Can companies use violations of the California Consumer Privacy Act (CCPA) to nail a rival for noncompetitive behavior?
We’re gonna find out.
B2B intent data company Bombora said Wednesday it is suing its former partner ZoomInfo for gaining an unfair data advantage through, it claims, repeated abuses of the CCPA.
Although CCPA enforcement doesn’t begin until July 1, the law went into effect on Jan. 1, which means it’s actively on the books.
In a complaint filed in the Santa Clara County Superior Court in mid-May, Bombora alleges that ZoomInfo – which went public on June 4 in a nearly $1 billion IPO with a roughly $16 billion valuation – is breaking California’s Unfair Competition Law by collecting and selling personal information without consent (which is a violation of CCPA).
In short, “can a breach of the CCPA count as a breach of the law under the unfair competition laws in the state of California?” said Havona Madama, Bombora’s chief privacy officer.
To the best of Madama’s knowledge, this is a novel and untested argument which could set a precedent.
Specifically, Bombora is accusing ZoomInfo, which is owned by business contact database company DiscoverOrg, of using a free ZoomInfo tool called Community Edition to collect and sell data without permission. Community Edition gives users free access to ZoomInfo’s database of millions of B2B profiles and contact info in return for sharing their business contacts. ZoomInfo also scans all of the emails that come in and out of a user’s inbox in order to scrape the signatures for its database.
The problem, according to the complaint, is that the tool gathers all of the contacts within a user’s address book without a contact’s knowledge and without giving that person the opportunity to opt out.
“This is setting up users to violate the CCPA, perhaps unknowingly, by receiving those contacts and reselling them without notifying them,” Madama said.
It’s important to note that Bombora and DiscoverOrg/ZoomInfo have history. Before DiscoverOrg acquired ZoomInfo last year, Bombora and ZoomInfo were data partners. A customer of both Bombora and ZoomInfo could use Bombora data in ZoomInfo products and vice versa.
The relationship went south when ZoomInfo, according to Bombora, didn’t disclose that it was building a competitive product to Bombora’s offering.
“Most likely, ZoomInfo will say we’re just being vindictive, but the practical reality is that it’s our mission as a company to make sure that data is ethically sourced and it’s our obligation to point these things out,” Madama said. “Contact data is the most sensitive data for individuals, and once you have it, you can pretty easily track people – which is exactly what the CCPA was set up to stop.”
A ZoomInfo spokesperson shared this comment: “The claims are meritless, and the lawsuit is Bombora’s attempt at retaliation against ZoomInfo for ending a vendor relationship with Bombora. ZoomInfo fully complies with the CCPA and the regulations issued by the California Attorney General. ZoomInfo intends to vigorously defend the suit and will respond on the timeline set by the court.”