On Monday a user of the popular video-conferencing software Zoom filed a class action lawsuit against the company for sending data to Facebook. The lawsuit argues that Zoom violated California's new data protection law by not obtaining proper consent from users about the transfer of the data.
"Defendant knew or should have known that the Zoom App security practices were inadequate to safeguard the Class members' personal information and that the risk of unauthorized disclosure to at least Facebook was highly likely. Defendant failed to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information of Plaintiff and the Class members," the lawsuit, which was first reported by Bloomberg, reads.
By analyzing the network traffic of the Zoom iOS app, Motherboard found that when opened, the app sent information about the the user's device such as the model, the city and timezone they are connecting from, which phone carrier they are using, and a unique advertiser identifier created by the user's device.
Days after Motherboard informed Zoom of the data transfer, the company issued a statement confirming the analysis. Zoom also pushed an update to the app to remove the code which sent the data.