Video calling company Zoom has agreed to pay $86 million to settle a class-action privacy lawsuit in the United States.
The lawsuit alleged that the company violated the privacy of millions of users by sharing their personal data with Facebook, Google and LinkedIn.
Zoom has also been accused of misleading by declaring that it offers end-to-end encryption, as well as failing to prevent hackers from disrupting users’ video meetings with attacks known as “Zoombombing”.
The company denied any wrongdoing, but agreed to beef up its security measures.
The initial settlement, which also includes a requirement that Zoom provide its employees with specialized training in data processing and privacy, still needs approval from US Judge Lucy Koh, presiding judge for the San Jose District Court, California.
“The privacy and security of our users is a top priority for the company, and we take our users’ trust in us very seriously,” a Zoom spokesperson said.
“We are proud of the advancements we have made in our platform, and we look forward to continuing to innovate with privacy and security at the forefront,” he added.
The class action, filed in March 2020 in a US court in the Northern District of California, is one of several legal complaints facing the video conferencing platform in the United States.
The lawsuit was filed on behalf of paid Zoom Meetings subscribers nationwide, as well as free users.
According to the plaintiffs’ attorneys, Zoom subscribers in the United States generated $1.3 billion in revenue for the video conferencing company.
If the proposed settlement is approved, participants included in the class action will be eligible for a refund of 15 percent of the value of their contributions or $25, whichever is greater, while others can receive up to $15.
Lawyers for the plaintiffs also plan to seek $21.3 million in legal fees from Zoom.
The video conferencing company asked the court to dismiss the lawsuit in March.
However, Judge Koh dismissed only part of the case regarding breach of privacy and negligence, while allowing the plaintiffs to pursue some contract litigation.
Meeting hacking and security concerns
The video conferencing company has long been criticized for its approach to security.
One of the main problems that has led some companies to opt out of the platform is the phenomenon of “Zoombombing” incidents, where uninvited guests sneak into meetings to cause trouble.
According to the New York Times, in April of last year, a virtual event of the Chiptool restaurant chain was disrupted during the closure due to the Corona virus when a hacker entered and broadcast pornographic material to hundreds of attendees.
Zoom has also been criticized for security holes, including a flaw that allowed a hacker to remove attendees from meetings, fake messages from users and hijack shared screens.
Furthermore, the plaintiffs in the lawsuit accused the platform of misrepresenting its encryption protocol – transport encryption – by declaring it end-to-end encryption, when it is not, according to the plaintiffs.
This means that Zoom can access video and audio for meetings, rather than meeting participants being the only ones able to decode communications.