Zoom Video Communications Inc. has been hit with two privacy lawsuits in California after the company's data protection procedures came under scrutiny once the platform transformed into a crucial tool for businesses during the coronavirus pandemic.

Wexler Wallace filed the first class action complaint against Zoom on Monday, followed by Tycko & Zavareei Tuesday. Both lawsuits, filed in the U.S. District Court for the Northern District of California, cite a Motherboard report finding the iOS version of the videoconferencing app funnels user analytics to Facebook, a feature Zoom said it has since deleted in an update.

"Had Zoom informed its users that it would use inadequate security measures and permit unauthorized third-party tracking of their personal information, users—like plaintiff and class members—would not have been willing to use the Zoom App," wrote Tycko & Zavareei's Hassan Zavareei and Katherine Aizpuru in Washington, D.C., and Annick Persinger in Oakland. "Instead, plaintiff and class members would have forgone using Zoom and/or chosen a different videoconferencing product that did not send their personal information to Facebook, or any other third party."

The lawsuits contend that Zoom shared personally identifiable information such as users' device model, time zone, location, phone carrier and an advertiser identifier profile, which provides marketers with insights to consumers' demographics and preferences.

"This issue is extremely important now, because businesses, families and individuals are increasingly connecting via Zoom," Aizpuru said. "But it would be important even if many states were not under stay at home orders. Protecting consumer privacy is only becoming more important as more of our lives move online."

The lawsuits are among the first to invoke the California Consumer Protection Act, which took effect Jan. 1, arguing that San Jose-based Zoom gathers personal data without the consent and notices mandated by the law.

The suit also alleges violations of California's Unfair Competition Law, the state's Consumers Legal Remedies Act, negligence and invasion of privacy under California's constitution.

Tycko & Zavareei assert that Zoom's sharing of user data to third-parties was an "egregious breach of their trust and of social norms" and violated even Facebook's policies.

"Facebook's Business Tools terms of use state that if a company like Zoom is using Facebook's software development kit, 'you further represent and warrant that you have provided robust and sufficiently prominent notice to users regarding the customer data collection, sharing, and usage,'" the complaint says.

Even with Zoom's update to the app, the Wexler Wallace attorneys say the harm has already been done, and that the harm continues.

"Zoom appears to have taken no action to block any of the prior versions of the Zoom App from operating," wrote Wexler Wallace's Mark Tamblyn in Sacramento and Kenneth Wexler and Jason Keener in Chicago. "Thus, unless users affirmatively update their Zoom App, they likely will continue to unknowingly send unauthorized personal information to Facebook, and perhaps other third parties. Zoom could have forced all iOS users to update to the new Zoom App to continue using Zoom but appears to have chosen not to."

Aizpuru said the other problem with Zoom's response is that changing their code to ensure that Facebook doesn't have access to user information doesn't compensate the people whose data was shared without their consent.

"There's a lot of unanswered questions that Zoom is going to have to account for," she said.

Kenneth Wexler said Wexler Wallace does not comment on pending litigation.

Zoom declined to comment but pointed to a company blog post on the Facebook feature.