Zoom Settles Privacy Lawsuit for $85 Million Over Data Sharing
Source: Reuters | Date: 2021-08-01
A significant legal action has been filed or resolved: zoom settles privacy lawsuit for $85 million over data sharing. Class action lawsuits and major privacy litigation play a crucial role in holding companies accountable for privacy violations, often succeeding where regulatory enforcement falls short by imposing financial consequences substantial enough to change corporate behavior.
Case Details and Legal Framework
This case arises from alleged violations of privacy rights that affected a large number of individuals. The legal theories typically invoked in privacy class actions include violations of state biometric privacy laws (particularly Illinois's Biometric Information Privacy Act, which provides for statutory damages of $1,000-$5,000 per violation), violations of federal privacy statutes (COPPA, ECPA, CFAA), violations of state consumer protection laws, common law claims (intrusion upon seclusion, breach of contract, negligence), and increasingly, violations of state comprehensive privacy laws like the CCPA.
The Illinois Biometric Information Privacy Act (BIPA) has been particularly effective as a litigation tool because it includes a private right of action (allowing individuals to sue directly without waiting for a regulator), provides for statutory damages (eliminating the need to prove actual financial harm), and applies to the collection and use of biometric identifiers without informed consent. This combination has produced several landmark settlements, including the $650 million Facebook facial recognition settlement and the Clearview AI settlement that permanently banned the company from making its database available to private companies.
Privacy Implications
Litigation serves as a critical accountability mechanism in the privacy ecosystem. While regulatory enforcement depends on the priorities and resources of government agencies, private litigation allows affected individuals to seek redress directly and creates financial incentives for companies to invest in privacy protections. The threat of class action liability — potentially reaching hundreds of millions or even billions of dollars — influences corporate behavior in ways that the relatively modest fines imposed by regulators often do not.
This case also highlights the growing gap between corporate privacy promises and corporate privacy practices. Companies frequently market their products and services as privacy-protective while simultaneously engaging in data collection, sharing, and monetization practices that contradict those assurances. Litigation provides a mechanism for testing these claims against reality and imposing consequences when they prove false.
What Consumers Should Know
If you may be a class member in this or similar litigation, check the case website (typically established as part of any settlement) for information about eligibility, claims processes, and deadlines. Class action settlements often provide modest individual payments but achieve important injunctive relief — requiring companies to change their practices going forward. Even if the monetary recovery is small, participating in the claims process sends a signal that consumers value their privacy rights and will exercise them.
More broadly, privacy litigation is most effective when individuals document violations and report them. If you notice that a company is violating its privacy policy, collecting biometric data without consent, or engaging in other privacy-violating practices, document the evidence and consider reporting it to your state attorney general, the FTC, and a privacy-focused law firm that handles class actions.
Staying Informed and Taking Action
This development is part of a broader pattern in the evolving digital privacy landscape. As technology companies, governments, and data brokers continue to expand their data collection capabilities, staying informed about privacy developments is essential for protecting yourself and advocating for stronger protections.
Practical steps you can take right now include reviewing your privacy settings on all major platforms, using privacy-focused alternatives for browsing (Firefox, Brave), search (DuckDuckGo), messaging (Signal), and email (ProtonMail). Enable two-factor authentication on all accounts, use a password manager, and regularly audit your digital footprint. Consider supporting organizations like the Electronic Frontier Foundation (EFF), the ACLU, and the Electronic Privacy Information Center (EPIC) that advocate for privacy rights through litigation, legislation, and public education.
File complaints with the FTC, your state attorney general, and relevant regulatory agencies when you encounter privacy violations. Consumer complaints drive enforcement priorities, and every report contributes to the data regulators use to identify patterns and prioritize cases. Document violations thoroughly — screenshots, emails, and timestamps create the evidentiary foundation for regulatory action and litigation.
The privacy landscape is shifting. Increased public awareness, growing regulatory enforcement, and the emergence of privacy-respecting alternatives are creating pressure for change. But lasting improvement requires sustained engagement from informed consumers who understand their rights and exercise them consistently.