How bad is it if VidCo cameras can be activated without consent? [on hold]












2















Background



We have several video conference rooms in all regional offices. They are regular conference rooms (which are used for video conferences but also often normal, local conferences), accessible and open to everbody, anytime.



They are reserved in our Exchange, and all reservations are clearly visible for everybody; i.e., everybody can quickly and easily check who is in which vidco room.



From each video conference unit, one can easily (no password or anything; no reservation necessary) dial-in into any other vidco unit. Originally, voice and video would be immediate open bi-directionally; recently that was changed so that only the video stream appears but the microphone on the called side is muted (and has to be un-muted in the target room).



Active cameras are clearly visible; they sit prominently on top of the displays; when offline, they are pointed to the side with a red LED; when active, they swivel into the room and show a green light.



Question



Aside from the fact that we are working in IT and are all somewhat more or less involved or interested in data security topics: is there a possible problem here, involving law or potential law suits? I mean, worst case something really private goes on in a room, and a 3rd party simply snoops in. To stay in a business context, this could be secrets written on a whiteboard or whatever else you have (you can think of more or less humorous interpersonal things for yourself ;) ).



I would like to have some objective and possibly un-attackable arguments for our facility management or even higher-up to change the situation (i.e., make the video calls opt-in on the receiving site). As there is probably significant cost involved, I do not want to make an issue without first being sure to have a "carrying" argument.










share|improve this question













put on hold as primarily opinion-based by gnat, Rory Alsop, mcknz, virolino, IDrinkandIKnowThings Mar 29 at 14:09


Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.














  • 2





    What is stopping someone at the meeting from physically covering the camera during the meeting if it is not required for the meeting?

    – sf02
    Mar 27 at 12:43











  • Do people have to be physically present in a regional office in order to connect to another conference room? Or can they access the cameras from off-site?

    – user1666620
    Mar 27 at 12:49








  • 3





    There probably are no legal ramifications to it. There should be no expectation of privacy, especially considering that this is in a "public" work space (a conference room).

    – joeqwerty
    Mar 27 at 12:56











  • @user1666620, yes, they need to be physically there - the infrastructure is restricted to those physical video conference stations (i.e., it's not possible from Laptops or something like that).

    – AnoE
    Mar 27 at 13:27











  • If your conference rooms have windows, like most do, consider that somebody who's walking along in the hallway could just as easily look in. Why should computer looking in be any different?

    – user71659
    Mar 27 at 17:31
















2















Background



We have several video conference rooms in all regional offices. They are regular conference rooms (which are used for video conferences but also often normal, local conferences), accessible and open to everbody, anytime.



They are reserved in our Exchange, and all reservations are clearly visible for everybody; i.e., everybody can quickly and easily check who is in which vidco room.



From each video conference unit, one can easily (no password or anything; no reservation necessary) dial-in into any other vidco unit. Originally, voice and video would be immediate open bi-directionally; recently that was changed so that only the video stream appears but the microphone on the called side is muted (and has to be un-muted in the target room).



Active cameras are clearly visible; they sit prominently on top of the displays; when offline, they are pointed to the side with a red LED; when active, they swivel into the room and show a green light.



Question



Aside from the fact that we are working in IT and are all somewhat more or less involved or interested in data security topics: is there a possible problem here, involving law or potential law suits? I mean, worst case something really private goes on in a room, and a 3rd party simply snoops in. To stay in a business context, this could be secrets written on a whiteboard or whatever else you have (you can think of more or less humorous interpersonal things for yourself ;) ).



I would like to have some objective and possibly un-attackable arguments for our facility management or even higher-up to change the situation (i.e., make the video calls opt-in on the receiving site). As there is probably significant cost involved, I do not want to make an issue without first being sure to have a "carrying" argument.










share|improve this question













put on hold as primarily opinion-based by gnat, Rory Alsop, mcknz, virolino, IDrinkandIKnowThings Mar 29 at 14:09


Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.














  • 2





    What is stopping someone at the meeting from physically covering the camera during the meeting if it is not required for the meeting?

    – sf02
    Mar 27 at 12:43











  • Do people have to be physically present in a regional office in order to connect to another conference room? Or can they access the cameras from off-site?

    – user1666620
    Mar 27 at 12:49








  • 3





    There probably are no legal ramifications to it. There should be no expectation of privacy, especially considering that this is in a "public" work space (a conference room).

    – joeqwerty
    Mar 27 at 12:56











  • @user1666620, yes, they need to be physically there - the infrastructure is restricted to those physical video conference stations (i.e., it's not possible from Laptops or something like that).

