Cisco Webex’s video conferencing solution meets EU data protection standards, according to the European Data Protection Supervisor (EDPS).
The Court of Justice of the European Union (CJEU) chose to deploy Webex’s services to host hybrid hearings and meetings, which resulted in a months-long investigation by the EDPS.
On July 13, 2023, the EDPS announced its approval of Webex, making it the only videoconferencing platform to have received such an endorsement.
Javed Khan, Senior Vice President and General Manager of Cisco Collaboration, explained why this was such a milestone:
“Webex is the first and currently the only videoconferencing platform to have attained such EDPS approval — a significant milestone that Webex and the CJEU collectively share.
“This is no small achievement, knowing the CJEU itself is the entity that, back in 2020, issued the Schrems II decision, invalidating the Privacy Shield as a transfer mechanism for personal data between the EU and the U.S. under the GDPR.”
The CJEU takes extra precautions to protect its highly sensitive data, which combined with Webex’s privacy and security controls, were key to receiving the EDPS’ positive decision.
Cisco’s privacy, product engineering, and legal teams helped to form an Impact Assessment that ensured their measures were checked against possible risks.
According to Webex, it enables customers to easily manage their data, meeting usage, user access, and react efficiently to security threats.
Any EU customer can use Webex to store personal data in the EU, including for large-scale events.
Webex Privacy and Security
Webex uses some of the “most stringent” standards, certifications, and rules in the world.
It develops extra security and privacy features, such as end-to-end encryption and data protection ‘by design and by default’.
The videoconferencing platform has now achieved the highest level of adherence to the EU Cloud Code of Conduct.
In order to gain this certification, Webex was assessed and audited by an an independent third-party that verified all controls in the code. This was validated by the monitoring body for the EU Cloud CoC, SCOPE.
Webex also enables companies to be compliant with certain local rules and standards, including German C5, Spanish ENS, and other certifications with third-party audits.
Data, Transparency, and Encryption
Webex has data centres in Frankfurt and Amsterdam, ensuring that European user data remains in the EU, from files, messages, and recordings, to analytics data, logs, user profiles, billing data, and more.
It is currently the only collaboration platform to support full EU data residency.
As well as allowing admins to manage the complete Webex suite, the Webex Control Hub lets customers see where their data is located and move it to their preferred location.
It also allows organisations to easily and securely manage data storage and create user and content access controls.
On top of this, Webex is using Zero-Trust End-to-End-Encryption to prevent outsiders from intercepting communications.
Meeting encryption keys are only accessible to meeting participants and Webex cannot access the meeting key either.
EDPS’ approval adds to the recognition Cisco has received for its security and privacy, including leading industry analysts like Sorell Slaymaker, Metrigy, and Gartner.
By contrast, European officials have recently begun an investigation to determine whether Microsoft’s bundling of Teams and Office 365 is “abusing” its market position.