Skip to content

menu

Open Legal Blog Archive logo
HomeAboutBlogsFAQsSubmit

Zoom’s $85 Million Settlement: What Lessons Should You Learn?

By Odia Kagan on August 5, 2021
Network switch and ethernet cables

What are practical lessons learned from the $85 million Zoom settlement?

  • You can have big ticket enforcement dollars even without GDPR or CCPA.
  • When you integrate a third party feature – including via a Software Development Kit (SDK) that shares information with a third party and especially when that third party can use the information for marketing, advertising or other purposes – you need to, at minimum, disclose  clearly it. (It is also important to disclose what the third party does with the data and the implications to the consumer. We saw this with  Commission Nationale de l’Informatique et des Libertés (CNIL) enforcements and now we see it in the US too.)
  • Be careful about unequivocal statements about your security measures (“We use end-to-end encryption”) or privacy (“We take your privacy seriously”). These types of statements have been enforced by the Federal Trade Commission as deceptive/misleading statements.
  • It is important to have strong information security measures in practice.
  • For large companies, it is also very important to have policies and procedures that allow the information security measures to happen. (Think of alignment with ISO 27001, NIST CSF, CIS Top 20.)

A copy of the complaint may be read here.

A copy of the settlement may be read here.

  • Posted in:
    Privacy & Data Security
  • Blog:
    Privacy Compliance & Data Security
  • Organization:
    Fox Rothschild LLP
  • Article: View Original Source

Open Legal Blog Archive, Inc. logo
Seattle, Washington
Copyright © 2026, Open Legal Blog Archive, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo