ProtonBlog(new window)
zoom logo with spy cam

Why you should care about Zoom’s $85m privacy lawsuit

Share this page

Zoom has agreed to pay an $85 million settlement(new window) after falsely claiming calls were protected with end-to-end encryption and for handing over people’s data to Facebook and Google without their consent. This is the latest development in a list of privacy and security issues faced by the video platform that we first wrote about back in March 2020(new window).

Why Zoom has agreed to an $85 million settlement

In March 2020, The Intercept reported(new window) that Zoom had lied about the encryption used for their video calls. In short, the video communication service claimed that it used end-to-end encryption when it did not. Around the same time, Vice reported(new window) that Zoom was also sharing user data with companies, including Facebook and Google, without consent. (Zoom has since fixed(new window) these data-sharing practices.)

Zoom also had some major security issues, including default settings that allowed online trolls to take over public calls in an act known as “Zoombombing”, and vulnerabilities that allowed hackers to access people’s webcams(new window). For more information on Zoom’s privacy and security issues, you can read our full breakdown(new window).

The Federal Trade Commission filed a complaint against Zoom(new window) in November 2020 after The Intercept exposed these holes in Zoom’s service. As a result, Zoom agreed to security improvements and a “prohibition on privacy and security misrepresentations”. Now, on 7 July 2021, Zoom has also agreed to pay an $85 million settlement, including compensation for those who were affected by these security shortcomings. People who are entitled to compensation will receive between just $15 and $25 each if the settlement is approved in court. 

The maximum compensation of $25 doesn’t reflect the extent to which Zoom misled the people who used its services, nor the gravity of the potential consequences of doing so. Is this proposed settlement enough to make tech companies start taking user privacy and security seriously? And what can we do to better protect our data?

Why Zoom’s security measures matter

During the coronavirus pandemic, usage of the video service rocketed, with people increasingly using Zoom for socializing, work, and even healthcare provision.

People who used Zoom believed that no one could access the content of their video conversations except for the people on the call. This isn’t just a breach of users’ trust — in the case of online medical appointments in particular, it may have led practitioners (therapists, for example(new window)) and their patients to believe that their sessions were HIPAA compliant when they weren’t. At the extreme end of the spectrum, law enforcement in surveillance-heavy countries could have coerced Zoom to hand over data about its users (for example, information about political activists or journalists) when those users believed it was impossible for Zoom to do so.

What is end-to-end encryption?

With true end-to-end encryption, no one can access your encrypted data except for you and the intended recipient. This means that your data is protected from being seen by the service provider (Zoom in this instance) or anyone with access to their servers.

Learn more about end-to-end encryption(new window)

What did Zoom tell its users?

Zoom told its users that their video calls were end-to-end encrypted when actually they were protected by TLS encryption. Zoom generated and stored the keys to its users’ encrypted information on its servers rather than on its users’ devices, meaning anyone with access to those servers could monitor the unencrypted video and audio content of Zoom meetings. These servers are located around the world, often in countries where companies can be forced to share user data with law enforcement organizations.

What’s worse is that, according to the most recent lawsuit(new window), Zoom’s response made it clear that it “knew that it did not use the industry-accepted definition of E2E encryption and had made a conscious decision to use the term ‘end-to-end’ anyway”.

Read more about why end-to-end encryption matters.(new window)

What can you do about it?

In this case, there’s not a lot users could have done to better protect their data from easy accessibility, as they were given false information and led to believe their data was end-to-end encrypted. Fortunately, no instances of further data misuse or unauthorized access were reported.

You can request that Zoom delete any and all information they hold on you. Information on your data rights and how to get in contact with Zoom to request they erase your data can be found in their privacy policy(new window). Once you have made the request, follow up to ensure you get confirmation that your data has been removed from their servers.

Another way to protect your data is to never sign in using Facebook. Although it may save you time, it gives Zoom a lot more of your personal data, as well as giving more data to Facebook.

Who can you trust?

The issue is that people were led to believe their data was end-to-end encrypted and weren’t asked for consent before having their data shared with third parties. People who were trying to be careful with their privacy and data could have been misled into sharing more than they would have consented to if they had had all the information.

The Zoom lawsuits have shown that it’s easy for a company to mislead its users about the security precautions they take with their data. The reason privacy-conscious companies, like Proton, are open source and independently audited is so that you do not need to trust us blindly. Anyone can view our code to ensure that it does exactly what we say it does. We also publish the results of our independent audits so you can be sure that our apps have been verified by someone outside of the Proton organization.

Proton Mail is a truly end-to-end encrypted email service. When you send an encrypted email with Proton Mail, no one can see the content of that email except you and your intended recipient. You can sign up for a free email account here(new window).


Feel free to share your feedback and questions with us via our official social media channels on Twitter(new window) and Reddit(new window).

Protect your privacy with Proton
Create a free account

Share this page

Lisa Whelan(new window)

Lisa is an activist, writer, and internet privacy advocate. A defender of the right to privacy for people everywhere, Lisa joined Proton to spread awareness and further enable freedom online.

Related articles

Can you password-protect a folder in Google Drive?
Protecting a folder with a password is a simple yet effective way of securing files. You may wonder whether you can password-protect a folder in Google Drive. We explain what access controls Google Drive offers and what you can do to improve your sec
Proton Pass now supports passkeys on all devices and plans
We’re excited to announce that Proton Pass supports passkeys for everyone, allowing you to manage and use passkeys across all devices seamlessly. Passkeys are an easy and secure alternative to traditional passwords that can help prevent phishing atta
what is a passkey?
Passkeys are a new way to secure your online accounts using cryptographic keys instead of passwords. They offer a high level of convenience and security, and are a real game-changer in the way we access and secure sites. What is a passkey, though, an
Apple’s marketing team has built a powerful association between the iPhone and privacy. The company’s ad campaigns claim that “what happens on your iPhone, stays on your iPhone.” And, “Privacy. That’s iPhone.” But Apple’s lawyers are telling a diffe
A cyberattack on national public employment service France Travail has exposed the personal data of as many as 43 million people.  The latest breach is the second major cybersecurity attack to happen in France in the past month, raising concerns abo
If I share a folder in Google Drive, can anybody see my other folders
Google Drive makes it easy to share files and folders, but you may have wondered at some point whether the people you’ve shared a folder with can see your other folders. We answer this question below and also share some tips for truly secure link sha
In 2014, Proton Mail was introduced as a web app, revolutionizing how we think about email privacy. Today, we’re excited to broaden the horizons of secure communication by launching the Proton Mail desktop app. Anyone can now use the new Proton Mail