[gsich]

Example: A program on your PC can open all files your user owns. Then transmit those files (or parts from them).

[manigandham]

That's not considered PII information for a privacy policy. They also don't store your files.

[gsich]

It's still private files. So an oversight by Zoom. A picture of you is absolutely a PII.

>They also don't store your files.

Nobody can prove that. Assume the worst, especially with a company like Zoom.

Remember it was about:

>They have to name every possible thing they can potentially receive

And files certainly fall into that.

[manigandham]

That's not how PII is defined nor how privacy policies work. They list potential PII received in standard categories with normal product usage and backend processing.

Otherwise every server on the internet can be sent data by you at anytime which effectively makes listing things pointless.

[gsich]

Definition is wrong then.

That's the point.

[manigandham]

No it's not. As I explained, it's well developed legal structure that's used by several countries for major legislation and has decades of precedence. There's also further complexity on how data is submitted, stored, and processed.

Any random file is not considered PII. It doesn't automatically identify you and it's still your responsibility if you send your private files everywhere.