Zoom accused in lawsuit of improperly sharing user data with Facebook

Zoom Video Communications, the popular online video conferencing platform, is facing a class-action lawsuit for allegedly sharing users’ data with companies like Facebook without those individuals’ consent.

The suit, filed in federal court in California by a Zoom user, accuses the company of failing to “properly safeguard the personal information of the increasing millions of users” of its platform and disclosing that information without adequate notice or authorization to Facebook and possibly other third parties. It alleges that the behavior invades the privacy of users and violates California’s Unfair Competition Law, Consumers Legal Remedies Act and the Consumer Privacy Act. 

The lawsuit cites a Vice report from last week that detailed how the iOS version of the Zoom app sent some user data to Facebook, even if a particular user did not have a Facebook account. According to an analysis conducted by the news outlet, Zoom notified Facebook when a user opened the app and provides details on user’s device, such as the model and the time zone the person is in. 

The data reportedly included which phone carrier an individual is using and a unique advertiser identifier. 

“The unique advertising identifier allows companies to target the user with advertisements,” the lawsuit alleges. “This information is sent to Facebook by Zoom regardless of whether the user has an account with Facebook.”

The plaintiff alleges that users would not have been willing to use Zoom’s app if the company had disclosed it would “permit unauthorized third-party tracking of their personal information.” The individual seeking injunctive relief and damages pursuant to federal and California law. 

Zoom CEO Eric Yuan addressed the data sharing practices in a blog post last week after Vice’s report was published. Yuan claimed that the data sharing spawned from Zoom giving iOS users the option to login to the app with their Facebook account and that the company was unaware of practice until March 25. 

“Our customers’ privacy is incredibly important to us, and therefore we decided to remove the Facebook SDK in our iOS client and have reconfigured the feature so that users will still be able to log in with Facebook via their browser,” he said. 

Zoom has gained increasing popularity in recent weeks, as hundreds of businesses require all of their employees to work remotely due to the coronavirus pandemic. At the same time, the company has began to face more scrutiny over its privacy practices. 

New York Attorney General Letitia James on Monday sent the company a letter asking it to outline any new security measures its implementing to address a surge in traffic on its network. James noted that she was concerned about how quickly Zoom was addressing security issues that could “enable malicious third parties to, among other things, gain surreptitious access to consumer webcams.”

The FBI has also warned of the emergence of video tele-conferencing hijacking, or “Zoom-bombing,” saying that its received multiple reports of video chats being disrupted with pornographic or hate images.