    – AnoE
    Mar 27 at 13:27











  • If your conference rooms have windows, like most do, consider that somebody who's walking along in the hallway could just as easily look in. Why should computer looking in be any different?

    – user71659
    Mar 27 at 17:31














2












2








2








Background



We have several video conference rooms in all regional offices. They are regular conference rooms (which are used for video conferences but also often normal, local conferences), accessible and open to everbody, anytime.



They are reserved in our Exchange, and all reservations are clearly visible for everybody; i.e., everybody can quickly and easily check who is in which vidco room.



From each video conference unit, one can easily (no password or anything; no reservation necessary) dial-in into any other vidco unit. Originally, voice and video would be immediate open bi-directionally; recently that was changed so that only the video stream appears but the microphone on the called side is muted (and has to be un-muted in the target room).



Active cameras are clearly visible; they sit prominently on top of the displays; when offline, they are pointed to the side with a red LED; when active, they swivel into the room and show a green light.



Question



Aside from the fact that we are working in IT and are all somewhat more or less involved or interested in data security topics: is there a possible problem here, involving law or potential law suits? I mean, worst case something really private goes on in a room, and a 3rd party simply snoops in. To stay in a business context, this could be secrets written on a whiteboard or whatever else you have (you can think of more or less humorous interpersonal things for yourself ;) ).



I would like to have some objective and possibly un-attackable arguments for our facility management or even higher-up to change the situation (i.e., make the video calls opt-in on the receiving site). As there is probably significant cost involved, I do not want to make an issue without first being sure to have a "carrying" argument.










share|improve this question














Background



We have several video conference rooms in all regional offices. They are regular conference rooms (which are used for video conferences but also often normal, local conferences), accessible and open to everbody, anytime.



They are reserved in our Exchange, and all reservations are clearly visible for everybody; i.e., everybody can quickly and easily check who is in which vidco room.



From each video conference unit, one can easily (no password or anything; no reservation necessary) dial-in into any other vidco unit. Originally, voice and video would be immediate open bi-directionally; recently that was changed so that only the video stream appears but the microphone on the called side is muted (and has to be un-muted in the target room).



Active cameras are clearly visible; they sit prominently on top of the displays; when offline, they are pointed to the side with a red LED; when active, they swivel into the room and show a green light.



Question



Aside from the fact that we are working in IT and are all somewhat more or less involved or interested in data security topics: is there a possible problem here, involving law or potential law suits? I mean, worst case something really private goes on in a room, and a 3rd party simply snoops in. To stay in a business context, this could be secrets written on a whiteboard or whatever else you have (you can think of more or less humorous interpersonal things for yourself ;) ).



I would like to have some objective and possibly un-attackable arguments for our facility management or even higher-up to change the situation (i.e., make the video calls opt-in on the receiving site). As there is probably significant cost involved, I do not want to make an issue without first being sure to have a "carrying" argument.







germany






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Mar 27 at 12:36









AnoEAnoE

6,1971128




6,1971128




put on hold as primarily opinion-based by gnat, Rory Alsop, mcknz, virolino, IDrinkandIKnowThings Mar 29 at 14:09


Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.









put on hold as primarily opinion-based by gnat, Rory Alsop, mcknz, virolino, IDrinkandIKnowThings Mar 29 at 14:09


Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.










  • 2





    What is stopping someone at the meeting from physically covering the camera during the meeting if it is not required for the meeting?

    – sf02
    Mar 27 at 12:43











  • Do people have to be physically present in a regional office in order to connect to another conference room? Or can they access the cameras from off-site?

    – user1666620
    Mar 27 at 12:49








  • 3





    There probably are no legal ramifications to it. There should be no expectation of privacy, especially considering that this is in a "public" work space (a conference room).

    – joeqwerty
    Mar 27 at 12:56











  • @user1666620, yes, they need to be physically there - the infrastructure is restricted to those physical video conference stations (i.e., it's not possible from Laptops or something like that).

    – AnoE
    Mar 27 at 13:27











  • If your conference rooms have windows, like most do, consider that somebody who's walking along in the hallway could just as easily look in. Why should computer looking in be any different?

    – user71659
    Mar 27 at 17:31














  • 2





    What is stopping someone at the meeting from physically covering the camera during the meeting if it is not required for the meeting?

    – sf02
    Mar 27 at 12:43











  • Do people have to be physically present in a regional office in order to connect to another conference room? Or can they access the cameras from off-site?

