The European Union's General Data Protection Regulation (GDPR), which applies starting May 25, 2018, provides that Adobe, in its role as your data processor, must take appropriate measures to assist its customers in fulfilling access, delete, and other requests from individuals. As your data processor, providing you mechanisms to assist you with responding to Data Subject access and deletion requests and with managing user data is an important part of helping you comply with your obligations.
Adobe has a long-standing practice of incorporating privacy practices in the design and development of its products also known as Privacy by Design. Adobe is focused on protecting the data entrusted to it. The solution has controls in place for a strong foundation for GDPR readiness for our customers. Adobe considers GDPR readiness a shared journey with our customers and partners.
The following terms help users understand GDPR terminology related to Adobe Connect.
- Data Processor: A Data Processor is "the … legal person … which processes Personal Data on behalf of the controller". In the context of Adobe Connect, Adobe acts as a Data Processor for any Personal Data it processes and stores. Adobe only processes Personal Data in accordance with the Data Controller’s permission and instructions (for example, as set out in our agreement with the customer).
- Data Controller: GDPR defines "Controller" as “the natural or legal person, public authority, agency, or any other body which alone or jointly with others determines the purposes and means of the processing of Personal Data; where the purposes and means of processing are determined by EU or Member State laws, the controller (or the criteria for nominating the controller) may be designated by those laws.” Adobe Connect customers are Data Controllers.
- Data Subject: The individual to whom the Personal Data relates. In the context of GDPR, Data Subjects are Adobe Connect customers’ consumers, sometimes referred to as end users or visitors. Adobe Connect will service requests from Data Controllers, not from Data Subjects.
- Consent: Consent of the Data Subject means any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her. Obtaining and tracking consent is the responsibility of the Data Controller.
- Access: Data Subjects have the right to require the Data Controller to confirm whether the Controller processes their Personal Data. Where the Data Controller does process the Data Subject's Personal Data, it must provide access to, and a copy of, the Personal Data. Data Controllers will provide Adobe with Access requests on behalf of Data Subjects.
- Delete: GDPR outlines the “Right to be forgotten” or “Right to Erasure.” Data Subjects shall have the right to obtain from the Data Controllers the erasure of Personal Data concerning him or her. Data Controllers will work with their partners, including Adobe, as their Data Processor to support delete requests from Data Subjects.
- Pseudonymisation: The processing of Personal Data such that it can no longer be attributed to a single Data Subject without the use of extra data, so long as said extra data stays separate to ensure non-attribution.
The following terms help users understand the solution terms related to Adobe Connect’s GDPR mechanisms.
- Administrators and Limited Administrators: In Adobe Connect, Administrators assign users and groups to the appropriate Built-in groups. Administrators can manage — that is, access, delete, and modify information or permissions of— users, groups, and user accounts. Administrators can also view content folders for all users.
- Session owners: The session owners own their specific sessions, content uploaded therein, the related recordings, and any other assets created for the sessions like landing pages for Events. Within Adobe Connect, a session owner may have one or more of these roles: Meeting Hosts, Training Managers, Virtual Classroom Managers, Seminar Administrator, Webinar Managers, Events Managers, and Event Administrators. Hosts can access or delete the meetings rooms, specific instances of the meeting recordings, and other information about the meetings and content that they own.
- Registered users: Users that are registered in Adobe Connect, can create and manage the types of sessions that their role in the system permits. Besides being attendees of meetings by other hosts, registered users can create their own meetings, if permissions permit, and be a host of such meetings.
For a detailed list of user roles in Adobe Connect, see Set permissions for library files and folders.
When Adobe provides software and services to an enterprise, Adobe acts as a data processor for any Personal Data it processes and stores as part of providing these services. The organizations and institutions that use Adobe Connect are the Data Controllers. As a technology provider, Adobe Connect with help the Data Controllers accomplish their GDPR journey by providing mechanisms and documentation, required to access user information and to delete user data. Adobe Connect will provide detailed how-to instructions on how Data Controllers can use these mechanisms to serve GDPR-related user requests.
Adobe has also identified a gap in the way we treat user data deletion. In line with Adobe’s GDPR guidelines, Adobe Connect will completely de-attach any user data to honor a deletion request, so that it cannot be traced back to the user. The changes will require product updates which will be made available as part of Adobe Connect 9.8 release.
The mechanisms and the API to fulfill Data Subject's access and deletion requests are supported only in Adobe Connect version 9.8 or later.
