Data protection & confidentiality
The content on this page was translated automatically.
News on video conferencing systems at the University of Kassel
In a letter addressed to the President of the University of Kassel, the Hessian Commissioner for Data Protection and Freedom of Information (HBDI) has communicated the result of his legal examination of the use of video conferencing systems at universities, in particular the use of Zoom under the conditions of the so-called "Hessian Model", which must already be taken into account in the current summer semester 2023.
According to this, three application scenarios must be distinguished:
- In teaching, Zoom can be used in the installation configured and provided by the University of Kassel on the basis of the "Hessian Model".
- Different standards must be applied for administration and research than for teaching, whereby open source products such as BigBlueButton are generally suitable to meet the demand.
However, it is not a problem for those working in research to participate in Zoom meetings as invitees. In addition, although not in general, it is possible to use Zoom as a host in specific individual cases - if the occasion requires it.
The experience of recent months shows that although BigBlueButton has become an acceptable alternative for video conferences that take place repeatedly or can be postponed if necessary, it still cannot be used without problems for business-critical video conferences in everyday university life.
For the time being, the University of Kassel therefore considers business-criticality to be a compelling reason for the use of Zoom in the areas of administration, research and transfer, whereby the decision as to whether business-criticality exists in individual cases is the responsibility of the organizer (host).
Examples of business-criticality are:
- High-level events such as university management conferences or external reviews;
- Essential participation of persons whose network connection is unknown or known to be insufficient for the meaningful use of BigBlueButton.
- In connection with confidential or sensitive personal data , a risk assessment requires particular caution to be exercised:
Confidential personal content, which includes personnel matters, requires a higher level of data protection. Therefore, video conferences in connection with student representation of interests and with staff representatives as well as for applications, appointment procedures, staff interviews, etc. should only be carried out with BigBlueButton.
Sensitive data, which includes personal data revealing a person's racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data processed solely for the purpose of uniquely identifying a natural person, health data, data concerning a person's sex life or sexual orientation, is subject to special processing conditions under the GDPR. Therefore, neither Zoom with E2EE nor BigBlueButton, but only special video conferencing solutions for the healthcare sector, are permitted for video conferences involving patient matters.
Please refer to the guidelines on the use of video conferencing systems at the University of Kassel from the summer semester 2023, which contain the above information and also a technical and organizational description of the video conferencing systems available at the University of Kassel (BigBlueButton, DFNConf-Pexip and Zoom), in accordance with the specifications of the Hessian Commissioner for Data Protection and Freedom of Information.
Go-Link of this page: www.uni-kassel.de/go/zoom-datenschutz