Video conferencing app, Zoom has agreed to pay $85 million to settle claims that it lied about offering end-to-end encryption and gave user data to Facebook, Google and LinkedIn without the consent of users, thereby letting hackers disrupt Zoom meetings in a practice called “Zoombombing.”
A preliminary settlement filed on Saturday afternoon requires approval by U.S. District Judge Lucy Koh in San Jose, California. In addition to agreeing to an $85 million settlement, which could see customers receive a refund of either 15% of their subscription of $25 if the lawsuit achieves class-action status, Zoom will agree to changes designed to improve meeting security, bolster privacy disclosures, and safeguard consumer data.
An excerpt from the documents said, “All Class Members are eligible for payment, regardless of whether or not they paid for a Zoom account. Class Members who paid for an account will be eligible to receive 15% of the money they paid to Zoom for their core Zoom Meetings subscription during that time or $25, whichever is greater.”
Zoom also agreed to security measures including alerting users when meeting hosts or other participants use third-party apps in meetings and providing specialized training to employees on privacy and data handling.
The settlement also requires Zoom to not reintegrate the Facebook SDK for iOS into Zoom meetings for a year and will request that Facebook delete any U.S. user data obtained from the SDK. (ii) Develop and maintain, for at least three years, documented protocols and procedures for admitting third party applications for dissemination to users through Zoom’s “Marketplace.”
Zoom’s customer base grew rapidly since the Covid-19 pandemic forced more people to work from home.
The company had 497,000 customers with more than 10 employees in April 2021, up from 81,900 in January 2020.
What you should know
This is coming nine months after Zoom agreed to security improvements and a “prohibition on privacy and security misrepresentations” in a settlement with the Federal Trade Commission, but the FTC settlement didn’t include compensation for users.
Zoombombing is where outsiders hijack Zoom meetings and display pornography, use racist language or post other disturbing content.