Class action settlements over privacy claims against Zoom and others show that taking privacy seriously makes good business and legal sense
August 12, 2021 |
Zoom has reached a $85 million settlement arising out of a lawsuit, IN RE: ZOOM VIDEO COMMUNICATIONS, INC. PRIVACY LITIGATION (5:20-cv-02155), which claimed its violated its clients’ privacy rights by sharing personal data with Facebook, Google and Linked In. The claim also alleged that Zoom’s security practices were unsatisfactory as they let hackers zoom meetings. That practice has become so notorious that it has a term, zoom bombing. There has been extensive coverage with reports it itnews, abc, BBC. The Reuters coverage provides a good summary providing:
Zoom Video Communications Inc (ZM.O) agreed to pay $85 million and bolster its security practices to settle a lawsuit claiming it violated users’ privacy rights by sharing personal data with Facebook, Google and LinkedIn, and letting hackers disrupt Zoom meetings in a practice called Zoombombing.
A preliminary settlement filed on Saturday afternoon requires approval by U.S. District Judge Lucy Koh in San Jose, California.
Subscribers in the proposed class action would be eligible for 15% refunds on their core subscriptions or $25, whichever is larger, while others could receive up to $15.
Zoom agreed to security measures including alerting users when meeting hosts or other participants use third-party apps in meetings, and to provide specialized training to employees on privacy and data handling.
The San Jose-based company denied wrongdoing in agreeing to settle.
In a statement on Sunday, Zoom said: “The privacy and security of our users are top priorities for Zoom, and we take seriously the trust our users place in us.”
Saturday’s settlement came after Koh on March 11 let the plaintiffs pursue some contract-based claims. read more
Though Zoom collected about $1.3 billion in Zoom Meetings subscriptions from class members, the plaintiffs’ lawyers called the $85 million settlement reasonable given the litigation risks. They intend to seek up to $21.25 million for legal fees.
Zoombombing is where outsiders hijack Zoom meetings and display pornography, use racist language or post other disturbing content.
Koh said Zoom was “mostly” immune for Zoombombing under Section 230 of the federal Communications Decency Act, which shields online platforms from liability over user content.
Zoom’s customer base has grown sixfold since the COVID-19 pandemic forced more people to work from home.
The company had 497,000 customers with more than 10 employees in April 2021, up from 81,900 in January 2020. It has said user growth could slow or decline as more people get vaccines and return to work or school in-person.
The case is In re: Zoom Video Communications Inc Privacy Litigation, U.S. District Court, Northern District of California, No. 20-02155.
Zoom has suffered from the classic start up mistake of moving and developing quickly while paying scant regard for cyber security and privacy protections. That has resulted in many security and privacy issues in addition to the problems associated with the above settlement. Those problems attracted the ire of the Federal Trade Commission resulting in a settlement this years requiring Zoom to implement a comprehensive security program, review any software updates for security flaws prior to release and ensure the updates will not hamper third-party security features. The order lasts for 20 years.
There has also been a likely settlement in the Plaid Fintech Data Privacy proceeding involving a $58 million settlement fund. The key element in that case was that Plaid obtained and used bank account credentials without consent.