Class Action Alleges Zoom Shares User Info with Facebook, Other Third Parties Without Proper Notice [UPDATE]
Last Updated on July 21, 2022
May 21, 2020 – Case Alleging Zoom “Capitalizing” Off Pandemic Moved to Northern California
A proposed class action lawsuit alleging Zoom is “capitalizing off the global pandemic” by selling user information to Facebook without consent has been transferred from the Central District of California to the state’s Northern District.
The case, filed April 3, mirrors the barrage of litigation aimed at Zoom alleging the video conferencing company has falsely touted being encrypted end to end while fully aware that hackers have been able to access users’ webcams to hijack and disrupt meetings.
“Zoom consistently violates its duty to implement and maintain reasonable security practices, and misleads consumers about the security benefits of the Product,” the 32-page suit alleges.
The lawsuit can be read here.
Zoom Hit with Another Case in California’s Northern District
Zoom Video Communications finds itself as the defendant in yet another proposed class action wherein a consumer claims the company has failed to protect the personal information of millions of users.
Mirroring a number of other cases filed against Zoom amid the COVID-19 pandemic, the lawsuit alleges that upon installing or opening the app, Zoom collects and discloses personal user information with third parties, including Facebook, without adequate notice or authorization to do so. Relatedly, the case charges Zoom has not been forthright with users when it comes to its identification and disclosure of what information the video software collects and with whom it is shared.
“Had Zoom informed its users that it would use inadequate security measures and permit unauthorized third-party tracking of their personal information, users – like Plaintiff and Class members – would not have been willing to use the Zoom App,” the complaint reads.
The lawsuit can be found here.
Update – Eight Zoom Class Actions Combined by Federal Judge
Eight proposed class action lawsuits against Zoom Video Communications, Inc. centered on user privacy allegations will now be handled before the same judge in California federal court.
United States District Judge Lucy H. Koh signed off on the order relating the cases on April 24 with the goal of avoiding an “unduly burdensome duplication of labor and expense” and the possibility of conflicting results should the lawsuits be handled individually.
The order comes as Zoom works its way through a 90-day plan to improve its ubiquitous video conferencing platform amid a laundry list of privacy and security issues brought to light via media reports and public criticism.
Update – Zoom Hit with Additional Lawsuits Alleging Privacy Failures, Undisclosed Data Sharing
Zoom faces at least two more proposed class action lawsuits that allege the ubiquitous video conferencing software has put the personal information of millions of consumers at risk.
Filed in California federal court, the lawsuits allege Zoom has effectively played too fast and too loose with the information of more than 200 million users due to its apparent failure to implement and maintain reasonable security measures and disclose its data collection and sharing practices.
One case charges that Zoom is “now playing catch-up” to fix the myriad of user data protection issues that have come to light in recent weeks. The suit alleges the company’s “rushed-to-market technologies” are in part to blame for consumers’ information being exposed “both intentionally by Zoom” and “maliciously by nefarious actors” exploiting the platform’s data vulnerabilities. The other lawsuit alleges Zoom has intentionally omitted from its privacy policy that it shares user data with Facebook, LinkedIn and other third parties, as well as overstated the capability of its platform to support much-touted end-to-end encryption.
Update – April 10, 2020 – Zoom Hit with Class Action Over Stock Drops Linked to Privacy Concerns, “Suspicious” Trading
Zoom Video Communications and the embattled company’s CEO and CFO face a proposed securities class action over drops in stock price that an investor says are linked to a “storm of bad publicity” centered on concerns with the platform’s lackluster data security and user privacy protections.
Filed on April 8 in California, the complaint alleges Zoom, between April 18, 2019 and April 6, 2020, issued to investors “materially false and misleading” statements concerning the overall strength of the platform’s supposedly “robust” security. Front and center in the lawsuit is a nearly 20-percent dip in stock price that occurred in early April at the tail end of a slew of negative media reports (and the filing of multiple class actions) over Zoom’s shortcomings in protecting user privacy as usage of the platform exploded with much of the country under quarantine.
The plaintiff additionally claims in the case that Zoom executives executed “substantial and suspicious” insider trades of company stock “directly prior” to when prices dropped due to harsh media attention.
ClassAction.org’s write-up on the case can be found here.
Update – April 9, 2020 – Zoom Hit with Yet Another Class Action Over Privacy Issues, ‘Inadequate’ Data Security
Zoom Video Communications now faces a proposed class action in California over what a consumer alleges is the company’s unlawful sharing of user information with third parties and failure to have in place adequate security measures to properly safeguard against the “breach and infiltration” of the video conferencing platform.
The case says that while Zoom’s services have come to be used by hundreds of millions of people, including the Centers for Disease Control and Prevention (CDC) and the Department of Homeland Security, recent media reports have shed light on the company’s troublesome data collection and sharing practices, along with apparently lackluster security measures. The latter, according to the suit, has allowed for “Zoombombing,” an instance when an uninvited individual drops in on a video conference without consent. The suit cites a letter issued to Zoom by New York’s Attorney General, as well as a warning from the FBI, over incidents in which video conferences were disrupted by “pornographic and/or hate images and threatening language.”
“While millions of consumers and thousands of business and government agencies continue to rely on Zoom to conduct their business during the COVID-19 pandemic, the data-privacy violations and security vulnerabilities at Zoom remain unremedied,” the lawsuit alleges.
The lawsuit, filed in California’s Northern District, can be found here.
Get class action lawsuit news directly to your inbox – sign up for ClassAction.org’s newsletter here.
