Video conferencing service Zoom has agreed to pay $85 million in a lawsuit accusing the company of sharing user data with Facebook, Google and LinkedIn. In addition to the settlement measure, the company will tighten its security practices to prevent future hacks on its video calls.
The new agreement comes in response to an amended class action lawsuit filed against the company this May. The complaint alleges that Zoom made false promises of end-to-end encryption (E2E) to its users.
This practice was first highlighted in a March 2020 report by The Intercept, which emphasized that so-called end-to-end encryption is not what the term means in the industry.
He mentioned that the encryption keys for each Zoom meeting are generated by Zoom’s own servers, some of which are located in China. However, with true end-to-end encryption, the key is generated on the user’s own device, meaning that access to this key is restricted to the user only.
The Zoom case, for example, accuses users of falsely suggesting that their video calls are encrypted in their entirety. Zoom apologized for this in August 2020 and later that year introduced true E2E encryption on Zoom calls.
The new agreement follows Zoom’s previous agreement with the Federal Trade Commission where the company approved security enhancements. At the time, even promised to prevent further security distortion, but there was no compensation clause for consumers affected by the uncertainty.
The new agreement is currently in preliminary documentation and requires approval from US District Judge Lucy Co. in San Jose, California. Under the agreement, Zoom subscribers are entitled to a refund of 15 percent of their base subscription or $25, whichever is greater. Those who do not have a paid subscription but are affected by the failure can claim $15.
Zoom is also accused of sharing user data with other technology entities such as Facebook and Google, despite pledging not to sell user data to third parties. The lawsuit alleges that Zoom used Facebook’s SDK and similar third-party software development tools to enable data transfer.
In this way, users share their personal Zoom related information with other online services without their consent. The list of other services that this data allegedly shared includes Hotjar, Zendesk, AdRoll, Bing and others.