Zoom Privacy Breach Class Action

What is this law suit about?

Collette Parsons Corrin LLP has commenced a multi-jurisdictional (national) class action against Zoom Media Communications Inc. The case is being advanced on behalf of all Canadian residents whose personal information was collected and/or disclosed by Zoom to a third party upon installation or opening the Zoom videoconferencing application.  It is alleged that the Zoom videoconferencing application was programmed to improperly disclose information about users of the App to Facebook and potentially other third parties.

Zoom produces and provides for use to Canadian individuals and corporations an online video conferencing platform that enables users to videoconference for business, education, and social purposes.  The use of Zoom’s videoconferencing technology has become widespread, and increased exponentially with the COVID-19 pandemic.

Users of Zoom may use its videoconferencing service through an App for iOS (Apple’s mobile operating system), an App for Android Devices, an App for MacOS (Apple’s desktop and laptop operating system) [collectively the “Zoom App”].

In the Apple iOS app store the Zoom App is called “ZOOM Cloud Meetings”.  The marketing description for the Zoom App in the iOS App store states, in part, as follows:

Stay connected wherever you go – start or join a meeting with flawless video, crystal clear audio, instant screen sharing, and cross-platform instant messaging – for free!

Zoom is #1 in customer satisfaction and the best meeting experience on mobile.

On Zoom’s website, www.zoom.us/privacy-and-legal, Zoom states, “You can trust us to connect you to the people that matter.  We value that trust more than anything else.  We want you to know what data we collect and how we use it to provide our service.” A link is provided to Zoom’s privacy policy (the “Privacy Policy”).

In the Privacy Policy, Zoom purports to identify and disclose to its users all the information Zoom automatically collects from its users when they use its services.

Zoom states in the Privacy Policy as follows concerning the measures it takes to protect its users’ personal data:

Security of your Personal Data

Zoom is committed to protecting the Personal Data you share with us. We utilize a combination of industry-standard security technologies, procedures, and organizational measures to help protect your Personal Data from unauthorized access, use, or disclosure…

Despite Zoom’s representations and assurances, it included code in the Zoom App that made undisclosed disclosures of its users’ personal information to Facebook, and potentially other third parties.

On March 26, 2020, Joseph Cox posted a report on a web based news site called Motherboard, operated by Vice Media Group, revealing that the Zoom App contains code that makes unauthorized disclosure of users’ personal information to Facebook – even if the user does not have a Facebook account. (click here to see the article)

It is alleged that each time the user opens the Zoom App, the information disclosed to Facebook includes, the user’s device model, the time zone and city they are connecting from, the user’s phone carrier, and a unique advertiser identifier automatically created by the user’s device which can be used to target the user with advertisements.  This information is disclosed to Facebook regardless of whether the user has a Facebook account.

The compensation Zoom receives from Facebook, and potentially other third parties, for unauthorized disclosure of personal information is unknown.

On March 27, 2020 Zoom posted an entry on its blog, located on its website, admitting that the Zoom App was sending information to Facebook upon installation of the Zoom App and each time the Zoom App was opened.  Zoom also admitted that the unauthorized disclosures began when Zoom contracted with Facebook to implement a “Login with Facebook” feature using Facebook’s proprietary “software development kit”.

On March 27, 2020 Zoom released an updated version of the Zoom App which purported to no longer send unauthorized information regarding its users to Facebook.  In order to obtain the purported increased security of the updated Zoom App, users must take the affirmative step of updating the Zoom App.

Zoom did not take steps to block earlier versions of the App from accessing its videoconferencing platform to ensure that its users would download the updated version of the Zoom App.

Zoom did not ensure that Facebook, or any other third party, took steps to delete Zoom users’ improperly collected private information.

In the Class Action Collette Parsons Corrin LLP seeks damages for Canadian Residents whose privacy was breached by Zoom.

Updates