Zoom's lawyers are trying to pull a fast one with these revised Terms. The new sentence on user consent being required to train AIs applies only to "Customer Content," not "Service Generated Data."
In sec. 10.4, Zoom says "... Zoom will not use audio, video or chat Customer Content to train our artificial intelligence models without your consent."
Customer Content is defined in 10.1 and is broadly worded. But the first sentence of sec. 10.2 clearly states that "Customer Content" does NOT include "Service Generated Data."
Therein lies the rub. "Service Generated Data" = "any telemetry data, product usage data, diagnostic data, and similar content or data that Zoom collects or generates in connection with your or your End Users’ use of the Services ...." (sec. 10.2).
Zoom is allowed to use Service Generated Data for any purpose (sec. 10.2) because it is not "Customer Content."
This "clarification" does nothing meaningful to assuage the serious data privacy concerns posed by Zoom's use of captured user video content.
Drawing from my experience in the eDiscovery field, I want to emphasize that there's no necessity for video or audio content. Rather, a tool can be developed to convert all audio into a text layer. This text layer can be extracted from the local files sourced from platforms like Zoom. Subsequently, AI/ML can be employed to process and analyze this data, providing valuable insights that compromises companies' intellectual property and sensitive information.
are Embeddings (text-emb, visual-emb, etc) of Customer Content service generated data?
This might be a loophole Zoom is trying to use - while they technically not using customer data (Zoom client not sending video stream to train AI), but zoom client can process data locally and send only embeddings (numeric vectors without ties to customer PII data) and it still will be customer data
In sec. 10.4, Zoom says "Notwithstanding the above, Zoom will not use audio, video or chat Customer Content to train our artificial intelligence models without your consent."
Customer Content is defined in 10.1 broadly. But sec. 10.2 clearly states that "Customer Content" does NOT include "Service Generated Data."
Service Generated Data = "any telemetry data, product usage data, diagnostic data, and similar content or data that Zoom collects or generates in connection with your or your End Users’ use of the Services ...." (sec. 10.2).
Zoom is allowed to use Service Generated Data for any purpose (sec. 10.2).
This "clarification" does nothing meaningful to assuage the serious data privacy concerns posed by Zoom's use of captured user video content.
There are at least four US District court decisions that stand for the proposition that software qualifies as a work for hire as either a "contribution to a collective work" or a "compilation": iXL Inc. v. Adoutlet (N.D. Ill. March 29, 2001); Logicom Inclusive, Inc. v. W.P. Stewart & Co. (S.D.N.Y. August 9, 2004); Siniouguine v. Mediachase Ltd. (C.D. Cal. June 11, 2012); and Stanacard, LLC v. Rubard, LLC (S.D.N.Y. February 3, 2016). So far no appellate court has ruled on the issue AFAIK.
A few commenters dispute whether the IP non-assertion covenant applies to "Your Content", defined in the Amazon terms as "Content [that is, "software (including machine images), data, text, audio, video, or images"], that you or any End User transfers to us for processing, storage or hosting by the Services in connection with your AWS account and any computational results that you or any End User derive from the foregoing through their use of the Services". If Amazon intended to capture "Your Content" in the non-assertion covenant, it would have done so expressly, the argument goes, and so therefore "Your Content" is excluded from the non-assertion.
My response: section 8.1 of the terms states "EXCEPT AS PROVIDED IN THIS SECTION 8 [where the non-assert clause resides], we obtain no rights under this Agreement from you or your licensors to Your Content, including any related intellectual property rights" (all caps added). The implication clearly is that Amazon obtains no IP rights to "Your Content" EXCEPT as section 8 provides. Seems fairly clear to me.
I would never allow my client to knowingly sign up to this.
This is completely wrongheaded. We don't want legal characterizations of these transactions to be "licenses". If what we pay money for is a good that we purchased, we get to keep that copy - and sell it if we no longer want it. Who cares if there's DRM on it. There will always be DRM on it. Without DRM there's no way we'd be able to resell the copy that we purchased. Apple recently received a patent on this very topic.
You miss the point. DRMed digital goods cannot be resold. When you go to Kindle and get an ebook, all of the buttons say buy prominently, yet everything in the license says you are merely renting it for an undetermined amount of time, until the company decides otherwise. How is that not false advertising? They should be forced to change their text.
Of course DRM-enabled goods can be digitally resold. It depends on the type of DRM being used. That would be one reason to have DRM. As I said, Apple is working on this now.
In sec. 10.4, Zoom says "... Zoom will not use audio, video or chat Customer Content to train our artificial intelligence models without your consent."
Customer Content is defined in 10.1 and is broadly worded. But the first sentence of sec. 10.2 clearly states that "Customer Content" does NOT include "Service Generated Data."
Therein lies the rub. "Service Generated Data" = "any telemetry data, product usage data, diagnostic data, and similar content or data that Zoom collects or generates in connection with your or your End Users’ use of the Services ...." (sec. 10.2).
Zoom is allowed to use Service Generated Data for any purpose (sec. 10.2) because it is not "Customer Content."
This "clarification" does nothing meaningful to assuage the serious data privacy concerns posed by Zoom's use of captured user video content.