For its hosted and managed services, Adobe is the data processor and organizations are the Data Controllers. For hosted customer accounts on Adobe servers, Adobe Connect provides account-level administration rights to the organizations to access or delete information about their customers or users. The Session owners and the Account Administrators of the organizations are responsible for honoring the GDPR requests.
Adobe provides mechanisms and related documentation to allow an enterprise (Data Controller) to access and delete user information in accordance with the GDPR requirements. Adobe Connect will service the requests from Data Controllers, not from Data Subjects with respect to that Data Subject's use of Adobe Connect with that Data Controller.
In its role as a solution provider, Adobe Connect will provide appropriate mechanisms for its licensed customers to be GDPR ready. The organizations that are licensed customers, are Data Controllers who own the user data and are responsible for compliance. These organizations will provide mechanisms and relevant privacy notices to the individuals who engage with the organizations. The notices must describe how a user’s information is collected and used and if any consents are required. If the individuals want to know or delete their stored information, the organizations must respond to such requests.
Adobe will improve the existing mechanisms and documentation required for GDPR readiness. For GDPR-related queries, licensed customers must go through this document and the associated links. If such customers still have queries, they can reach out to Adobe Connect Support.
Adobe Connect obtains certain consent from the users at the time of registration for the Adobe Connect services generally and informs the users that the information collected while using the solution is subject to the Host's privacy practices. The notices for data collection and data retention policy helps address privacy concerns and transparency requirements, while continuing to provide a good user experience.
The mechanisms and API to fulfill Data Subject's access and deletion requests are supported only in Adobe Connect version 9.8 or later. To be GDPR ready, upgrade to Adobe Connect version 9.8 when it becomes available. The date for v9.8 availability is published in the v9.8 release notes linked from www.adobe.com/go/learn_cnn_relnotes_en.
The registered users use Adobe Connect for various types of virtual sessions such as meetings, webinars, trainings, recordings, and in various roles such as administrators, session owners, and participants. When a user accesses Adobe Connect, Adobe Connect uses a minimum set of Personal Data to uniquely identify registered users within a user profile. For example, a unique identifier for a user can be email.
From joining as a new user, to conducting session as hosts, and to administering an account, the registered users provide an assortment of information to Adobe Connect. Some of this user-provided information can be sensitive and Adobe Connect provides mechanisms to the registered users to control this information.
In Adobe Connect, an Account Administrator can modify the custom fields to gather extra personal information from a new user. As this information is not required by the system for user identification, Adobe Connect stores it without context and cannot relate it to any specific user or trace it back to a user. Such custom information is configured by, is accessible by, and is manageable by the respective account administrators.
- Standard fields:
- Name (first name + last name) is stored in the database as a single field called Name.
- Email address.
- User name is either email or a separate string (depending on configuration) and is stored in database as a single field called Login.
- Password is a one-way hash with salt.
- Phone number (optional)
- Name (first name + last name) is stored in the database as a single field called Name.
- Custom fields: Some custom information can be sought by the account administrator as generic text fields. As this information is plain text for the system, Adobe Connect cannot identify this information as personal information.
- Runtime fields: The IP address is stored along with the user session information in the database. This information is used to detect the source of requests and to track potential issues like DOS attack attempts.
- Audio information:
- Conferencing phone number (public)
- Unique conference code
- Moderator pin
- SIP URI
- User uploaded content:
- Metadata of the uploaded files (in the supported formats)
- The contents of the files are generic containers. Adobe Connect cannot identify this information as personal information.
- New user creation.
- Custom registration questions created by the Event Managers. As this information is plain text for the system, Adobe Connect cannot identify this information as personal information.
- Data added for a Seminar session is not added to a user’s profile.
- Analytics integration for aggregate reporting collects data that is stored on the Adobe Analytics instance.
- Login information as name or phone number (optional)
- Chat, Poll, QnA are added under session data and not user profile data.
- The solution cannot extract information from individual interactions or about any individual user.
- Added user content, made available and is manageable by the user who added it.
- Screen Sharing, whiteboard, File sharing. Adobe Connect cannot identify this information as personal information.
- A session recording captures the entire session. It may be accessible after logging in or using a passcode.
Adobe Connect does not process information available under a session to relate it to individual and cannot trace this information for any individual. The respective session owners capture such information, can access it, and can manage it.
Session-specific information is maintained in the reports. The reports can be downloaded to local file system by the respective owners or administrators.
The solution does not control how these reports are used. The reports are accessible and manageable by the individual session owners and account administrators.
- Information: IP address, host name, user-agent string, cookies (only session info), system variables.
- Local logs are retained for a maximum period of seven days on the server.
