Privacy policy, cookies & virtual events

15 April 2020

Privacy policy

At the Ada Lovelace Institute, we value your privacy. We will always state clearly why we are collecting personal data, what we will do with it and how long we will keep it.

The Ada Lovelace Institute is part of the Nuffield Foundation. Read more about our privacy policy here.


Cookies

How we use cookies

Cookies are small data files which are stored on your device and which record your visit to the website. They are either persistent, where they stay on your device after you leave the site, or session based, which means they are deleted after your visit. For more information see https://cookiepedia.co.uk/giving-consent-to-cookies

For our site, we will give you the option to accept cookies or not when you first visit. If you do not want to accept cookies on any sites you visit, you should be able to change your settings to refuse third-party cookies. For further information on how to do this in most common browsers, see https://ico.org.uk/your-data-matters/online/cookies/

We use the following cookies on our website in order to assess and improve its functionality.

First-party cookies (set by our site)

Google Analytics

  • Our website uses persistent analytical cookies from Google to track the number of unique visitors to the site and how users move around the pages. These cookies also collect data on in which countries users are located and from what type of device they are accessing the site. Your IP address and which browser you use are transmitted to and stored by Google on servers in the US for these purposes to ensure quality of service and generate usage statistics. Google will not associate your IP address with any other data held by Google. For more information on how Google uses information from sites using Google Analytics, see their privacy policy.

Cookie compliance

  • This cookie records your cookie acceptance status.

Third-party cookies (set by third party sites)

Twitter

  • Our website contains links to Twitter feeds. Twitter widgets add third-party persistent cookies to help analyse usage and to remember your session if you are logged into Twitter. These involve storing log data about you in accordance with Twitter’s privacy policy, which Twitter will then use to show relevant content to you on their platform, including ads. This web browsing history is not associated by Twitter with other personal data they hold on you and will be anonymised by them after 30 days.

Virtual events

We are using Zoom for virtual events open to more than 40 attendees. Although there are issues with Zoom’s privacy controls, when reviewing available solutions we found that there isn’t a perfect product and we have chosen Zoom for its usability and accessibility. We expand on the reasons for our choice in the guidance below, which we will keep under review.   

For each event we will explain how you can participate (video, audio and/or written chat), though all will be optional.  

Some of you will be very familiar with Zoom already. For newcomers, Zoom enables people to participate in virtual events. You can use the settings on the Zoom toolbar to choose whether you want to join using video or audio.   

If you are interested in an Ada Lovelace Institute event and using Zoom makes it hard for you to join, please contact hello@adalovelaceinstitute.org  

Accessibility 

Zoom enables keyboard navigation, screen reader support, and closed captioning. We are committing to providing closed captioning with human captioners at all public Ada events. If there are further ways we can support your attendance please contact hello@adalovelaceinstitute.org 

Privacy issues and user experience 

Before deciding on Zoom, we looked into the privacy policies and practices of a range of video conferencing platforms that provide an acceptable user experience, and that we could roll out in the timescale required. The results are disappointing: tools with good user experience generally fail to meet GDPR obligations (see analysis). 

Zoom has had recent media criticism for its privacy practicesWe share these concerns and encourage Zoom, as well as other video conferencing providers, to realise their responsibilities to user privacy, and particularly due to their increased role offering a highdemand service under the present social isolationWe welcome Zoom’s recent statement, updates and pledge to improve privacy but will look to them to do more to protect the privacy and security of their users. 

What privacy concerns should I be aware of? 

Zoom, similar to most mass-participation video conferencing applications, does not use end to end encryption. It uses transport layer encryption, which means the content of the communication can be visible to Zoom. It has also been reported that Zoom is leaking email addresses and photos. It is also unclear if, or how, Zoom combines data from third parties and available sources and how that data is used.  

Why aren’t these issues explained in their privacy policy? 

We don’t know. Their privacy policy doesn’t follow best practice and risks misguiding usersQuestions and comments on their privacy measures can be sent to their privacy team at privacy@zoom.us or the support team at https://support.zoom.us.  

Advice for minimising exposure while using Zoom 

  • Use Zoom in the web browser instead of downloading the desktop or mobile app (although please be aware that some features are not be available in the web browser). 
  • Open the browser version on a separate incognito/private browser window. 
  • Be aware written chat logs are stored on Zoom’s servers, so you may wish to avoid sharing private information in written chat 
  • For advanced users, you may wish to run Zoom on a virtual machine or an operating system on a USB 🙂