In early 2012, Zappos, a division of Amazon, was the victim of
an enormous customer data breach affecting 24 million records.
Class action attorneys filed cases against the online shoe retailer
citing multiple breaches of contract and privacy violations.
Zappos' Terms of Use (TOU) contained an arbitration provision,
which may have saved the company from the plague of the class
action bar, but it didn't. In what may become a trend, a
federal district court in Nevada found the TOU invalid for two
reasons.
First, the Zappos TOU was never explicitly agreed to by the
consumers. Generally speaking, there are two types of TOU found on
the internet, clickwrap and browsewrap. A browsewrap agreement is a
link at the bottom of a webpage or application containing a TOU.
The user agrees to the browsewrap agreement merely by browsing the
site, without having actually read the agreement or accepting the
terms of it in any way. In the Zappos case, the court held this
type of TOU unenforceable because the user never actually indicates
consent. The alternative would have been for each Zappos user to
click "I accept" to the TOU when creating an account or
when making a purchase. This would have been a better indicator of
consent than is available via a browsewrap agreement.
Second, the Zappos TOU contained a very common provision that
stated Zappos could modify the TOU at any time. The court took this
to an extreme and stated that this power included removing or
modifying the arbitration clause. In traditional contract law, a
contract that is unilaterally amendable is not an enforceable
contract: if one party can change the contract at any time, then
what does it really mean and how can a court enforce it? The court
did not take into account that this type of provision is nearly
ubiquitous on the internet.
One solution for these problems is simple and may have saved Zappos
substantial resources defending class action litigations. First, we
recommend that clients consider making any TOU on a monetized
website or application a clickwrap agreement, not a browsewrap
agreement. User consent is most easily obtained during account
registration and purchases. Second, consider removing any language
in a TOU permitting you to modify the terms of the TOU at any time.
Instead, keep track of the user base and have them periodically
accept (e.g. for new users, application patches, or purchases) the
new TOU whenever you modify it.
As a best practice, a website or application should review its
Privacy Policies and TOU at least annually for compliance with
updates in the law as well as changing technology.
This alert provides general coverage of its subject area. We provide it with the understanding that Frankfurt Kurnit Klein & Selz is not engaged herein in rendering legal advice, and shall not be liable for any damages resulting from any error, inaccuracy, or omission. Our attorneys practice law only in jurisdictions in which they are properly authorized to do so. We do not seek to represent clients in other jurisdictions.