Zoom Video Communications are being sued for the unauthorised collection and sharing of user’s data with Facebook.

Zoom are an American company offering cloud-based services for video conferencing, content sharing, webinars and remote collaboration.

Since the COVID-19 pandemic where remote working has been encouraged in countries across the globe, Zoom has increasingly become the go-to service. Since the beginning of February Zooms share price more than doubled. However, following concerns about the security of data on the cloud-based platform, share prices have recently plummeted 18%.

BACKGROUND

Motherboard reported on 26 March 2020  that Zoom was sharing users data to Facebook without permission.

On 27 March, Zoom then admitted that the Zoom App was sending personal information to Facebook when downloaded and when the app was subsequently opened and closed. It is possible to login to the Zoom app with Facebook, and the disclosures began when this feature was released, without informing users.

Information disclosed included IP address, iOS Device Model, iOS Language, iOS Time zone.

Regardless of whether the user had a Facebook account, the data was still being collected and sent.

Following this admission Zoom released an updated version of the app on 27 March 2020, stating that this data is no longer passed on.

However, there is nothing to force a user to update the app, and the data already collected by Facebook cannot be easily removed.

This has resulted in Zoom being pursiued in the USA, Cullen v. Zoom Video Communications, No. 20-cv-02155, U.S. District Court for the Northern District of California (San Jose) .

THE CASE

The plaintiff is Robert Cullen, a user who downloaded and used the app.

He brings the action on behalf of himself and other users as a class action under the Federal Rules of Civil Procedure, Rule 23(a), (b)(2) and (b)(3), seeking injunctive relief and damages pursuant to federal law and California unfair competition, consumer protection, and privacy laws.

Under California statutes (the Californian Consumer Privacy Act, Privacy Act, Unfair Competition Law and Consumers Legal Remedies Act) the lawsuit alleges negligence, unjust enrichment and a violation of the privacy provision of the California constitution.

The California Consumer Privacy Act of 2018 went into effect on 1 January 2020 and aims to protect consumers’ personal information from collection, and for use of the data by corporations without appropriate notice and consent. The remedies sought are damages, equitable relief and costs.

The case states that Zoom’s “wholly inadequate program design and security measures have resulted, and will continue to result, in unauthorized disclosure of its users’ personal information to third parties, including Facebook” [13].

The case demands a trial by jury.

Until the case is heard, users will have serious concerns about Zoom’s ability to protect its data, which in turn could have a real impact on the corporation.

SpaceX, the rocket company owned by Elon Musk has already banned its employees form using Zoom and it is likely that others will follow suit, leaving Zoom in a very precarious position.