As school districts increasingly rely on Zoom to facilitate online classes, and in many cases are expressly directing students to download and use the app, it implicates new legal concerns for the company.

State regulators have taken notice of Zoom’s online school activity, and some have expressed concerns about whether Zoom has actually sought or obtained parents’ permission to collect data from minor students, in light of activity ostensibly targeted at minors. Zoom’s school district privacy policy requires a “‘School Subscriber’ – typically a student’s school, school district, or teacher—to contractually consent to [Zoom’s] information practices on behalf of such students’ parents.” Both the CCPA and the Children’s Online Privacy Protection Act (15 U.S.C. §§ 6501, et seq.) (“COPPA”) primarily delegate to parents control of the information that is collected from their children online, and therefore generally require express parental consent for any personal data collection from minors.

New York’s attorney general recently sent Zoom a letter, requesting clarification on its security measures, specifically with regard to the increased traffic on its network and the detection of hackers in online classrooms. This implicates concerns for anyone using the app to discuss confidential or private matters. Seemingly as a result of these privacy concerns, some school districts have banned Zoom entirely for classroom use and/or official communications.

Overall, Zoom’s business is thriving as schools implement distance learning due to COVID-19 concerns. However, with its rapid growth, a new host of privacy-related legal issues have arisen, which are likely to develop in interesting ways in the coming weeks.