There is a history of international legal action as a result of them violating privacy laws, nevermind being privacy friendly:
France’s data protection regulator (CNIL) fined Google €325 million in 2025 for displaying ads between Gmail messages without consent and for placing cookies during account creation without consent. This is on top of prior fines of €100 million in 2020 and €150 million in 2021 for cookie violations, so this is a documented pattern.
The Dutch government commissioned Data Protection Impact Assessments (DPIAs) on Office/Microsoft 365. The 2018 report found Microsoft collected 23,000–25,000 different telemetry events from Office and called it “large scale and covert collection of personal data”
The FTC went after Zoom in 2020. The complaint alleged that since at least 2016, Zoom misled users by claiming “end-to-end, 256-bit encryption” when it actually provided a lower level of security, and Zoom saved the cryptographic keys that would allow it to access the content of customers’ meetings.
You could also just go read their own policy documents, or ask AI to explain what is possible under those to you if they are too dense.
>The FTC went after Zoom in 2020. The complaint alleged that since at least 2016, Zoom misled users by claiming “end-to-end, 256-bit encryption” when it actually provided a lower level of security, and Zoom saved the cryptographic keys that would allow it to access the content of customers’ meetings.
I imagine if a person is doubting that big corpos are spying on us, then he is operating in a different paradigm altogether. I suggest this old but still 100% relevant article as a starting conversation point, bonus points for being written by an industry authority. Replace NSA with Google, Amazon, Apple or Microsoft etc. and nothing would meaningfully change.
That doesn't even matter. Zoom, Teams, Google are American products and Proton is Swiss.
One side is hostile and focused on solely on shareholder profits, while other claims to be privacy-focused and majority owned by a nonprofit foundation.
There are enough public cases of American tech companies seriously violating privacy. I don't see how there can be hope for any privacy while using any of their products even if E2EE is claimed.
Sibling comment does a great job, but I just wanted to add that their Terms and Privacy Policy are simply not compatible with privacy-friendliness.
I used to analyse PPs to detect usage of data brokers, and I’ll confidently say that these 2 have some of the worst policies out there, although less obvious companies such as Netflix and Spotify also had appalling conditions.
If a policy is compatible with data brokerage, you can very well assume they do it, and that means they’ll share your data and get shared data about you in return. But hey, “we don’t SELL your data!”
France’s data protection regulator (CNIL) fined Google €325 million in 2025 for displaying ads between Gmail messages without consent and for placing cookies during account creation without consent. This is on top of prior fines of €100 million in 2020 and €150 million in 2021 for cookie violations, so this is a documented pattern.
The Dutch government commissioned Data Protection Impact Assessments (DPIAs) on Office/Microsoft 365. The 2018 report found Microsoft collected 23,000–25,000 different telemetry events from Office and called it “large scale and covert collection of personal data”
The FTC went after Zoom in 2020. The complaint alleged that since at least 2016, Zoom misled users by claiming “end-to-end, 256-bit encryption” when it actually provided a lower level of security, and Zoom saved the cryptographic keys that would allow it to access the content of customers’ meetings.
You could also just go read their own policy documents, or ask AI to explain what is possible under those to you if they are too dense.