2020 was a banner year for data privacy class action settlements. As DDP previously reported, just two data privacy settlements paid out $767,000,000 ($767 million) to consumers: (1) the Yahoo! class action settlement for $117.5 million (now on appeal), and (2) the $650 million Facebook biometric privacy settlement for Illinois residents.
Now, in a single month this year, there have been three data privacy settlements worth $235 million.
First, the $92 million TikTok data privacy settlement that DDP flagged earlier was approved in mid-October by Judge Lee in Illinois. In addition to the cash payment, TikTok agreed that it would not: save biometric information, collect GPS or clipboard data, and send or store US users’ data outside of the country.
Second, in late October, Judge Koh in California approved an $85 million Zoom data privacy settlement. While many people think of this as the “Zoom-bombing” case, the settlement also required Zoom to change many of its privacy practices. These include: maintaining a repository to prevent and respond to meeting disruptions, adding identity authentication features, adding new controls to allow meeting hosts to block and lock meetings, and adding extra security layers for K-12 educational meetings.
Zoom users who had free accounts should receive at least $15; Zoom users who paid for Zoom should receive 15% of the money they paid to Zoom during the class period (from 2016 to present) back.
Third, the fintech services company Plaid Inc. settled a class action for $58 million. The case alleged that Plaid collected and used consumers’ banking login credentials (gathered thru apps like VENMO or CASH APP). Plaid would then access consumers' bank accounts, gather consumers’ financial transaction data, and sell that data to third parties without notice and consent.
In addition to the cash portion of the settlement, Plaid will delete data and change its privacy and data collection practices for at least three years. This settlement is still awaiting court approval. So stay tuned.