Looking at the Zoom story: privacy missteps in the CCPA era

April 24, 2020

As millions of people find themselves quarantined at home to curb the spread of the coronavirus, the video conferencing software Zoom has surged in popularity as a way to stay connected, with daily users increasing to 200 million in March from 10 million last year. But with more success has come more scrutiny — particularly around the company’s privacy policies and security standards. The trajectory of Zoom in recent weeks serves as an object lesson in the disastrous effects of not designing for privacy.

What started as an investigation into the passing of analytics data to Facebook in the Zoom iOS app has snowballed into a cautionary tale for those that thought they could fly under the radar as regulatory pressure and consumer awareness around privacy mounts in the US. High-profile data breaches, like the recent breach at Marriott, along with regulatory mandates like the GDPR in Europe and CCPA in the US, have increased demand for products that support improved personal privacy protections. 

In the last month, Zoom found itself the subject of four class-action lawsuits alleging violation of CCPA by not obtaining proper consent from users about the transfer of their Zoom data to Facebook, among other misrepresented security measures. And while further guidance is expected from the California Attorney General on the regulation, private citizens are already availing themselves of the right to action under CCPA. Consumers are becoming more savvy and aware of the trade-offs between convenience and privacy — and the value their data has for companies like Zoom. 

Consumers aren’t the only ones with their eyes on companies like Zoom. With enforcement actions under CCPA delayed to July 1, many brands have taken a wait-and-see approach, but the deadline hasn’t prevented attorneys general in Connecticut, New York and Florida from looking into Zoom’s privacy practices. The New York attorney general’s office in particular issued a letter expressing concern “that Zoom’s existing security practices might not be sufficient to adapt to the recent and sudden surge in both the volume and sensitivity of data being passed through its network. While Zoom has remediated specific reported security vulnerabilities, we would like to understand whether Zoom has undertaken a broader review of its security practices.”

The impact for Zoom has not been insignificant. In addition to a string of bad press, Zoom’s shares fell seven percent and alternatives (Microsoft’s Teams, Cisco’s Webex and Google’s Hangouts) gained substantial market share. And it’s not too late for Zoom to correct the course. With the formation of a new security council and appointment of former Facebook Chief Security Officer Alex Stamos as an advisor, Zoom’s CEO has publicly committed to “transforming our business to a privacy-and-security-first mentality.” 

We believe that companies that take this approach are going to win in the long run, both in developing consumer trust and creating sustainable business models. As technology evolves, there will continue to be tradeoffs between personal privacy and access, however, the aim should be for humans ultimately, not technology, to make that choice. 

In sensitive times such as these, it’s more important than ever for companies to safeguard relationships with consumers and their data, not just because the law mandates it in some cases but because it’s what audiences want. We are seeing audiences raise their hand in the form of these private actions to demand more accountability from brands and their privacy measures. And it is only the beginning. Organizations must rethink ways in which they can offer better and more secure digital experiences for their users and invest in methods that allow privacy and usability to work in harmony, not conflict.

Latest Blog Posts

Apple’s IDFA privacy update: How to optimize user opt-in on iOS 14.5 and beyond

April 15, 2021

Apple first announced in September 2020 that as part...

Employee Spotlight: Melanie Deneau

April 15, 2021

Melanie Deneau is the Director of Client Services in...

Virginia’s Consumer Data Protection Act (CDPA): What you need to know

April 12, 2021

In March 2021, Virginia became the latest US state...

Latest White Papers

The Future of Content Compensation

September 23, 2019

In this paper we will explore why the most...

Keep in touch

Sign up for our newsletter to keep up with the latest privacy and media news.

Let's explore what we can do together.

We’ll be in touch within 48 hours

    First name *

    Last name *

    Email address *

    Company *

    Message *

    * indicates required fields