“Our customers’ privacy is incredibly important to us, and therefore we decided to remove the Facebook SDK in our iOS client and have reconfigured the feature so that users will still be able to log in with Facebook via their browser,” said the developers in a statement. “Users will need to update to the latest version of our application that’s already available at 2:30 p.m. Pacific time on Friday, March 27, 2020, in order for these changes to take hold, and we strongly encourage them to do so. “ Zoom indicated that it was not aware of the information being sent to Facebook servers, which it agrees is “unnecessary for us to provide our services”. That the company did not know of the practice is a concern in itself, but perhaps less so than purposeful information leaking. There are, of course, apps that disclose similar identifiers and information, with Microsoft Edge recently singled out for its hardware-persistent device ID. However, the stand out here is that analyses of Zoom’s privacy policy indicate that it did not tell users and that the information is not necessary for functionality. The above could be grounds for complaint under the EU’s GDPR legislation or new state efforts like the CCPA. Under GDPR, a user has a right to access their personal information and know how it’s being processed and gathered. They also have a right to have their data deleted. At the time of writing, Zoom has not offered guidance on how users can delete any information that was gathered about their device. This removal also doesn’t address any of the app’s other potential privacy issues. The EFF points out that Zoom administrators can get detailed information about how, when, and where users are using the app, with real-time dashboards. As it’s an intentional feature, it’s unlikely the company will address this.
