Over the weekend, video conferencing giant Zoom, which has become a household name beyond the world of HR tech during the pandemic, has agreed to settle a California-based class action suit.
The lawsuit alleges that Zoom violated users’ privacy rights by sharing data with big tech companies like Google and Facebook, as well as by allowing hacking to disrupt Zoom meetings through so-called Zoombombing.
The settlement, if approved by U.S. District Judge Lucy Koh, will see Zoom pay out $85 million.
Zoom subscribers involved in the suit will receive either a 15% refund of their Zoom subscriptions or $25, whichever was higher.
The claimant’s lawyers intend to seek up to $21.25 million in legal fees, according to Reuters.
Reuters further reported that Zoom has agreed to strengthen its security practices, including by alerting users when hosts or other participants use third-party aps and providing specialized training to employees on privacy and data handling
However, the video conferencing giant has denied any wrongdoing.
In a statement, the company said: “The privacy and security of our users are top priorities for Zoom, and we take seriously the trust our users place in us.
“We are proud of the advancements we have made to our platform, and look forward to continuing to innovate with privacy and security at the forefront.”
Examples of actions Zoom has taken over the past year to address privacy and security issues that have arisen from heightened use of the platform during the pandemic include an end to end encryption update and a 90 day security plan.
Initiated in mid-2020, the security plan added a new security icon to the user interface to allow hosts and co-hosts to instantly access important security controls in meetings, such as being able to lock meetings, enable waiting rooms and restrict participants’ ability to share their screen and unmute themselves.
The plan also made it easier for hosts and co-hosts to report users and incidents of meeting disruptions to Zoom’s internal trust and safety team who can then investigate misuse of the software.