©2013 All Rights Reserved. Lewis and Roca LLP
In light of the recent Nevada federal district court decision In re Zappos.com, Inc., Customer Data Security Breach Litigation, companies should review and update their implementation of browsewrap agreements to ensure users are bound to its terms. MDL No. 2357, 2012 WL 4466660 (D.Nev. Sept. 27, 2012).
Background of the Case
Founded in 1999, Zappos.com is a subsidiary of Amazon.com and one of the nation’s biggest online retailers for footwear and apparel. Currently headquartered in Henderson, Nevada, the company has more than 24 million customer accounts. In mid-January 2012, its computer system experienced a security breach in which hackers attempted to access the company’s customer accounts and personal information.
Lessons Learned from the Browsewrap
Mutual Assent Must Be Clear
Since Zappos’ browsewrap agreement did not require its users to take similar affirmative action to show their assent to the terms and conditions, there was no direct evidence showing that the plaintiffs consented to or even had actual knowledge of the agreement, including the arbitration clause.
Link It Front and Center
Unilateral Right to Modify or Terminate Won’t Work
Another problem with Zappos’ browsewrap agreement was that it was illusory and thus unenforceable. In the agreement, the company “retain[ed] the unilateral, unrestricted right to terminate the arbitration agreement” and had “no obligation to receive consent from, or even notify, the other parties to the contract.” Users would unsuspectingly agree to the changes by continuing to use the site. Under this provision, Zappos could seek to enforce the arbitration clause, as it did here, or not enforce it by modifying the clause without notice to its users when it was no longer in its interest to arbitrate. In either circumstance, the users would still be bound to the agreement.
Implications for Companies
Clickwrap agreements seem to provide the solution to Zappos’ problem. The court suggested a clickwrap agreement could obtain a user’s assent to the terms and conditions. A company may implement the clickwrap agreement through account registration or purchase check-out, tailored to the nature of the company’s business and user interaction. The system may require a user to click “I Accept” to secure the user’s assent to be bound by the agreement before he can proceed further on the website.
On the other hand, the court did not conclude that browsewrap agreements are never enforceable. Other courts have held that browsewrap agreements are generally enforceable. Enforceability largely depends on how the company presents the link and terms to the users such that the users would have reasonable notice of the information. Accordingly, a browsewrap agreement may be enforceable if the hyperlink is conspicuously located and displayed.
In addition, companies should communicate and secure a user’s assent to any modification when the user has previously accepted the terms and conditions. The user may consent through another clickwrap agreement showing the modified terms. With a browsewrap agreement, notice of the changes should, at the minimum, be conspicuously displayed on the webpage.
What This Means