Zoom Faces Class Action Lawsuit for Sharing Data with Facebook

The lawsuit comes after Motherboard analyzed the Zoom iOS app and found it sent analytic data to Facebook once opened.

Mar 31 2020, 2:00amSnap

On Monday a user of the popular video-conferencing software Zoom filed a class action lawsuit against the company for sending data to Facebook. The lawsuit argues that Zoom violated California's new data protection law by not obtaining proper consent from users about the transfer of the data.

"Defendant knew or should have known that the Zoom App security practices were inadequate to safeguard the Class members’ personal information and that the risk of unauthorized disclosure to at least Facebook was highly likely. Defendant failed to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information of Plaintiff and the Class members," the lawsuit, which was first reported by Bloomberg, reads.

Advertisement

By analyzing the network traffic of the Zoom iOS app, Motherboard found that when opened, the app sent information about the the user's device such as the model, the city and timezone they are connecting from, which phone carrier they are using, and a unique advertiser identifier created by the user's device.

Days after Motherboard informed Zoom of the data transfer, the company issued a statement confirming the analysis. Zoom also pushed an update to the app to remove the code which sent the data.

Do you know anything else about data selling or trading? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

"Zoom appears to have taken no action to block any of the prior versions of the Zoom App from operating. Thus, unless users affirmatively update their Zoom App, they likely will continue to unknowingly send unauthorized personal information to Facebook, and perhaps other third parties. Zoom could have forced all iOS users to update to the new Zoom App to continue using Zoom but appears to have chosen not to," the lawsuit reads. (iOS users can see when an update for an app is available when they open the App Store.)

The lawsuit argues that Zoom has not ensured that Facebook has deleted the data, either. The lawsuit also claims that Zoom participated in unlawful and unfair business practices, and violated the California Constitution.

Zoom did not immediately respond to a request for comment.

Subscribe to our cybersecurity podcast, CYBER.

Tagged:

Facebook, California, privacy, data, digital privacy, Consumer protection, CCPA, zoom, data trading

More
like this
Zoom Removes Code That Sends Data to Facebook
Zoom iOS App Sends Data to Facebook Even if You Don’t Have a Facebook Account
Zoom is Leaking Peoples' Email Addresses and Photos to Strangers
Celeb Shout-Out App Cameo Exposes Private Videos and User Data
Facebook Wanted NSO Spyware to Monitor Users, NSO CEO Claims
Surveillance Firm Banjo Used a Secret Company and Fake Apps to Scrape Social Media
How Google Plans to Push Its Coronavirus Tracing Feature to Android Phones
Transmit Security, Authentication Company Used by Banks, Hacked