Every time I go to add a Zoom meeting to my calendar, I wonder why @zoom_us insists on having total access? All the other providers use the custom URL method to add calendar events, no access required. Over-collecting data when not required is likely a GDPR violation.
1
1
2
For comparison, here's how other meeting providers do it, via a custom URL that requires no special access.
1
1
Giving Zoom total access to every calendar I have access to is a gross overstep on their part in order for them to add a single event to my calendar. Even if they are not collecting my calendar data, using the pretense of adding a meeting to gain total access is suspicious.
1
I'm baffled why they would want to have that access? If they have a breach, it just got a million times worse if an attacker can erase millions of calendars of their customers.

Dec 15, 2020 · 4:42 AM UTC

1
All that said, if someone is using Zoom to schedule calls and wants tight integration, then sure, maybe this level of access makes sense. But for my very occasional one-off Zoom meeting, it's a huge overreach and Zoom should provide the custom URL method as an option.
1