Zoom Video Communications, Inc. has been hit with a proposed class action lawsuit that alleges the video conferencing platform, which has skyrocketed in popularity in recent weeks due to the COVID-19 outbreak, shares user data with Facebook and other third parties without adequate notice.
The lawsuit, filed in the Northern District of California, alleges that although the company “boasts its appreciation for the importance” of users’ privacy, such statements are false given that the video platform’s design and security measures are “wholly inadequate.” According to the lawsuit, Zoom’s failure to disclose to users that their information is being shared with third parties, as well as its lack of proper security protocols, amounts to a privacy violation and “falls well short of Zoom’s promises.”
The case’s filing coincides with a New York Times report that New York’s Attorney General’s office would be investigating Zoom’s user privacy practices.
Stay in touch
With most of the country maintaining social distance during the coronavirus pandemic, Zoom’s status (and stock price) has taken off as millions of consumers look for ways to stay in touch with friends, co-workers and loved ones, the case says. With Zoom’s software, users can host or participate in video conferences for free via either a web browser or the company’s mobile app, taking advantage of what Zoom calls “flawless video, crystal clear audio, instant screen sharing, and cross-platform instant messaging.”
Vice Media report uncovers alleged data sharing
Detailed in the lawsuit is a March 26, 2020 Motherboard report from writer Joseph Cox that outlines the Zoom app’s allegedly unauthorized disclosure of user information to Facebook. According to the report, the Zoom app notifies Facebook when a user, even one without a Facebook account, opens Zoom. It also shares certain details such as a user’s device model, time zone, city and phone carrier, along with a unique identifier that companies can use for targeted advertising. Citing the Motherboard report, the case adds that Cox’s findings were verified by Will Strafach, an iOS researcher and founder of the privacy-focused Guardian app.
“Zoom is not forthcoming with the data collection or the transfer of it to Facebook,” the Motherboard article reads.
After the report’s publication, Zoom confirmed its data collection practices and offered a statement to Motherboard, saying in part:
Zoom takes its users’ privacy extremely seriously. We originally implemented the ‘Login with Facebook’ feature using the Facebook SDK in order to provide our users with another convenient way to access our platform. However, we were recently made aware that the Facebook SDK was collecting unnecessary device data.
To address this, in the next few days, we will be removing the Facebook SDK and reconfiguring the feature so that users will still be able to login with Facebook via their browser. Users will need to update to the latest version of our application once it becomes available in order for these changes to take hold, and we encourage them to do so. We sincerely apologize for this oversight, and remain firmly committed to the protection of our users’ data.”
The case, which alleges violations of California’s Consumer Privacy Act, argues that even with a new version of the Zoom app that purportedly no longer shares information with Facebook, “the harm to Plaintiff and the Class members has been done and continues.” Zoom has taken no action to block older versions of the app from operating, the suit continues, meaning that unless users affirmatively update their app, “they likely will continue to unknowingly send unauthorized personal information to Facebook” and potentially other third parties.
“Zoom could have forced all iOS users to update to the new Zoom App to continue using Zoom but appears to have chosen not to,” the suit says.
The potential compensation Zoom receives from Facebook and possibly other third parties in exchange for user information is unknown, the lawsuit says. According to the complaint, consumers would not have been willing to use the Zoom app had they been made aware of the company’s inadequate security measures and data-sharing practices.
Who’s covered by this lawsuit?
The case looks to cover all individuals and businesses in the United States whose personal or private information was collected and/or disclosed by Zoom to a third party upon installation or opening of the Zoom video conferencing app.
How can I join this lawsuit?
Now is as good enough a time as any to remind readers that, in general, there’s nothing that needs to be done to “join” a proposed class action lawsuit. As this case was just filed, there’s still quite a ways to go before the case even gets certified as a bona fide class action. Even then, it’s entirely possible the lawsuit is settled or dismissed before it gets that far.
Either way, the best thing for consumers to do at this point is stay informed—and continue to maintain social distance until things begin to change.
The complaint can be found below.
Sign up for ClassAction.org’s newsletter here.