The Federal Trade Commission (FTC) announced that it has finalized its approval for the settlement it reached with videoconferencing provider Zoom Video Communications, Inc. (Zoom) regarding claims it misled consumers about the level of security provided on its platform, as well as for allegedly compromising the security of Mac users by circumventing Mac security features. This is a follow-up to the FTC’s announcement in November about reaching the settlement with Zoom after filing its complaint against Zoom.
Under the final order announced today, Zoom is prohibited from making any misrepresentations regarding its privacy practices. The document requires Zoom to “implement a comprehensive security program, review any software updates for security flaws prior to release and ensure the updates will not hamper third-party security features.” Zoom is also mandated to have an independent third party perform biennial assessments of its security program and inform the FTC if it experiences a data breach. Zoom must also provide annual certification of its compliance with this order and provide other mandatory reporting and recordkeeping.
Acting FTC Chairwoman Rebecca Kelly Slaughter and Commissioner Rohit Chopra each issued a dissenting statement. Acting Chairwoman Slaughter stated that “the FTC’s proposed order did not do enough to ensure that consumers can trust this now-ubiquitous video-conferencing tool with their private conversations. Specifically, the proposed order did not address Zoom’s privacy failings and did not require Zoom to provide any resources to affected users.” The Acting Chairwoman noted that many comments “expressed concern with the Commission’s proposed resolution,” feeling that the FTC did not do enough; however, “(d)espite this widespread opposition, and the specific and achievable improvements outlined by commenters, the Commission voted to finalize the proposed order without making a single change,” particularly pointing to a Zoom employee that attempted to censor users.
Meanwhile, Commissioner Christine S. Wilson issued a separate statement concurring with the Commission’s decision. Commissioner Wilson stated that the settlement “will enable the Commission to seek significant penalties for noncompliance and provides critical, and timely, relief.” Commissioner Wilson also agreed with Acting Chairwoman Slaughter in regards to the need to protect consumer privacy and provide strong data security. The Commissioner added that she supports finalizing the settlement because “it includes targeted fencing in relief that provides privacy protections to consumers,” among other requirements.
The FTC received 12 comments on the proposed settlement, after which the Commission voted 3-2 on January 19, 2021, to finalize the proposed settlement and to send the responses to the commenters. The final order is effective for 20 years.
In a statement provided to Law Street Media, a Zoom spokesperson said “The FTC today confirmed that the settlement we reached last year is now final. The advancements we have made to our platform are well-documented, and we are continuously improving our privacy and security programs to enhance our product. We remain committed to fulfilling the expectations of the millions of people who trust and rely on our platform.”
Zoom is one of many companies that have seen an increase in litigation as a result of the COVID-19 pandemic.
