If this code is used without the RSA encryption of the AES key and instead just encryption with a long-lived AES key, then this is incredibly insecure.
Using a fixed IV while keeping the key constant for GCM mode is incredibly insecure. The IV must be unique when encrypting multiple plaintexts with the same key. Using a static IV makes the cipher deterministic and permits the attacker to deduce the plaintexts if they observed multiple ciphertexts. This is called the many-time pad (or two-time pad).
The IV is not secret, so it can be sent along with the ciphertext. Usually, it is simply prepended to the ciphertext and sliced off before decryption.