A US judge has dismissed much of a proposed class action which claimed Zoom Video Communications violated users’ privacy rights by sharing personal information with Facebook, Google and LinkedIn, and let intruders ‘Zoombomb’ meetings held via the online platform.

Sitting in San Jose, California, district judge Lucy Koh rejected six claims including invasion of privacy, negligence and violations of the state’s consumer and anti-hacking laws.

The plaintiffs failed to prove the San Jose-based company shared or sold their data without permission and, at best, alleged the company “disclosed certain other people’s data, not necessarily plaintiffs’ data”, Reuters news agency reported.

Koh also said Zoom is mostly immune under Section 230 of the national Communications Decency Act for ‘Zoombombing’, whereby outsiders hijack Zoom meetings and display pornography, use racist language, or post other disturbing material.

“Appalling as this content is, Zoom’s failure to edit or block user-generated content is the very activity Congress sought to immunise,” she wrote in reference to Section 230. That shields online platforms from liability for user content.

Koh also wrote the plaintiffs “cannot hold Zoom liable for injuries stemming from the heinousness of third-party content.”

The judge allowed three contract-based claims to proceed.

The plaintiffs want Zoom to improve its security practices, and damages for past privacy violations. She said they can try to replead the dismissed claims.

Zoom sought to have all claims dismissed.

PrivSec Global, a live streaming event, takes place on 23-25 March featuring more than 200 speakers and 64 sessions on privacy, data protection and cyber-security.