Skype or Google Hangouts are convenient tools for video conferences. But they are not legally a sensible choice for all projects. This is especially true if you have signed a confidentiality agreement.
For small projects, you usually have a carefree initial discussion with the client, go through the requirements and then submit an offer. For larger projects, on the other hand, especially when it comes to fresh ideas or new products, many clients first require a signed non-disclosure agreement (NDA). Only then do they send further documents on the project. The NDA is intended to ensure that confidential information remains between the contracting parties, for example business ideas, sales targets, product information, marketing strategies or know-how. A signed non-disclosure agreement gives rise to obligations that both contractual partners must take seriously.
Disclaimer: This text does not constitute legal advice. For this, please contact the lawyer of your confidence.
It's about protection and trust
An NDA is usually concluded in the context of an intended cooperation between two parties who wish to exchange information with each other that is not intended for the public. Among other things, it regulates:
- Definition of the information to be kept secret
- Naming of the contracting parties and extension of the contract to third parties (mostly employees of the company)
- Penalties for breach of contract
- Duration of secrecy
- Dealing with the confidential information after the end of the cooperation
In principle, there is freedom of contract with an NDA, which enables the contracting parties to map out concrete requirements, needs and possibilities. With your signature, you have therefore promised confidentiality to the potential client.
The example of Skype is intended to shed more light on this commitment. Skype is an instant messaging service that was founded in 2003 by two Scandinavians and has changed hands several times since then. The current owner is Microsoft. Typically, Skype is used for text and voice-based communication. Since 2006, video conferencing has also been possible.
Before installing the software
"PLEASE READ CAREFULLY BEFORE DOWNLOADING THE SOFTWARE OR USING THE SKYPE PRODUCT(S) OR WEBSITES".
However, if you have signed an NDA and are thus considered to be a confidential person, the attitude of "tick the box and move on" is dangerous from a contractual point of view. Because:
By using the Software, you grant Skype an intellectual property right licence that allows Skype to use the content of your communication to provide the Products, such as delivering your communication to the intended recipient.
Even though it is quite understandable from a technical point of view that Skype needs a right of use for the transmission of messages, an intellectual property right licence for transmitted content is problematic. As a reminder, the signed NDA serves, among other things, to protect business ideas, and the NDA regulates the handling of content marked as secret. A licence for intellectual property rights that may be transferred to Skype would have to be explicitly regulated in the NDA.
Skype reserves the right to review Content entered into or through the Software, Products and Skype Websites for the purpose of enforcing these Terms.
This includes checking for the following undesirable content:
- No illegal purposes
- inappropriate images (e.g. nudity, brutality)
- Send viruses
- not infringe the rights of others
Of course, such a check can only take place if Skype can analyse the content. And Skype offers users no further options for individual settings beyond its own basic encryption. At the latest since the revelations of Edward Snowden, every internet user should be aware of the hunger for data of the secret services. The fact that this also involves industrial espionage has also been known in Germany since the BND/NSA affair with the selector lists.
An (unintentional) breach of the confidentiality agreement cannot be ruled out and can only be prevented if you do not use Skype to communicate secret information or if you amend the NDA accordingly.
Have you signed in the NDA that you will delete all confidential information after termination (or failure) of the cooperation?
If you are not a Skype Premium subscriber, video messages are stored for at least 6 months from the date they are sent and may expire after this time.
To help you communicate with people in different languages, some Skype apps offer audio and/or text translation features. When you use translation features, your speech and text data is used to provide and improve Microsoft's speech recognition and translation services.
If information marked as confidential has been exchanged between communication partners via Skype translation functions, you must therefore assume that Microsoft can store and use this information for as long as it likes. You cannot therefore comply with an NDA that usually provides for the immediate deletion/issuance of information marked as confidential. Corresponding exceptions and impossibilities for deletion must therefore be recorded in the NDA.
To mention it again: Skype is only one example of many. With Evernote, for example, content marked for deletion is only permanently deleted after 12 months:
... but copies of your deleted content could remain on the Evernote service's backup and archiving systems for up to a year for operational reasons.
Google, for example, does not provide sufficient information about the location of the data:
Google processes personal data on our servers, which are located in numerous countries around the world. Therefore, we may process your personal data on a server located outside the country where you live.
Google also reserves the right to share stored information with third parties. You can read more about this in the section "Information we share":
We do not share personal information with companies, organisations or individuals outside of Google, except in one of the following circumstances ... (and surprise, surprise, there are a few)
- Is it ensured that the information marked as secret is only exchanged between the contractually named parties and involved third parties?
- If data is stored through the use of the software - how are the retention periods quantified and can you demand the deletion of the stored data?
- Is the stored data on servers that provide for the stricter data protection regulations of the EU (keyword Safe-Harbor / Privacy Shield)?
If the customer does not want to agree to a customised NDA, you only have a few alternatives: The use of software on servers with an operating location in Germany; consistently from hosting companies that are not subsidiaries of US companies; ideally with the operation of free and open source software (FLOSS for short).