    – user1666620
    Mar 27 at 12:49








  • 3





    There probably are no legal ramifications to it. There should be no expectation of privacy, especially considering that this is in a "public" work space (a conference room).

    – joeqwerty
    Mar 27 at 12:56











  • @user1666620, yes, they need to be physically there - the infrastructure is restricted to those physical video conference stations (i.e., it's not possible from Laptops or something like that).

    – AnoE
    Mar 27 at 13:27











  • If your conference rooms have windows, like most do, consider that somebody who's walking along in the hallway could just as easily look in. Why should computer looking in be any different?

    – user71659
    Mar 27 at 17:31








2




2





What is stopping someone at the meeting from physically covering the camera during the meeting if it is not required for the meeting?

– sf02
Mar 27 at 12:43





What is stopping someone at the meeting from physically covering the camera during the meeting if it is not required for the meeting?

– sf02
Mar 27 at 12:43













Do people have to be physically present in a regional office in order to connect to another conference room? Or can they access the cameras from off-site?

– user1666620
Mar 27 at 12:49







Do people have to be physically present in a regional office in order to connect to another conference room? Or can they access the cameras from off-site?

– user1666620
Mar 27 at 12:49






3




3





There probably are no legal ramifications to it. There should be no expectation of privacy, especially considering that this is in a "public" work space (a conference room).

– joeqwerty
Mar 27 at 12:56





There probably are no legal ramifications to it. There should be no expectation of privacy, especially considering that this is in a "public" work space (a conference room).

– joeqwerty
Mar 27 at 12:56













@user1666620, yes, they need to be physically there - the infrastructure is restricted to those physical video conference stations (i.e., it's not possible from Laptops or something like that).

– AnoE
Mar 27 at 13:27





@user1666620, yes, they need to be physically there - the infrastructure is restricted to those physical video conference stations (i.e., it's not possible from Laptops or something like that).

– AnoE
Mar 27 at 13:27













If your conference rooms have windows, like most do, consider that somebody who's walking along in the hallway could just as easily look in. Why should computer looking in be any different?

– user71659
Mar 27 at 17:31





If your conference rooms have windows, like most do, consider that somebody who's walking along in the hallway could just as easily look in. Why should computer looking in be any different?

– user71659
Mar 27 at 17:31










2 Answers
2






active

oldest

votes


















0














Seems to me that this is a bad idea on its face. No company which is serious about corporate security would ever allow such a thing, regardless whether audio is muted. Suppose the observer was a lip reader? When I worked at Xerox, there were signs in the elevators to not discuss company business because you never knew who was riding that elevator with you. I'd also think that corporate officers would positively go white with fear at hearing that this was possible - given all the missteps at that level of many organizations.






share|improve this answer








New contributor




Paul is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




























    -3














    According to GDPR such cameras Video surveillance and it's purpose falls into monitoring and as such it should have reflection in either collective agreement or work regulations (in which there will be explanation for such monitoring to exist and how it will be used).

    They should also be available as such, ONLY if there are grounds for such monitoring in that place. For example for security reasons Monitoring in Workplace Factsheet Article 4. If company cannot prove that need cameras cannot be used in such manner.

    Cameras that act in a manner that you described can pose a problem IF in such conference room there will be a person that is not an employee so it would need to sign a GDPR before entering such room.






    share|improve this answer





















    • 1





      Please provide citation for GDPR legal interpretation.

      – Glen Pierce
      Mar 27 at 14:32











    • You're saying a lot, but somehow not saying a lot? What does sign a GDPR mean? This is clearly not a case of monitoring or surveillance equipment.

      – Gregory Currie
      Mar 27 at 15:56






    • 1





      @GregoryCurrie just because something doesn't have surveillance as its primary purpose does not mean it will not be considered a surveillance device under the law, particularly an area of law rapidly evolving in text and interpretation as societies grapple with things not previously contemplated as possible. Laptop webcams weren't intended as surveillance devices either, but have become infamous for abuse. The omitted object noun would obviously be something like "waiver" or "acknowledgement" like those absurd cookie forms popping up everywhere.

      – Chris Stratton
      Mar 28 at 16:20




















    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Seems to me that this is a bad idea on its face. No company which is serious about corporate security would ever allow such a thing, regardless whether audio is muted. Suppose the observer was a lip reader? When I worked at Xerox, there were signs in the elevators to not discuss company business because you never knew who was riding that elevator with you. I'd also think that corporate officers would positively go white with fear at hearing that this was possible - given all the missteps at that level of many organizations.






    share|improve this answer








    New contributor




    Paul is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.

























