Zoom Accused of Illegally Sharing Personal Data With Facebook in New Lawsuit

Video conference company “failed to properly safeguard the personal information” of its users, lawsuit says

Last Updated: March 31, 2020 @ 9:09 AM

Zoom Video Communications, the online video conference company that’s seen its business flourish amid the coronavirus pandemic, has illegally shared user information with Facebook and other third-party apps, according to a new lawsuit.

The class-action complaint, filed Monday in a California federal court, said Zoom “has failed to properly safeguard the personal information of the increasing millions of users of its software application (“Zoom App”) and video conferencing platform. Upon installing or upon each opening of the Zoom App, Zoom collects the personal information of its users and discloses, without adequate notice or authorization, this personal information to third parties, including Facebook, Inc. (“Facebook”), invading the privacy of millions of users.”

The lawsuit follows a report from Motherboard last week Zoom was sending data to Facebook, even for users that don’t have Facebook accounts.

Motherboard’s article noted:”This sort of data transfer is not uncommon, especially for Facebook; plenty of apps use Facebook’s software development kits (SDK) as a means to implement features into their apps more easily, which also has the effect of sending information to Facebook. But Zoom users may not be aware it is happening, nor understand that when they use one product, they may be providing data to another service altogether.”

A Zoom rep referred TheWrap to a blog post the company has on the matter.

“We originally implemented the ‘Login with Facebook’ feature using the Facebook SDK for iOS (Software Development Kit) in order to provide our users with another convenient way to access our platform,” Zoom said. “However, we were made aware on Wednesday, March 25, 2020, that the Facebook SDK was collecting device information unnecessary for us to provide our services. The information collected by the Facebook SDK did not include information and activities related to meetings such as attendees, names, notes, etc., but rather included information about devices such as the mobile OS type and version, the device time zone, device OS, device model and carrier, screen size, processor cores, and disk space.”

Zoom, in its blog post, also thanked Motherboard for bringing the matter to its attention.

The San Jose-based company, according to the lawsuit, has undermined claims on its website about valuing user privacy by not disclosing how much data it shares with Facebook and other third-party apps. “You trust us to connect you to the people that matter, we value that trust more than anything else. We want you to know what data we collect and how we use it to provide our service,” Zoom claims on its site, the lawsuit pointed out.

But according to the lawsuit, these claims are “false” because Zoom’s “wholly inadequate program design and security measures have resulted in, and will continue to result, in unauthorized disclosure of its users’ personal information.”

The lawsuit was filed by Robert Cullen, of Sacramento, who is asking a judge for damages from the company and to declare Zoom’s practices are illegal. T

As millions of people have been forced to work from home in recent weeks, Zoom’s business has boomed, with its share price surging more than 25% in the last month.

Pamela Chelin contributed to this report.