Looking at the Zoom story: privacy missteps in the CCPA era

April 24, 2020

As millions of people find themselves quarantined at home to curb the spread of the coronavirus, the video conferencing software Zoom has surged in popularity as a way to stay connected, with daily users increasing to 200 million in March from 10 million last year. But with more success has come more scrutiny — particularly around the company’s privacy policies and security standards. The trajectory of Zoom in recent weeks serves as an object lesson in the disastrous effects of not designing for privacy.

What started as an investigation into the passing of analytics data to Facebook in the Zoom iOS app has snowballed into a cautionary tale for those that thought they could fly under the radar as regulatory pressure and consumer awareness around privacy mounts in the US. High-profile data breaches, like the recent breach at Marriott, along with regulatory mandates like the GDPR in Europe and CCPA in the US, have increased demand for products that support improved personal privacy protections. 

In the last month, Zoom found itself the subject of four class-action lawsuits alleging violation of CCPA by not obtaining proper consent from users about the transfer of their Zoom data to Facebook, among other misrepresented security measures. And while further guidance is expected from the California Attorney General on the regulation, private citizens are already availing themselves of the right to action under CCPA. Consumers are becoming more savvy and aware of the trade-offs between convenience and privacy — and the value their data has for companies like Zoom. 

Consumers aren’t the only ones with their eyes on companies like Zoom. With enforcement actions under CCPA delayed to July 1, many brands have taken a wait-and-see approach, but the deadline hasn’t prevented attorneys general in Connecticut, New York and Florida from looking into Zoom’s privacy practices. The New York attorney general’s office in particular issued a letter expressing concern “that Zoom’s existing security practices might not be sufficient to adapt to the recent and sudden surge in both the volume and sensitivity of data being passed through its network. While Zoom has remediated specific reported security vulnerabilities, we would like to understand whether Zoom has undertaken a broader review of its security practices.”

The impact for Zoom has not been insignificant. In addition to a string of bad press, Zoom’s shares fell seven percent and alternatives (Microsoft’s Teams, Cisco’s Webex and Google’s Hangouts) gained substantial market share. And it’s not too late for Zoom to correct the course. With the formation of a new security council and appointment of former Facebook Chief Security Officer Alex Stamos as an advisor, Zoom’s CEO has publicly committed to “transforming our business to a privacy-and-security-first mentality.” 

We believe that companies that take this approach are going to win in the long run, both in developing consumer trust and creating sustainable business models. As technology evolves, there will continue to be tradeoffs between personal privacy and access, however, the aim should be for humans ultimately, not technology, to make that choice. 

In sensitive times such as these, it’s more important than ever for companies to safeguard relationships with consumers and their data, not just because the law mandates it in some cases but because it’s what audiences want. We are seeing audiences raise their hand in the form of these private actions to demand more accountability from brands and their privacy measures. And it is only the beginning. Organizations must rethink ways in which they can offer better and more secure digital experiences for their users and invest in methods that allow privacy and usability to work in harmony, not conflict.

Latest Blog Posts

Week of November 15, 2021

November 22, 2021

Bedoya testifies in FTC nomination hearing, plus federal online...

Week of November 8, 2021

November 15, 2021

UK denies privacy class action against Google. European commission...

FAQ: Updates on the Belgian DPA’s investigation of the IAB’s TCF

November 11, 2021

The IAB Europe’s Transparency & Consent framework is the...

Latest White Papers

Ebook: A Publisher’s Guide to Vendor List Curation

August 16, 2021

How to review your vendor list to mitigate compliance...

Keep in touch

Sign up for our newsletter to keep up with the latest privacy and media news.

Let's explore what we can do together.

We'll be in touch within 48 hours

    First name *

    Last name *

    Email address *

    Company *

    Message *

    * indicates required fields