      0














      Seems to me that this is a bad idea on its face. No company which is serious about corporate security would ever allow such a thing, regardless whether audio is muted. Suppose the observer was a lip reader? When I worked at Xerox, there were signs in the elevators to not discuss company business because you never knew who was riding that elevator with you. I'd also think that corporate officers would positively go white with fear at hearing that this was possible - given all the missteps at that level of many organizations.






      share|improve this answer








      New contributor




      Paul is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.























        0












        0








        0







        Seems to me that this is a bad idea on its face. No company which is serious about corporate security would ever allow such a thing, regardless whether audio is muted. Suppose the observer was a lip reader? When I worked at Xerox, there were signs in the elevators to not discuss company business because you never knew who was riding that elevator with you. I'd also think that corporate officers would positively go white with fear at hearing that this was possible - given all the missteps at that level of many organizations.






        share|improve this answer








        New contributor




        Paul is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.










        Seems to me that this is a bad idea on its face. No company which is serious about corporate security would ever allow such a thing, regardless whether audio is muted. Suppose the observer was a lip reader? When I worked at Xerox, there were signs in the elevators to not discuss company business because you never knew who was riding that elevator with you. I'd also think that corporate officers would positively go white with fear at hearing that this was possible - given all the missteps at that level of many organizations.







        share|improve this answer








        New contributor




        Paul is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        share|improve this answer



        share|improve this answer






        New contributor




        Paul is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        answered Mar 28 at 17:29









        PaulPaul

        1




        1




        New contributor




        Paul is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.





        New contributor





        Paul is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






        Paul is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.

























            -3














            According to GDPR such cameras Video surveillance and it's purpose falls into monitoring and as such it should have reflection in either collective agreement or work regulations (in which there will be explanation for such monitoring to exist and how it will be used).

            They should also be available as such, ONLY if there are grounds for such monitoring in that place. For example for security reasons Monitoring in Workplace Factsheet Article 4. If company cannot prove that need cameras cannot be used in such manner.

            Cameras that act in a manner that you described can pose a problem IF in such conference room there will be a person that is not an employee so it would need to sign a GDPR before entering such room.






            share|improve this answer





















            • 1





              Please provide citation for GDPR legal interpretation.

              – Glen Pierce
              Mar 27 at 14:32











            • You're saying a lot, but somehow not saying a lot? What does sign a GDPR mean? This is clearly not a case of monitoring or surveillance equipment.

              – Gregory Currie
              Mar 27 at 15:56






            • 1





              @GregoryCurrie just because something doesn't have surveillance as its primary purpose does not mean it will not be considered a surveillance device under the law, particularly an area of law rapidly evolving in text and interpretation as societies grapple with things not previously contemplated as possible. Laptop webcams weren't intended as surveillance devices either, but have become infamous for abuse. The omitted object noun would obviously be something like "waiver" or "acknowledgement" like those absurd cookie forms popping up everywhere.

              – Chris Stratton
              Mar 28 at 16:20


















            -3














            According to GDPR such cameras Video surveillance and it's purpose falls into monitoring and as such it should have reflection in either collective agreement or work regulations (in which there will be explanation for such monitoring to exist and how it will be used).

            They should also be available as such, ONLY if there are grounds for such monitoring in that place. For example for security reasons Monitoring in Workplace Factsheet Article 4. If company cannot prove that need cameras cannot be used in such manner.

            Cameras that act in a manner that you described can pose a problem IF in such conference room there will be a person that is not an employee so it would need to sign a GDPR before entering such room.






            share|improve this answer





















            • 1





              Please provide citation for GDPR legal interpretation.

              – Glen Pierce
              Mar 27 at 14:32











            • You're saying a lot, but somehow not saying a lot? What does sign a GDPR mean? This is clearly not a case of monitoring or surveillance equipment.

              – Gregory Currie
              Mar 27 at 15:56






            • 1





              @GregoryCurrie just because something doesn't have surveillance as its primary purpose does not mean it will not be considered a surveillance device under the law, particularly an area of law rapidly evolving in text and interpretation as societies grapple with things not previously contemplated as possible. Laptop webcams weren't intended as surveillance devices either, but have become infamous for abuse. The omitted object noun would obviously be something like "waiver" or "acknowledgement" like those absurd cookie forms popping up everywhere.

              – Chris Stratton
              Mar 28 at 16:20
















            -3












            -3








            -3







            According to GDPR such cameras Video surveillance and it's purpose falls into monitoring and as such it should have reflection in either collective agreement or work regulations (in which there will be explanation for such monitoring to exist and how it will be used).