Update – April 7, 2020 – Zoom Hit with Another User Privacy Class Action
Zoom has been hit with at least one other proposed class action lawsuit alleging the video conferencing platform shares personally identifiable user information with third parties without consent. The suit’s filing comes as state and federal regulators grow increasingly vocal in their concerns over how ultra-popular Zoom handles user privacy and data security with much of the country relying on video conferencing while at home during the novel coronavirus pandemic.
Filed in California, the case claims the iOS version of Zoom’s mobile app sends targeted advertising data to Facebook and other companies each time it’s opened, without consent from or disclosure to users. Information sent to third parties without consent includes a user’s device details, time zone, city and unique advertiser ID, which “can be linked to the individual identity of the Zoom customer,” the suit says.
“Reasonable customers do not understand that when they sign up to use Zoom videoconferencing services that means that their [personally identifiable information] will be provided to Facebook—a company that is notorious for lax security measures,” the case alleges.
The lawsuit can be found here.
Zoom Video Communications, Inc. has been hit with a proposed class action lawsuit that alleges the video conferencing platform, which has skyrocketed in popularity in recent weeks due to the COVID-19 outbreak, shares user data with Facebook and other third parties without adequate notice.
The lawsuit, filed in the Northern District of California, alleges that although the company “boasts its appreciation for the importance” of users’ privacy, such statements are false given that the video platform’s design and security measures are “wholly inadequate.” According to the lawsuit, Zoom’s failure to disclose to users that their information is being shared with third parties, as well as its lack of proper security protocols, amounts to a privacy violation and “falls well short of Zoom’s promises.”
The case’s filing coincides with a New York Times report that New York’s Attorney General’s office would be investigating Zoom’s user privacy practices.
Stay in touch
With most of the country maintaining social distance during the coronavirus pandemic, Zoom’s status (and stock price) has taken off as millions of consumers look for ways to stay in touch with friends, co-workers and loved ones, the case says. With Zoom’s software, users can host or participate in video conferences for free via either a web browser or the company’s mobile app, taking advantage of what Zoom calls “flawless video, crystal clear audio, instant screen sharing, and cross-platform instant messaging.”
Though Zoom claims to identify in its privacy policy the information the company collects from those who use its products, the defendant has not been entirely upfront with regard to its disclosure of this data, the lawsuit alleges. Whereas Zoom represents in its privacy policy that it “utilize[s] a combination of industry-standard security technologies, procedures, and organizational measures” to protect user data from unauthorized use, the company at the same time has included code in its app that allows for the disclosure of users’ information to Facebook and “possibly other third parties.”
Vice Media report uncovers alleged data sharing
Detailed in the lawsuit is a March 26, 2020 Motherboard report from writer Joseph Cox that outlines the Zoom app’s allegedly unauthorized disclosure of user information to Facebook. According to the report, the Zoom app notifies Facebook when a user, even one without a Facebook account, opens Zoom. It also shares certain details such as a user’s device model, time zone, city and phone carrier, along with a unique identifier that companies can use for targeted advertising. Citing the Motherboard report, the case adds that Cox’s findings were verified by Will Strafach, an iOS researcher and founder of the privacy-focused Guardian app.
“Zoom is not forthcoming with the data collection or the transfer of it to Facebook,” the Motherboard article reads.
After the report’s publication, Zoom confirmed its data collection practices and offered a statement to Motherboard, saying in part:
Zoom takes its users’ privacy extremely seriously. We originally implemented the ‘Login with Facebook’ feature using the Facebook SDK in order to provide our users with another convenient way to access our platform. However, we were recently made aware that the Facebook SDK was collecting unnecessary device data.
To address this, in the next few days, we will be removing the Facebook SDK and reconfiguring the feature so that users will still be able to login with Facebook via their browser. Users will need to update to the latest version of our application once it becomes available in order for these changes to take hold, and we encourage them to do so. We sincerely apologize for this oversight, and remain firmly committed to the protection of our users’ data.”
The case, which alleges violations of California’s Consumer Privacy Act, argues that even with a new version of the Zoom app that purportedly no longer shares information with Facebook, “the harm to Plaintiff and the Class members has been done and continues.” Zoom has taken no action to block older versions of the app from operating, the suit continues, meaning that unless users affirmatively update their app, “they likely will continue to unknowingly send unauthorized personal information to Facebook” and potentially other third parties.
“Zoom could have forced all iOS users to update to the new Zoom App to continue using Zoom but appears to have chosen not to,” the suit says.
The potential compensation Zoom receives from Facebook and possibly other third parties in exchange for user information is unknown, the lawsuit says. According to the complaint, consumers would not have been willing to use the Zoom app had they been made aware of the company’s inadequate security measures and data-sharing practices.
Who’s covered by this lawsuit?
The case looks to cover all individuals and businesses in the United States whose personal or private information was collected and/or disclosed by Zoom to a third party upon installation or opening of the Zoom video conferencing app.
How can I join this lawsuit?
Now is as good enough a time as any to remind readers that, in general, there’s nothing that needs to be done to “join” a proposed class action lawsuit. As this case was just filed, there’s still quite a ways to go before the case even gets certified as a bona fide class action. Even then, it’s entirely possible the lawsuit is settled or dismissed before it gets that far.
Either way, the best thing for consumers to do at this point is stay informed—and continue to maintain social distance until things begin to change.
The complaint can be found below.
Sign up for ClassAction.org’s newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
A note on class action complaints:
Bear in mind that the information in this blog post summarizes the allegations put forth in the following legal complaint. At the time of this writing, nothing has been proven in court. Anyone can file a lawsuit, with or without the representation of an attorney, for any reason, and ClassAction.org takes no position on the merits of the suit. Class action complaints are a matter of public record, and our objective on this website is merely to share the information in these legal documents in an easily digestible way.
Before commenting, please review our comment policy.