At Cisco, we take privacy and security seriously. So seriously that the Court of Justice of the European Union (CJEU) itself has been relying on Webex by Cisco to host hybrid meetings and hearings, trusting Webex to process and store personal and highly sensitive court data, securely.
Now, we are proud to share that on July 13, 2023, after months of analysis and investigation, the European Data Protection Supervisor (EDPS) confirmed that the CJEU’s use of Webex meets the specific and rigorous rules for the processing of personal data by the EU’s institutions, bodies, and agencies.
The EDPS is the data protection supervisory authority for the European institutions; the Institutions are the authors of the General Data Protection Regulation (GDPR).
Webex is the first and currently the only videoconferencing platform to have attained such EDPS approval — a significant milestone that Webex and the CJEU collectively share. This is no small achievement, knowing the CJEU itself is the entity that, back in 2020, issued the Schrems II decision, invalidating the Privacy Shield as a transfer mechanism for personal data between the EU and the U.S. under the GDPR.
The CJEU handles highly sensitive cases and personal data that require extra precautions. The Court’s technical and organizational measures, alongside Webex privacy and security controls, were key elements allowing the collaboration solution to receive a positive decision by the EDPS.
To this effect, Cisco’s privacy, product engineering, and legal teams supported a detailed Impact Assessment to ensure the supplementary measures implemented were appropriate to the identified risks.
Furthermore, Webex enables customers to easily manage their data, meeting usage, control user access, and efficiently react to potential security threats. Webex also allows EU customers to store their personal data within the EU, even for events where large audiences and multiple panelists are involved. These features are available to any European customer.
Webex offers industry-leading security and privacy controls to protect personal data and users – built-in, not bolted on – and delivered by default for all our customers. This means meeting the most stringent certifications, standards, and rules from countries around the world. We develop additional security and privacy features, including next-generation end-to-end encryption and data protection by design and by default, where users must proactively enable functions such as face recognition. These privacy controls are included by default for all customers.
Webex is the first and currently the only collaboration solution to have achieved the highest level of adherence (level 3) to the EU Cloud Code of Conduct. To achieve this, Webex underwent an independent third-party assessment and audit that verified all controls included in the Code, which SCOPE Europe validated, the monitoring body for the EU Cloud CoC. This “two-gate-check” approach to Level 3 adherence is a double confirmation of compliance. In addition to the EU Cloud CoC, Webex features enable organizations to be compliant with specific local rules and standards, such as the German C5, Spanish ENS, and many other certifications with third-party audits.
Webex enables organizations to keep their data in the EU. With Webex data centers in Frankfurt and Amsterdam, European users can be assured their data remains within the EU, from their user-generated content (files, messages, recordings) to analytics data, logs, third-party services, user profiles, and even billing data. Webex is currently the only collaboration platform supporting full EU data residency.
Webex Control Hub enables administrators to manage the complete suite, from end users and devices to network performance and security. This tool provides ever greater transparency, allowing customers to see where their data is located for each service and choose to move their data to their preferred location. Control Hub also enables the host organization to manage data storage and set up user and content access controls – easily and securely.
End-to-end security is critical for protecting privacy, offering higher security and confidentiality. That is why Webex uses Zero-Trust End-to-End Encryption. With this, Webex prevents outsiders from intercepting communications. In addition, meeting encryption keys are only accessible to meeting participants. Webex cannot access the meeting key—hence “Zero-Trust.” Additional security measures include malware protection and data loss prevention.
For Cisco, privacy is more than a compliance matter; it is a business imperative, as demonstrated by our long-standing security, data protection, and privacy programs for our products and services. With recognition from data protection authorities and leading industry analysts, including Sorell Slaymaker, Metrigy, and Gartner, public and private organizations count on Webex for secure, private, and compliant cloud collaboration. We will keep advancing our security and privacy measures in this constantly evolving world.