Zoom Video Communications under Dutch law

Zoom Video Communications under Dutch law

Principles for reimbursement

What are actually the grounds for doing this? We give a short summary and therefore also with a short-the-turn approach. The starting point should be that Zoom has violated the user's privacy. That is already a ground for compensation.

In addition, Zoom has disobeyed legal obligations, such as those that follow from the General Data Protection Regulation (GDPR).

Zoom states on its website that it complies with the GDPR (the English version of the Dutch AVG), but in practice, it appears that Zoom processes personal data of users where appropriate without (full) permission or the knowledge of the same users.

Another ground for compensation is unfair or misleading commercial practice. After all, the company has provided information about the safety of the service and about the privacy of the user that turned out to be factually incorrect or at least misleading. Unfair and misleading commercial practices are also a basis for compensation. In particular, it remains to be seen whether unfair commercial practices involve intangible damage (see below). Material damage is possible, but it depends very much on individual circumstances.

The fourth basis for compensation is unlawful enrichment. It must be demonstrated that Zoom has enriched itself at the expense of the user. Of course, it looks like Zoom has passed on user data to third parties, generating revenue. The question is whether the user is actually disadvantaged by this. For example, whether a user's personal data has become less valuable as a result of Zoom's practices.

Is there a computer breach due to unsafe Zoom software? If so, it could be a criminal offense. However, the question is whether Zoom committed computer trespass or provided a service that made third-party trespass easier. In both cases, there is a wrongful act. But can users demonstrate that they have fallen victim to this? Have they suffered demonstrable material damage as a result? That needs to be investigated further.


  1. a. Intangible damage

Despite everything, it seems that there is a sufficient basis to oblige Zoom to compensate. After all, the GDPR states that the term damage must be interpreted broadly. Both before and after the entry into force of the GDPR, compensation has been granted for privacy violations.

When it comes to the award of intangible damages, there must be a situation in which someone "has been affected in another way in person". There is no need for objective spiritual suffering! In the case of Zoom, there appears to be "harm to the person" and that is a basis for intangible damages. Amounts paid for this in the Netherlands range from € 100 - € 500.

The European Court of Justice has not yet commented on the extent of intangible damages for the violation of GDPR. In their consideration, Dutch judges mainly take into account the nature, duration and seriousness of the infringement when determining the extent of the compensation. Less important counts if a third party, who has wrongly obtained the personal data, does something about it.

  1. b. Material damage

In theory, the practices of Zoom Video Communication can also lead to material damage. Material damage in this case may include:

• Damage to and impairment of the personal information of users that Zoom has collected, distributed and used;

• Costs of users in connection with reviewing and attempting to stop unwanted advertisements and contact requests and the missed free time and etc.

Google is watching us

Google has recently come under fire from various directions because of their tracking behavior of Android users. Not only does Google have unsolicited access to location data in mobile (Android) phones, the company is also not transparent about what it does with that data. Location data is personal data and that simply means that the user explicitly has to grant permission for sharing it (and with whom).

But if you want to disable sharing your location as a consumer, it turns out not to be that easy, said Mark Brnovich, who has investigated the case on behalf of the state of Arizona. Because through the proverbial back door of your phone, the company often manages to get away with your location data. The privacy violation Brnovich encountered proved so serious that it even led to charges against Google.