Zoom Successfully Addresses New York’s Privacy and Security Concerns

May 29, 2020 Blog

A few weeks ago on this blog, we addressed some of the legal issues that have arisen for Zoom, as it becomes a significant part of American daily life during the COVID-19 pandemic. 

Among those legal issues was an inquiry by the New York State Attorney General into Zoom’s privacy practices, and particularly into its measures to detect and prevent hackers or other outside parties attempting to observe or interfere with online meetings. In several incidents, the third parties interrupted meetings with disturbing messages or images. In fact, two other states – Connecticut and Florida - joined the New York probe after state government officials fell victim to “zoombombing.” Based on perceived security flaws, on April 6, 2020, the New York City Department of Education implemented a ban on public schools’ use of Zoom for classes and educational purposes. 

These problems inspired Zoom to implement a 90-day plan to expand security measures on its platform. It established a special version of its platform that is licensed by the New York City Department of Education. That version allows teachers to control what is shared and who participates in online class sessions, and prevents students from chatting privately with their classmates outside their teachers’ view. As a result of these, and other expanded security measures, on May 6, 2020 the New York City Department of Education lifted its ban on schools’ use of Zoom.

Around the same time, the company reached an agreement with the New York Attorney General’s office, which further expanded protections for those using the platform, even outside an educational context. Specifically, Zoom agreed to increase hosts’ ability to control their web conferences by allowing them to do the following:

  • implement password protection (by default), or place users in a digital waiting room before accessing a meeting;
  • control access to private messages sent via Zoom chat;
  • control which, if any, participants can share screens; and
  • limit access to email domains in a Zoom directory, or limit participation to specific email domains.

Zoom also agreed to take steps to stop sharing user data with Facebook, and to disable a feature which shared LinkedIn profiles with users. Many of the agreed-upon measures have already been implemented by Zoom, which has agreed to submit a copy of its annual data security assessment to the New York Attorney General’s office for review.

Zoom’s quick response to New York’s privacy and security concerns appears, thus far, to have helped it continue its forward momentum.

Firm Highlights


California Proposes New AI & Automated Decision-Making Technology Regulations

The California Privacy Protection Agency (CPPA) released its draft  regulatory framework for automated decision-making technology (ADMT) on November 27. These regulations are a preview of what new requirements may look like for companies currently...

Read More

Fair Use Question Goes to Trial in AI Copyright Lawsuit – Thomson Reuters v. Ross Intelligence

On September 25, 2023, a United States Circuit Judge determined that fact questions surrounding issues of fair use and tortious interference required a jury to decide media conglomerate Thomson Reuters’s lawsuit against Ross Intelligence...

Read More

Thomson Reuters v. Ross Intelligence: AI Copyright Law and Fair Use on Trial

On Sept. 25, 2023, Judge Stephanos Bibas (sitting by designation in the District of Delaware), determined that fact questions surrounding issues of fair use and tortious interference required a jury to decide media conglomerate...

Read More

Top 5 Privacy Cases To Watch, From Chatbots to Geolocation

Litigation — and threats of litigation — related to privacy law violations have been on the rise recently. While some judges have pushed back on the theories set forth by plaintiffs, new privacy lawsuits...

Read More

Enforcement of CPRA Regulations Delayed

Shortly before the California Privacy Right Act (CPRA) modifications to the California Consumer Privacy Act (CCPA) were set to become enforceable on July 1, 2023, a Sacramento Superior Court judge issued a ruling on...

Read More