Zoom Video Communications Inc., owner of the popular meeting application that rose to prominence during the COVID-19 pandemic, will pay $85 million to users and implement changes to its business as part of a class action settlement tied to multiple "Zoombombing" incidents — including one in which pornography was streamed into a Bible study class.
Judge Laurel Beeler of the U.S. District Court in the Northern District of California granted final approval of the settlement agreement on Thursday. The agreement was initially filed in July and received preliminary approval in October.
Plaintiffs in the case said Zoom improperly shared data with third-party software from companies including Facebook and Google; claimed to have end-to-end encryption when it did not; and failed to prevent Zoombombing — disruptions of Zoom meetings by outsiders — among other allegations, according to court documents.
"Millions of Americans continue to use Zoom's platform with the expectation that their conversations will be kept private and secure," said Mark Molumphy, an attorney representing Zoom users in the case. "This groundbreaking settlement will provide a substantial cash recovery to Zoom users and implement privacy practices that, going forward, will help ensure that users are safe and protected."
Among the changes agreed to by the company are a user-support ticket system for tracking reports of meeting disruptions, as well as a a documented process for communicating with law enforcement about disruptions involving illegal content. Zoom will also implement new security features such as a "suspend meeting" button and the ability to block users from specific countries.
An attorney for Zoom did not immediately respond to a request for comment Friday. A spokesperson for the San Jose-headquartered company said in an email that privacy and security are top priorities.
"We take seriously the trust our users place in us," the company said. "We are proud of the advancements we have made to our platform, and look forward to continuing to innovate with privacy and security at the forefront."
The case consolidated 14 class-action complaints filed in the Northern District of California between March and May 2020, in which plaintiffs alleged the company violated users' privacy and security. In each case, the users believed their personal information was adequately protected and that video conferences were secured with encryption and other security measures, court documents say.
One such case involved a Bible study class at a San Francisco church. According to the complaint, an administrator with the Saint Paulus Lutheran Church was hosting a virtual class on May 6, 2020, when an intruder "hijacked the meeting" and displayed images and videos of child pornography to the class participants.
When the administrator could not stop the display or eject the intruder, she ended the meeting and asked participants to rejoin — only for the hijacker to again take control. The class participants were "traumatized and deeply disturbed" by the incident, the complaint said.
Other cases followed similar patterns, including one in which uninvited men repeatedly showed up in a virtual burlesque class taught by a dance studio, resulting in the studio's loss of clientele who refused to return. In another, participants of speech therapy meetings were subjected to pornographic material.
In another case involving a house of worship, visitors to Sunday services at Oak Life Church in Oakland were subjected to child pornography.
"The participants from that meeting, many of whom were trauma survivors to begin with, were left traumatized and devastated," court documents say. "Oak Life Church was required to hire trauma counselors and establish support groups to assist its congregation in dealing with the resulting trauma."
Reached by phone Friday, Molumphy, the attorney, said the business reforms in the settlement were intended to make it easier for users to protect themselves and for the company to track serial offenders.
"The case itself and the settlement that we've obtained ... I think will become a standard for other technology companies going forward," he said. "It's really important to have the technology down and the security down before you go to market."
There are approximately 150 million settlement class members, including paying and nonpaying users of the service. Molumphy said paying users who submit claims will be eligible for 30% of the money they paid for their subscription during the class period, and others will receive about $29 each. The amounts may change depending on the number of claims submitted.
The judge also awarded more than $21 million in attorney fees and other related costs, as well as $5,000 service payments for each of the class representatives.
"It's fair to say that in the age of technological tracking, our privacy rights are eroding," plaintiff's attorney Tina Wolfson said Friday. "We think that it's historic to be able to compensate people for those privacy rights."
The company last year said it acted quickly to tighten security after early reports of Zoombombing began to surface. According to court documents, Zoom voluntarily settled the case without admitting wrongdoing or liability.
This story originally appeared in Los Angeles Times.