Zoom hit with class-action lawsuit for allegedly sharing user data with Facebook

The lawsuit claims that Zoom has violated the California's Consumer Privacy Act

Popular video-conferencing service Zoom has been slapped with a class action lawsuit over allegedly sharing users' personal data with Facebook.

On Monday, Robert Cullen of Sacramento, a user of Zoom, filed a lawsuit against the company in the federal court in San Jose, California, accusing it of disclosing users' data to outside firms without receiving prior consent from users.

The lawsuit claims that the company's privacy policy doesn't tell users about the code in the software that sends some of their details to Facebook and potentially other third parties.

"Defendant knew or should have known that the Zoom App security practices were inadequate to safeguard the Class members' personal information and that the risk of unauthorised disclosure to at least Facebook was highly likely," the lawsuit states.

It further claims that the company had failed to implement reasonable security practices to protect the personal information of the users. Zoom has also been accused of being paid for sharing user data, although the court documents don't reveal how much money Zoom allegedly received from other companies.

The lawsuit, which seeks damages under the California's Consumer Privacy Act and punitive damages, has come following a report from Motherboard last week, which claimed that it recently examined Zoom iOS app and found it sending analytic data to Facebook. Motherboard said that every time a Zoom user logged on to the Zoom software for a conference call, the programme sent to Facebook the user's details, including their city, timezone, the device model, mobile carrier being used, and the unique advertising identifier.

Motherboard said that it had also informed Zoom about the findings, following which, the company pushed an update to its software removing the code that sent users' data to Facebook.

"Zoom takes its users' privacy extremely seriously," the company told Motherboard in a statement.

"We originally implemented the 'Login with Facebook' feature using the Facebook SDK in order to provide our users with another convenient way to access our platform. However, we were recently made aware that the Facebook SDK was collecting unnecessary device data."

The company said that the data collected by the Facebook SDK did not include any personal information of the user.

"We will be removing the Facebook SDK and reconfiguring the feature so that users will still be able to login with Facebook via their browser," it added.

In a blog post, Aparna Bawa, the Chief Legal Officer, Zoom said that the company "complies with all applicable privacy laws, rules, and regulations in the jurisdictions within which it operates".

She also stated that "Zoom has never sold user data in the past" and has no intention of doing that in going forward.

Zoom was launched in 2013, but its popularity has grown immensely amid coronavirus outbreak that has forced people across the world to stay indoors and do their official work from home. Zoom is currently the most popular app on both the Play Store and App Store.