Over the weekend, Zoom Video Communications agreed to pay $85 million and increase its security measures to settle a proposed class-action lawsuit—although Zoom still denies any wrongdoing.
It’s no surprise that Zoom saw a huge increase in business during the pandemic—more than four times as much—but that spike didn’t come without some growing pains. The company scrambled to patch up security issues following an inquiry by the New York Attorney General and faced public scrutiny when it revealed that its end-to-end encryption didn’t live up to the name. And let’s not forget the security holes that allowed hackers to “Zoombomb”: intruding into private meetings to which they were not invited, and often displaying disturbing content such as pornography or racist language.
These issues ultimately led to a lawsuit in which the plaintiffs (11 individuals and two churches) claimed that Zoom violated user privacy laws by sharing personal data with Google and social media platforms like Facebook and LinkedIn.
District Judge Tosses Several Claims in March
Back in March, U.S. District Judge Lucy Koh dismissed many of the plaintiff’s claims based on theories of invasion of privacy, negligence, and California’s consumer privacy and anti-hacking laws. She said that the plaintiffs failed to prove that Zoom shared or sold the plaintiff’s data without permission (and that, at best, Zoom disclosed other people’s data who were not necessarily the plaintiffs).
Judge Koh also ruled that according to Section 230 of the Communications Decency Act, the company was “mostly” immune from liability for Zoombombing because Congress intended the Act to protect companies like Zoom from being liable for user-generated content (here, Zoombombers are themselves, third-party users).
Judge Koh did allow the claims based on contract laws to proceed.
Settlement Based on Potential Breach of Contract Claims
The proposed class action alleged that the plaintiffs relied on Zoom’s promises that:
- Zoom does not sell users’ data
- Zoom takes privacy seriously and adequately protects users’ personal information, and
- Zoom’s video conferences are secured with end-to-end encryption
Judge Koh ruled earlier that the pleadings did adequately allege a breach of contract—specifically, that the plaintiffs and Zoom “entered into implied contracts, separate and apart from Zoom’s terms of service, under which [Zoom] agreed to and was obligated to take reasonable steps to secure and safeguard sensitive information.”
The $85 million settlement is a fraction of the $1.3 billion class members paid in Zoom Meetings subscriptions, but they intend to seek up to $21.5 million in legal fees.