The California Consumer Privacy Act (CCPA) legislation was put into effect on January 1, 2020 but will officially start being enforced this upcoming July 1. A lot of privacy regulators and watchdogs are interested to see how strictly the consequences for violating the laws will be enforced and to see how the CCPA regulations will tie into other laws. According to AdExchanger, the flexibility of the CCPA is already being tested with B2B intent data company Bombora stating they are suing their former partner ZoomInfo for gaining an unfair data advantage through, they claim, repeated abuses of the CCPA. So Bombora is attempting to sue ZoomInfo for breaking California’s Unfair Competition Law because they were collecting and selling consumer data without consent, breaking CCPA.
The complaint was filed in mid-May in Santa Clara Superior Court and is testing whether a breach of the CCPA can also count as a violation under the unfair competition laws in California. According to AdExchanger, Bombora is suing ZoomInfo’s parent company DiscoverOrg for using a free ZoomInfo tool called Community Edition to collect and sell data without permission. Community Edition gives users free access to the millions of B2B profiles of ZoomInfo’s database, and contact information in return for sharing their own business contacts. Also, ZoomInfo scans all the emails that come in and out of a user’s inbox to swipe and replicate the signatures for their database.
The obvious issue with this Community Edition tool is that businesses and people do not have control over their own data and info. If someone simply shares their contact information with one person, it can be spread like wildfire and sold and shared with anyone else using the Community Edition tool without having to gain their consent. The tool gathers all of the contacts within a user’s address book without a contact’s knowledge and without giving that person the opportunity to opt out. Other profiles who are sharing and selling this information are violating CCPA without realizing they are selling data without consent.
ZoomInfo and Bombora have a murky past since they used to be business and data partners before DiscoverOrg bought ZoomInfo last year. According to AdExchanger, their relationship went downhill because ZoomInfo was secretly building a competitive tool to Bombora’s product and didn’t tell them. Bombora claims they are fighting for consumer privacy and that it is their obligation as a company to point out when others are violating CCPA laws and mass collecting private information.
A ZoomInfo spokesperson responded stating, “The claims are meritless, and the lawsuit is Bombora’s attempt at retaliation against ZoomInfo for ending a vendor relationship with Bombora. ZoomInfo fully complies with the CCPA and the regulations issued by the California Attorney General. ZoomInfo intends to vigorously defend the suit and will respond on the timeline set by the court.” This case will be huge in future application of the CCPA and other California laws and how seriously the state and U.S. will enforce these regulations.