The case started in 2020 after a Bible study class in a San Francisco church, held remotely on Zoom because of the pandemic, was deluged with pornographic images. Zoom said the intruder was a "known serial offender" who had shown the same videos in the past, had been reported to law enforcement and would be blocked from future meetings. But multiple lawsuits, consolidated into a nationwide class action, said Zoom had shared users' personal information with others, including Facebook and LinkedIn, and had done nothing to protect them from hacking and harassment.
The settlement was approved Thursday by U.S. Magistrate Judge Laurel Beeler of San Francisco. It provides modest sums to individuals who used Zoom between March 2016 and July 2021 — an average of $95 for paid subscribers and $29 for other users, according to an administrator quoted by Beeler — and about $21.4 million in attorneys' fees and costs.
It also requires the teleconferencing company to make more than a dozen "major changes" to its policies to improve meeting security and user privacy, Beeler said. Lawyers for the consumers said Zoom will have to establish procedures to track reports of disruptions, communicate with law enforcement, create "waiting rooms" for impending sessions and immediately halt meetings when necessary.
"In the age of corporate surveillance, this historic settlement recognizes that data is the new oil and compensates consumers for unwittingly providing data in exchange for a 'free' service," attorney Tina Wolfson said in a statement. "It also compensates those who paid for a product they did not receive and commits Zoom to change its corporate behavior to better inform consumers about their privacy choices and provide stronger cybersecurity."
In response, Colleen Rodriguez, a spokesperson for the San Jose-based company, said, "The privacy and security of our users are top priorities for Zoom, and we take seriously the trust our users place in us. We are proud of the advancements we have made to our platform, and look forward to continuing to innovate with privacy and security at the forefront."
The San Francisco incident involved a weekly two-hour Bible class, mostly for senior citizens, at St. Paulus Lutheran Church on Polk Street, open since 1867. After the COVID-19 outbreak, the church began conducting the class on Zoom, for a $14.99 monthly fee paid to the company.
During a May 2020 session, the suit said, the screens were suddenly occupied by a female intruder with loud videos showing adults having sex with each other and with children and infants. No one could minimize the images, close the screen or use features that should have allowed them to refuse the view or eject the intruder, the suit said. The instructor and the students logged off, then logged on, only to see the intruder return. The class was then called off.
When the instructor contacted Zoom's chief ethics and security officers, neither offered any help in protecting the class against future invasions, the suit said. It said the company's eventual response consisted of "empty words, in a blog-posted 'apology.'"
The suit noted that Zoom had been soaring during the pandemic: Its U.S. users had increased from 10 million in December 2019 to 200 million in March 2020.
©2022 San Francisco Chronicle. Distributed by Tribune Content Agency, LLC.