We recently reported on the California Attorney General's ongoing and active enforcement of the California Consumer Privacy Act (CCPA) despite COVID-19 and the availability of private actions. In Robert Cullen v. Zoom Video Communications, Inc., N.D. Cal., No. 20-cv-02155, filed on March 30, 2020, plaintiff alleges that Zoom failed to properly safeguard the personal information of him and other users of its software application (Zoom App) and video conferencing platform.

According to the allegations, upon installing and any subsequent opening of the Zoom App, Zoom collected personal information of users without adequate notice or authorization and disclosed it to third parties, including Facebook. The complaint alleges violations of the CCPA for the failure to provide adequate notice to users of its collection and use of such data, and for violating its duty to implement and maintain reasonable security practices. Similar to other CCPA class actions, the complaint alleges claims under California's Unfair Competition Law, arguing that Zoom's CCPA violations are unlawful, unfair, and fraudulent business practices.

Another recent case, Samuel Taylor v. Zoom Video Communications, Inc., N.D. Cal., No. 20-cv-02170, also involves claims that Zoom violated the CCPA. Specifically, the plaintiff alleges that Zoom collected and disclosed personally identifiable information, also known as PII, without providing the required notice, and also failed to provide notice of the customer's right to opt out of such disclosure. In this instance, the PII was described as specific device information—model, time zone, and location—and a unique advertiser identifier, which can be linked to the individual identity of the Zoom customer.