Some items on our site have recently moved. Visit our News Hub for selected articles, special reports, podcasts and other resources.
Zoom's $85 million privacy settlement eases risk with cash payout
02 August 2021 22:44 by Amy Miller
Zoom has agreed to pay $85 million to settle privacy litigation over Zoombombings that disrupted meetings with pornography, foul language or other disturbing content. The deal eases litigation risk for Zoom, which failed in its effort to gain protection under the controversial US legal shield that protects websites from liability for third-party content.
If the deal is approved by a US federal judge, Zoom subscribers will be eligible for 15 percent refunds on their core subscriptions or $25, whichever is larger, while others could receive up to $15.
The cash payments are unusual in privacy class actions. Class members in such cases rarely receive direct payments as part of a settlement, except in cases involving the Illinois Biometric Information Privacy Act, which provides for damages of $1,000 to $5,000 per violation.
Without the costly damages prescribed by BIPA, most privacy lawsuits against tech companies such as Facebook and Google are settled with so-called cy-pres payments that go to various privacy groups and universities, instead of individual class members.
Zoom users haven’t asserted any BIPA violations. Plaintiffs began suing the videoconferencing platform for invasion of privacy, negligence and breach of contract in March 2020, soon after the Covid pandemic reached the US. The Zoom users described a litany of abuse, including racist postings and other offensive conduct that interrupted public meetings.
They also allege that Zoom shared their personal information with third-party services such as Facebook, Google and LinkedIn, and falsely told users that its service provided end-to-end encryption.
Zoom managed to escaped most of the claims in March through Section 230 of the Communications Decency Act. Zoom can’t be held liable for injuries stemming from the “heinousness” of content posted by third parties under Section 230, even the offensive, sometimes racist Zoombombings that interrupted public meetings, US District Judge Lucy Koh in San Jose said.
But Section 230 doesn't protect Zoom from users’ claims that the Zoombombings violated its contract with users, she said, because those allegations don't hinge on the harmfulness of that content.
Section 230 immunizes companies from legal claims regarding screening out offensive material, Koh said, “not failures to secure software from intrusion.”
Therefore, the plaintiffs could pursue claims that Zoom’s security failures breached its contract with users, Koh said.
Two months later, Zoom notified the court that the parties were negotiating a settlement. They filed a motion for preliminary approval on Saturday.
Zoom also agreed to make changes to its business practices under the deal, a much more common feature of privacy settlements. For example, Disney, Viacom, Twitter and more than a dozen app developers settled litigation recently accusing the companies of baking covert tracking technology into their software, agreeing to wide-ranging changes in their business practices. The deal won final approval in April.
Zoom agreed to implement additional security measures, including alerting users when meeting hosts or other participants use third-party apps in meetings, and to provide specialized training to employees on privacy and data handling.
Zoom will make sure that its privacy statements disclose that users can share data with third parties, but it also agreed not to reintegrate Facebook's trackers for iOS into Zoom meetings for a year.
Zoom will also implement a “documented process for communication with law enforcement about meeting disruptions involving illegal content,” along with a devoted team to oversee this process.
“The privacy and security of our users are top priorities for Zoom, and we take seriously the trust our users place in us,” Zoom said in a statement. “We are proud of the advancements we have made to our platform, and look forward to continuing to innovate with privacy and security at the forefront.”
A hearing before Koh on the preliminary settlement motion is slated for Oct. 21.
26 May 2023 14:59 by Sam ClarkWhen the EU’s General Data Protection Regulation came into force five years ago, some said it would usher in a new era of EU supremacy over Silicon Valley's tech giants, reining in their rampant data-driven power.
24 May 2023 15:39 by Mike SwiftSince the General Data Protection Regulation took effect five years ago this week, more than 40 countries have enacted national privacy laws, most of which drew liberally from the canonical text of the EU law.
23 May 2023 23:47 by Mike SwiftThe count of countries with data protection laws more than doubled to 162 over the past dozen years, a total that includes a wide majority of the world’s nations, with new research suggesting data protection rules are approaching ubiquity.