Webinar Security Risks: What Lecturers Need To Keep In Mind

Working life has adapted surprisingly quickly to the Corona Pandemic. The change from face-to-face seminars to webinars was as flexible as the change from working in an office to remote working for many people. Now that digital solutions for online training have been established in most companies, trainers should take a moment to ensure they understand the risks involved in webinars. We’ve rounded up the usual suspects and tell you how to avoid them.

Presentation Documents: Watch Out For Copyrights

The first risk is already lurking when creating a presentation: copyright infringements. Every third-party text that you use, every image, every design template for slides and every video could lead to a written warning if you haven’t concluded a legally secure user agreement with the author of the content. Just naming the author is usually not enough.

GDPR: Data Processing When Registering For a Course

A lot can also go wrong with webinar registrations because no matter whether your participants register for the course by e-mail or via a form, their data (usually name, address, e-mail) will be processed and stored in any case. Since all data processing in the EU is subject to the GDPR, you also must comply with the regulation’s extensive disclosure obligations. This means that at the point where your customers can provide their data, they have to be informed about data processing.

A note with a link to a data protection declaration or privacy policy is sufficient. For example: “In order to be able to carry out your registration, we process your data in keeping with our data protection declaration.” In your data protection declaration, you must then inform the customer accordingly about the type of data processing that is done. Adapting the data protection declaration is also particularly easy with legally compliant texts via different providers. When creating your data protection declaration, you just need to indicate that you offer webinars and the corresponding legal text is generated.

GDPR: The Right Webinar Software

The GDPR also applies when choosing the right software. Because not only you but also the provider of the webinar software you use must comply with the requirements of the GDPR. Although they have occasionally been criticised for privacy concerns, Adobe Connect, edudip, Google Hangouts, GoToMeeting and Zoom are GDPR compliant and therefore safe to use.

You must also conclude a data processing agreement with the provider. If you are unable to enter into such an agreement, you may not use the service.

For Paid webinars: Observe the Distance Selling Act

If your webinar is subject to a fee, you must also comply with the rules of the European Distance Selling Act. In addition to regulations on withdrawal and return, you must also observe information obligations. You must provide the following information to the participants:

Your full address (or that of your company)
Essential characteristics of the goods or services offered
Price including all taxes and fees
Existence of a right of withdrawal or return
Performance reservations
Time at which the contract was formed
Period of validity of limited offers

The Term “Webinar” Is Protected By Trademark Law

Even though webinars are mentioned everywhere, the term has been protected under trademark law since 2003. The owner of the rights is Mr. Keller from Kuala Lumpur, who over the past 17 years has not been bothered by the fact that the term is now common in daily usage. If the trademark owner suddenly decides to issue a warning against users of the term, it would most likely not be effective. There are several reasons for this.

1.Anyone who owns a protected trademark must also have used it in the last five years
in order to be able to invoke trademark protection.

2.If a trademark owner does not defend their trademark against competitors, they can
be deprived of trademark protection.

3.The term “webinar” is also only descriptive, so it is not really possible to differentiate it
from other products. Since the term cannot be used to differentiate between products,
it is unlikely that it could be registered as a trademark.

The mere use of the term “webinar” therefore appears harmless. So if you actually receive a warning from Kuala Lumpur, it is likely that you can successfully take action against it.

Recordings And Screenshots: Infringements of Personal Rights

An infringement of personal rights can also happen quickly in a webinar. Because each of us has a right to our own image. This means that as soon as a person is clearly identifiable in an image or in a video, you need their consent in order to publish the material. But recording the webinar itself is also not permitted by law if you haven’t informed your participants in detail beforehand.

The key information you need to provide is telling the attendees they are being recorded in the first place, why they are recorded, and how long the recording is kept. After all, this falls under data processing within the meaning of the GDPR, as does the personal data of the participants.

Passwords Stolen: Video Makes It Possible

Also, be careful with your own access data. There are repeated reports of cases in which cybercriminals were able to steal passwords simply by watching webinars or YouTube tutorials several times. This was partly due to the movement of the lecturer’s fingers and partly because individual letters were discernible for less than a second while they were typing the password. Text recognition in videos can also be automated, so a hacker doesn’t even have to watch every single video, but only those that a programme has previously classified as promising.

Lecturers are often particularly careful with their own passwords, but rather careless with guest access and sample accounts. However, a guest account is enough for experienced cybercriminals to set up a Bitcoin mine. You can see what damage such a hack can do in our article Real Exali Damage Event: Cyber Criminals Turn Consulting Firm into Bitcoin Mine!

Professional Indemnity Insurance Insures You Against Violations Of Rights

The danger of a violation of rights is particularly high with webinars, precisely because lecturers are subject to so many different information obligations. If you receive a written warning or a claim for compensation because of this, you can rely on Professional Indemnity Insurance via exali.

Regardless of whether you are insured as an IT service provider, media professional or consultant, working as a lecturer within your professional field is already included in our Professional Indemnity solutions. So with this insurance you can be relaxed about written warnings for example due to a violation of the GDPR.

Do you have any questions about how to optimally insure your business model? Then don’t hesitate to call our insurance experts! Our customer advisors will be happy to advise you personally.