            They should also be available as such, ONLY if there are grounds for such monitoring in that place. For example for security reasons Monitoring in Workplace Factsheet Article 4. If company cannot prove that need cameras cannot be used in such manner.

            Cameras that act in a manner that you described can pose a problem IF in such conference room there will be a person that is not an employee so it would need to sign a GDPR before entering such room.






            share|improve this answer















            According to GDPR such cameras Video surveillance and it's purpose falls into monitoring and as such it should have reflection in either collective agreement or work regulations (in which there will be explanation for such monitoring to exist and how it will be used).

            They should also be available as such, ONLY if there are grounds for such monitoring in that place. For example for security reasons Monitoring in Workplace Factsheet Article 4. If company cannot prove that need cameras cannot be used in such manner.

            Cameras that act in a manner that you described can pose a problem IF in such conference room there will be a person that is not an employee so it would need to sign a GDPR before entering such room.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Mar 27 at 14:59

























            answered Mar 27 at 13:14









            SZCZERZO KŁYSZCZERZO KŁY

            4,1401615




            4,1401615








            • 1





              Please provide citation for GDPR legal interpretation.

              – Glen Pierce
              Mar 27 at 14:32











            • You're saying a lot, but somehow not saying a lot? What does sign a GDPR mean? This is clearly not a case of monitoring or surveillance equipment.

              – Gregory Currie
              Mar 27 at 15:56






            • 1





              @GregoryCurrie just because something doesn't have surveillance as its primary purpose does not mean it will not be considered a surveillance device under the law, particularly an area of law rapidly evolving in text and interpretation as societies grapple with things not previously contemplated as possible. Laptop webcams weren't intended as surveillance devices either, but have become infamous for abuse. The omitted object noun would obviously be something like "waiver" or "acknowledgement" like those absurd cookie forms popping up everywhere.

              – Chris Stratton
              Mar 28 at 16:20
















            • 1





              Please provide citation for GDPR legal interpretation.

              – Glen Pierce
              Mar 27 at 14:32











            • You're saying a lot, but somehow not saying a lot? What does sign a GDPR mean? This is clearly not a case of monitoring or surveillance equipment.

              – Gregory Currie
              Mar 27 at 15:56






            • 1





              @GregoryCurrie just because something doesn't have surveillance as its primary purpose does not mean it will not be considered a surveillance device under the law, particularly an area of law rapidly evolving in text and interpretation as societies grapple with things not previously contemplated as possible. Laptop webcams weren't intended as surveillance devices either, but have become infamous for abuse. The omitted object noun would obviously be something like "waiver" or "acknowledgement" like those absurd cookie forms popping up everywhere.

              – Chris Stratton
              Mar 28 at 16:20










            1




            1





            Please provide citation for GDPR legal interpretation.

            – Glen Pierce
            Mar 27 at 14:32





            Please provide citation for GDPR legal interpretation.

            – Glen Pierce
            Mar 27 at 14:32













            You're saying a lot, but somehow not saying a lot? What does sign a GDPR mean? This is clearly not a case of monitoring or surveillance equipment.

            – Gregory Currie
            Mar 27 at 15:56





            You're saying a lot, but somehow not saying a lot? What does sign a GDPR mean? This is clearly not a case of monitoring or surveillance equipment.

            – Gregory Currie
            Mar 27 at 15:56




            1




            1





            @GregoryCurrie just because something doesn't have surveillance as its primary purpose does not mean it will not be considered a surveillance device under the law, particularly an area of law rapidly evolving in text and interpretation as societies grapple with things not previously contemplated as possible. Laptop webcams weren't intended as surveillance devices either, but have become infamous for abuse. The omitted object noun would obviously be something like "waiver" or "acknowledgement" like those absurd cookie forms popping up everywhere.

            – Chris Stratton
            Mar 28 at 16:20







            @GregoryCurrie just because something doesn't have surveillance as its primary purpose does not mean it will not be considered a surveillance device under the law, particularly an area of law rapidly evolving in text and interpretation as societies grapple with things not previously contemplated as possible. Laptop webcams weren't intended as surveillance devices either, but have become infamous for abuse. The omitted object noun would obviously be something like "waiver" or "acknowledgement" like those absurd cookie forms popping up everywhere.

            – Chris Stratton
            Mar 28 at 16:20





            Popular posts from this blog

            Plaza Victoria

            Puebla de Zaragoza

            Musa