Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.
Sign up for our Cybersecurity & Privacy newsletter
You must correct or enter the following before you can sign up:
Thank You!
Law360 (March 31, 2020, 10:47 AM EDT) -- Zoom Video Communications Inc., the video conference service and de facto platform for digital communication during the COVID-19 pandemic, has been hit with a proposed class action claiming the platform has failed to protect users' personal information.
Robert Cullen of Sacramento sued the company in California federal district court, saying Zoom has violated California's Unfair Competition Law, Consumers Legal Remedies Act and Consumer Privacy Act by collecting and disclosing personal information to third parties like Facebook "upon installing or upon each opening of the Zoom app," according to the complaint.
"Had Zoom informed its users that it would use inadequate security measures and permit unauthorized third-party tracking of their personal information, users — like plaintiff and class members — would not have been willing to use the Zoom app," counsel for Cullen wrote Monday.
The complaint cites a March 20 Vice article by reporter Joseph Cox, which revealed how the app exposes users to targeted advertising regardless of whether the user has a Facebook account.
Zoom released a new version of the app on March 27, according to the complaint, saying it would no longer send information to Facebook. But plaintiffs say the company neither blocked prior versions of the app, nor assured users that information already collected has been deleted.
The proposed class includes "all persons and businesses in the United States" whose personal information was collected or disclosed to a third party "upon installation or opening" of the Zoom app, according to the complaint.
Reached for comment Tuesday, Zoom directed Law360 to a March 27 blogpost on its website highlighting the app update referenced in the suit.
"Our customers' privacy is incredibly important to us, and therefore we decided to remove the Facebook SDK in our iOS client and have reconfigured the feature so that users will still be able to log in with Facebook via their browser," the post states. "Users will need to update to the latest version of our application that's already available at 2:30 p.m. Pacific time on Friday, March 27, 2020, in order for these changes to take hold, and we strongly encourage them to do so."
Cullen argues that Zoom violated the California Consumer Privacy Act, which took effect in January, by failing to provide users with "adequate notice" before collecting and using their personal data, and failing to "implement and maintain reasonable security procedures."
Zoom also committed fraud in violation of California's Unfair Competition Law, by collecting personal information and misrepresenting its privacy capabilities.
The company violated California's Consumers Legal Remedies Act, according to the complaint, which prohibits "various deceptive practices in connection with the conduct of a business providing goods, property or services to consumers primarily for personal, family or household purposes."
Users' privacy rights under the California Constitution were violated, according to the complaint, and Zoom broke common laws against negligence and unjust enrichment. The company's stock price has increased 115% since late January, according to the complaint.
Zoom should be enjoined from continuing the alleged illegal activities, according to the complaint. If the company doesn't rectify violations of the California Consumer Protection Act, class members should be entitled to between $100 and $750 per violation.
In a March 18 open letter to Zoom, advocacy group Access Now called on the company to publish regular transparency reports.
The proposed class is represented by Mark J. Tamblyn and Kenneth A. Wexler of Wexler Wallace LLP and Daniel E. Gustafson, David A. Goodwin and Ling S. Wang of Gustafson Gluek PLLC.
Attorney information for Zoom could not immediately be confirmed.
The case is Cullen v. Zoom Video Communications Inc., case number 5:20-cv-02155, in the U.S. District Court for the Northern District of California.
--Additional reporting by Allison Grande. Editing by Katherine Rautenberg.
Update: This story has been updated with additional information, including comment from Zoom.
For a reprint of this article, please contact reprints@law360.com.
