Zoom found guilty of violating users’ privacy and sharing personal data with Facebook, Google, and LinkedIn; agreed to pay $85 million in settlement

A little over a year ago, we wrote about Zoom after a team of cybersecurity researchers at the University of Toronto-based Citizen Lab found that the Zoom app sent user data and encryption keys to China.

“This report examines encryption in the popular Zoom app. We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses & we identify potential areas of concern in Zoom’s infrastructure, including the transmission of encryption keys through China,” report’s authors, Bill Marczak and John Scott-Railto, said.

Then on March 11, 2021, a group of Zoom users filed a class-action lawsuit at the U.S. District Court, Northern District of California, claiming that Zoom violated users’ privacy rights by sharing personal data with Facebook, Google, LinkedIn, and letting hackers disrupt Zoom meetings in a practice called Zoombombing. The court partially granted some of the Plaintiffs’ requests and also “denies in part” Zoom’s motion to dismiss.

“Plaintiffs, on behalf of themselves and two putative nationwide classes, allege that Defendant Zoom Video Communications, Inc. (“Zoom”) violated nine provisions of California law. Plaintiffs specifically claim that Zoom violated California law by (1) sharing Plaintiffs’ personally identifiable information with third parties; (2) misstating Zoom’s security capabilities; and (3) failing to prevent security breaches known as “Zoombombing.” Before the Court is Zoom’s motion to dismiss Plaintiffs’ first amended complaint. ECF No. 134. Having considered the parties’submissions; the relevant law; and the record in this case, the Court GRANTS IN PART and DENIES IN PART Zoom’s motion to dismiss,” the court document reads.

Today, the San Jose-based Zoom agreed to pay $85 million to settle a lawsuit claiming it violated users’ privacy rights but denied wrongdoing in agreeing to settle. Meanwhile, the preliminary settlement filed on Saturday afternoon still has to be approved by U.S. District Judge Lucy Koh in San Jose, California.

According to the settlement agreement, subscribers in the proposed class action would be eligible for 15% refunds on their core subscriptions or $25, whichever is larger, while others could receive up to $15.

The company also agreed to bolster its security practices and security measures including alerting users when meeting hosts or other participants use third-party apps in meetings and providing specialized training to employees on privacy and data handling.

“Though Zoom collected about $1.3 billion in Zoom Meetings subscriptions from class members, the plaintiffs’ lawyers called the $85 million settlement reasonable given the litigation risks. They intend to seek up to $21.25 million for legal fees,” Reuters reported.

Zoombombing is where outsiders hijack Zoom meetings and display pornography, use racist language or post other disturbing content.

Judge Koh said Zoom was “mostly” immune for Zoombombing under Section 230 of the federal Communications Decency Act, which shields online platforms from liability over user content.

In April 2020, Zoom grew by over  50 percent in just 3 weeks, topping 497,000 customers with more than 10 employees, up from 81,900 in January 2020. Zoom said user growth could slow or decline as more people get vaccines and return to work or school in-person.

Zoom was founded in 2011 by Eric Yuan. Just like all immigrants looking for a better life, Yuan immigrated to the United States from China in the mid-90s because of the Internet. Yuan’s visa application was denied 8 times before he came to the U.S. Today, Yuan is worth $12 billion