On March 30, 2020, class claims were filed in federal court in the Northern District of California against video conferencing provider, Zoom Video Communications, Inc., alleging that the company failed to properly safeguard the personal information of millions of its users.
In the complaint, named plaintiff Robert Cullen alleges that due to the global pandemic COVID-19, the majority of Americans are currently under a “stay at home” order and therefore must work from home. This has increased the popularity of web conferencing companies, like Zoom, that allow for easily-conducted remote conferencing, online meetings, chats and mobile collaborations.
Since mid-March 2020, the concept of a “Zoom Meeting” has become the norm in most American businesses and as a result, the company’s stock price has increased 115% since the onset of COVID-19. In its marketing material, Zoom boasts that users can “stay connected wherever you go—start or join a meeting with flawless video, crystal clear audio, instant screen sharing, and cross platform instant messaging—for free!” Zoom assures its customers that the company values users’ privacy stating, “You trust us to connect you to the people that matter. We value that trust more than anything else. We want you to know what data we collect and how we use it to provide our service.” Zoom further maintains that it utilizes a combination of industry standard security technologies, procedures and organizational measures to protect customers’ personal data from unauthorized access.
However, the plaintiff alleges that despite Zoom’s assurances, the Zoom App includes undisclosed code that shares customers’ personal information and activity with Facebook and possibly other third parties. According to the complaint, the Zoom app notifies Facebook when a user opens the app; provides details on the user’s device such as the model, the time zone and city they are connecting from; the phone carrier’s identity; and a unique advertiser identifier created by the user’s device which then allows companies to target Zoom customers with advertisements.
On March 27, 2020, Zoom publicly admitted in a blog entry on its official website that the Zoom App does send to Facebook the following information upon installation of the app: Application Bundle Identifier, Application Instance ID, Application Version, Device Carrier, iOS Advertiser ID, iOS Device CPU Cores, iOS Device Disk Space Available, iOS Device Disk Space Remaining, iOS Device Display Dimensions, iOS Device Model, iOS Language, iOS Timezone, iOS Version, and IP Address.
On the same day as this admission, Zoom released a new version of the Zoom App which it claims no longer sends unauthorized personal information to Facebook. However, Zoom has yet to take any action to block any of the prior versions of the Zoom App from operating; thus, unless customers affirmatively update their Zoom App, it is still likely that Zoom is sending unauthorized personal information to Facebook.
Plaintiff argues that, had he and his fellow class members been aware of Zoom’s failure to implement adequate security protocols, they wouldn’t have used the product and would have chosen another video conferencing product. Plaintiff seeks to represent a class made up of all persons and businesses in the U.S. whose personal or private information was collected and/or disclosed by Zoom to a third party upon the installation or opening of the Zoom App.
The suit brings causes of action for violation of the California Consumer Privacy Act, unlawful and unfair business practices, violation of the California Consumers Legal Remedies Act, negligence, invasion of privacy and violation of the California Constitution and unjust enrichment.
The case is: Cullen v. Zoom Video Communications Inc., Case No.: 5:20-cv-02155, in the U.S. District Court for the Northern District of California.
Counsel Financial provides working capital credit lines exclusively for the plaintiffs' bar in all states except California, where credit lines are issued by California Attorney Lending.