SSL Inspection legal issues?


(Vincent GOUBERT) #1

Hello Zscaler Community,

I am facing a issue with a worldwide customer which would like to enable the SSL Inspection (ZIA) for some specific countries (as there is no Zscaler Enforce Nodes in the Area).

The issue is linked to local laws : is it allowed or not to inspect users traffic (personal or not), in which conditions, etc…

Maybe some of you already faced such legal problems, the company’s CISO don’t want to have any further problems/complains about the way that data are inspected worldwide.

Zscaler recommend to bypass all personal/health/banking categories, but it is not enough for my customer, they need details about such usage.

Maybe there is a website/doc bringing together all informations country by country ?

Thanks in advance for your help,
Regards,
Vincent.


(Yogi Chandiramani) #2

Hi Vincent,

I would recommmend your customer getting guidance from legal council. We at Zscaler are not entitled to make legal recommendations.


(Vincent GOUBERT) #3

Hi Yogi,

I hope you are doing well :slight_smile: !

It is very hard to find clear and details information about SSL inspection in some countries, and it is even more difficult while it is not your native language…

It could be very usefull (even for ZScaler) to have a database (or a simple excel file) bringing together this information, or link to legal articles explaining if it allowed or not.

I’ll keep searching by my side, but if someone else (partner/customer) from ZScaler Community could help (or help me working on this subject), it could be great :slight_smile:.

Have a good day,
Regards,
Vincent.


(Jan Matthiesen) #4

Hi Yogi,
Everybody wants that reference. IMHO it is a legal task. Z would do everybody in this Web Security business a good service if they kindly asked their attorneys to compile this list. I asked for such support w/in our org but they kept mum so far. What is ticklish about this one: it is applicable across competition as well.
krgds,
Jan