4 Min Read

Zoom - Class actions go international

Read more

By Eleanor Ludlam and Camila Elliot

|

Published 30 June 2022

Overview

Just when Zoom thought that the media spotlight had dimmed on its data privacy scandal which hit the headlines last summer, on 31 May 2022, a Class Action[1] was filed against Zoom Video Communications Inc. in the same US District Court for the Northern District of California.

It follows the $85million nationwide Class Action settlement, between Zoom and its US-based users[2] for violating users’ privacy rights, misrepresenting the strength of its encryption protocols and failing to stop “Zoombombing” by unauthorised third parties[3].

Despite agreeing to the terms of the Settlement Agreement and Release, which was granted final approval by the Court on 21 April 2022, Zoom’s statement on its website reads: “Zoom denies these allegations, denies any liability whatsoever, and believes that no member of the Settlement Class, including the Plaintiffs, has sustained any damages or injuries due to these allegations.”[4]

The Proposed Class

The Class in the recently settled ‘In re: Zoom Video Communications Inc. Privacy Litigation’ (theUS-user Action”) was explicitly limited to US residents and, therefore, it was almost inevitable that international Zoom app users would soon follow suit. 

Lead Plaintiffs, a UK and a New Zealand resident, Westron and Milne, propose to represent “All Persons in Australia, Canada, New Zealand, and/or the United Kingdom of Great Britain and Northern Ireland, who, at any time subsequent to 31 May 2018, registered, used, opened, or downloaded the Zoom Meetings Application (“App”)”. Government and Enterprise-Level Zoom account holders are excluded from the proposed Class, however it is still expected to include “hundreds of thousands” of members residing in these four countries.

The Allegations and Relief sought

Although excluded from the US-user class action, the Plaintiffs claim that they were still victims of the same failures, alleging that:

  • Zoom transferred sensitive personally identifiable information to third parties (such as Facebook and Google), including but not limited to, Global Positioning System data which reveals users’ precise physical location, without first obtaining adequate consent. This personal information is collated “for purposes of targeted advertising and to attempt to influence [the Plaintiff’s] behaviours”.
  • Zoom misrepresented the strength of its videoconferencing security, claiming to use end-to-end encryption protocols, when at the time, it did not.
  • Zoom breached an “implied contract” whereby it was obligated to provide secure video conferencing which is not vulnerable to unauthorised access by third parties. They claim that instead Zoom utilised its video conferencing services to “track its users’ personal data for commercial purposes” and “failed to take reasonable steps to safeguard Plaintiffs’ and Class Members’ private and sensitive personal information”.

The Plaintiffs state that they relied upon Zoom’s claimed security attributes and data privacy promises which were influential to their subscription purchase and choice to use the Zoom App over alternative videoconferencing providers.

Plaintiffs are seeking monetary damages and injunctive relief reflective of the settlement agreement in the US-user Action, including prohibiting Zoom from sharing any of the Class members’ sensitive personal data to any third party without users’ consent and disclosure of: (a) the identities of such third parties; (b) the precise nature of the data to be provided to such third parties; and (c) Zoom’s understanding of the use or uses to which such third parties would put such data.

Zooming-out?

Zoom remains a market leader for videoconferencing, hosting 300 million meeting participants daily, up from 10 million in 2019 and it is likely that its popularity will help mitigate any reputational bruising. However, it will still have to make efforts to win back consumer trust in order to not lose out to competitors such as Microsoft Teams and Google Meet. It claims to have carried out significant app updates, to introduce end-to-end encryption and to have applied more than 100 features to tackle privacy and safety concerns and bolster its security.

This Class Action serves as yet another reminder that big tech companies must prioritise the privacy and security of its users. As Vice-President of IAPP, Caitlin Fennessy, commented in the wake of the US-user Action: “This settlement is yet another example that data and dollars – profit and risk – will be inextricably linked for years to come.

[1] Class Action Complaint on behalf of the Non-American Peoples of the Five-Eyes Countries; Demand for Jury Trial - https://files.lbr.cloud/public/2022-06/5%2022%20cv%2003147.pdf?VersionId=

[2] In re. Zoom Video Communications, Inc. Privacy Litigation, N.D. Cal. Master Case No. 3:20-cv-02155-LB

[3] Class Action Settlement and Release - https://www.zoommeetingsclassaction.com/Content/Documents/Settlement%20Agreement.pdf

[4] https://www.zoommeetingsclassaction.com/

Authors