad more complex, let’s suppose you are hosting a videoconference with participants in various states or countries. Now what? Although federal law requires the consent of one party to the communication in this instance, it might be safer to get the consent of all participants.

But I Need to Record It …
It is easy to become informal about these things, but the best course of action may be to implement similar formalities as though you were in a live meeting or conference.

Obtain Affirmative Informed Consent. Obtaining affirmative consent from attendees to record a meeting is best accomplished via a combination of methods, such as by informing attendees that the meeting will be recorded: as part of the meeting invitation, through a verbal announcement at the start that the meeting, and/or by using platform features that indicate when a meeting is being recorded. For example, many videoconference platforms have banners on the screen that show the session is being recorded. But having participants acknowledge that the session is being recorded after a separate verbal announcement provides guests who may have missed the message an additional opportunity to understand that the session will be recorded. Also given that there is usually an option to join by phone, many may not see the banner or checkbox. Stating it is just as important as showing it. You should also disclose why the event is being recorded and what you plan to do with the recording. Participants who do not wish to be recorded should be advised to exit the meeting.

Protect Participant Confidentiality. There are several steps you can take to protect the confidentiality of the host, participants and third parties. Videoconference hosts sometimes have multiple tabs open on their browser, or they have their email open with notifications coming in throughout the meeting. Not only can this serve as a distraction, but it can inadvertently disclose confidential information of third parties and, in the legal context, possibly even breach attorney client privilege. Require your hosts to disable notifications and close all applications before sharing their screens. Further, participants should be prohibited from taking screenshots of the meeting or recording it on their personal devices.

Monitor Access to the Recording. Many virtual event organizers send the link to the recording to all registered participants via email after the session, regardless of whether they actually attended. If this is your practice, ensure your guests understand that the recording will be available to anyone with the link. If the recording is instead posted on a website, limiting access or availability may help prevent unauthorized sharing. For instance, a link to a recording can expire after a certain amount of time. This does not protect against saving the recording, but at least it will not be available in perpetuity. It may be best to maintain the recording in a secure place that is centrally managed rather than distributing it.

As the pandemic presses on, videoconference providers will undoubtedly find better ways to protect participants. Until then, the safest practice may be to err on the side of caution—treating videoconferences as close to in person conferences as you can. You would not set up a camera and record a live meeting without asking, and then upload it to a public site. That would certainly not be advisable. Your best bet is to treat videoconferences the same.


How Far Is Too Far When Marketing Your Product for COVID-19?

Be Careful that Bot Doesn’t Come Back to Bite You

Can CGI Influencers Displace Their Human Counterparts?