- Three months roll up on SPLUNK logs.
- Logs dumped in security folder for on-premise installations.
- Periodic security audits done to scrub sensitive strings in the logs.
- Accessible only to the authorized users.
Periodic security audits are done to ensure that the sensitive strings, for example, session cookies, are not written to log files or are scrubbed when written.
User IP addresses are used to identify and safeguard against DOS attack attempts. The IP address or cookies are not used for any segmentation, offer management, to identify user, or to reach a user.
These user scenarios describe the privacy queries, the associated user experiences, and the workflows required to understand and address the queries. This section also describes how various roles can honor and act upon the privacy queries.
Account Administrator can access the data maintained for all users, all user-uploaded content, and the account level reports. Users can access and manage their own profile information, the content they own, the content created or used in the sessions they own, and the interactions that happened in their sessions. A user does not have access to their interactions in another user’s session.
Adobe Connect Central is the web-based interface for account management, user management, content management, and session management. The various system roles define the access rights. Web Services XML APIs allow for programmatic access and delete operations based on user privileges and filters. The information is returned securely in XML format for the user to act upon. The access rights and roles are applied to API operations as well.
Some data, that is critical for system health and usage reporting, is de-personalized by delinking from user’s unique identifiers in the system or by replacing the original information with another placeholder identifier that cannot be linked back to the user.
The data maintained by Adobe Connect is accessed using the Adobe Connect Central web interface and using the Web Services.
The information that can be accessed via the interface depends on the user’s access rights (ACLs) and permissions in the system. Administrators and Limited Administrators can access various data of all the users. To know the differences in the two administrator roles, see Built‑in permission groups and roles. Any other users are non-administrator users who can access their own personal information like user details, content uploaded, sessions created, sessions recorded, and so on.
The reporting modules enable enterprise users to obtain a wide variety of usage data about their Adobe Connect installation. The access is controlled by ACLs. Enterprise users with the appropriate access can view the usage reports using the interface or export the reports in CSV format. To know more about accessing reports, see Generate usage reports in Adobe Connect Central.
Web Services can be called by clients to exchange data with Adobe Connect accounts. The server returns information in XML format. The information accessed and modified depends on the requesting user’s access rights (ACLs). The API suite includes APIs targeted at users, at sessions, at reporting, and at administering.
Using the APIs, users can integrate external web applications with Adobe Connect, and automate tasks, such as those related with access and deletion of data maintained. For more information on Web Services APIs, see Introduction to Web Services and Get started with Web Services.
The data maintained can be deleted using the Adobe Connect Central web interface and using the Web Services APIs.
The registered users can upload content to Adobe Connect. Using the web interface or certain APIs, the registered users can also delete their own content. The registered users can delete the session data on which they have manage permissions.
Administrators with a certain role can delete registered users and principals using the principals-delete API. When an administrator deletes a registered user account from Adobe Connect web interface, the same API is called with the same behavior.
Adobe Connect cannot delete certain user data and must retain it to maintain certain necessary system reporting. In such cases, Adobe Connect will irretrievably de-identify or pseudonymize the Personal Data so that it cannot be traced back to a user. Also, Adobe Connect cannot determine if the data in the generic containers is Personal Data or not and cannot trace it back to the individual users.
The instructions to access and manage the data maintained by Adobe Connect are available as part of the official documentation.
- To delete one or more users or groups using API, see principals-delete.
- To access and manage personal profile for registered users, see Edit your profile.
- To manage and to set permissions on shared and user content in the library, see libraries and Set permissions for content files and folders.
- To understand the access permissions of the specific roles in Adobe Connect, see Built-in permission groups.
- To delete uploaded content, see View and manage meeting content.
- To remove or delete polls, see Remove or delete polls.
- To remove the contents of Notes pod, see Take notes in a meeting.
- To delete individual questions in Q&A pod, see Questions and answers in meetings.
- To delete a course, to add or remove course enrollee, see Edit courses.
- To delete items from a curriculum, see Add and delete items from a curriculum.
- To delete a curriculum, see Edit curriculum.
- To delete a template, see AEM page actions to manage template.
- To remove participants from an Event, see Add and manage Event participants.
- To delete an existing export report, see Event administration.
- To edit or delete an audio profile, see Create and use audio profiles.
- To delete a file or folder, see Delete a file or folder.
- To delete a meeting recording or a forced recording, see Working with compliance and control settings.
- To delete an audio provider, see Delete an audio provider.
- To manage users and groups, to edit user information, or to delete a user account, see Manage users and groups.