In re Zappos.com, Inc., Customer Data Security Breach Litigation

Last updated
In re Zappos.com, Inc., Customer Data Security Breach Litigation
UnitedStatesDistrictCourtDistrictNevada.png
Court United States District Court for the District of Nevada
DecidedSeptember 27, 2012
Docket nos. 3:12-cv-00325
DefendantAmazon.com, Inc., dba Zappos.com
ProsecutionStacy Penson, Stephanie Priera, Robert Ree, Josh Richards, Christa Seal, Shari Simon, Mrs. Sylvia St. Lawrence, Theresa D. Stevens, Kathryn Vorhoff, Brooke C. Brown, Tara J. Elliott and Ms. Dahlia Habashy
Citation(s)893 F. Supp. 2d 1058
Holding
Customers did not agree to Zappos.com's browsewrap terms of use; arbitration clause is unenforceable
Court membership
Judge(s) sitting Robert Clive Jones
Keywords
browsewrap

In re Zappos.com, Inc., Customer Data Security Breach Litigation, 893 F. Supp. 2d 1058 (D. Nev. 2012), was a United States District Court for the District of Nevada case in which the Court held that Zappos.com's customers were not held to the browsewrap terms of use because of their obscure nature. The courts also held that the agreement was unenforceable because Zappos had reserved the right to change it at any time without informing the customers. [1] This court decision set a precedent for businesses that use browsewrap agreements and/or include a clause in their agreements that allow them to change the agreements at any time. The decision encouraged conversation on how a business should most fairly display its terms of use and how to avoid unfairness and ambiguity when writing them. [2]

Contents

Background

Zappos has a customer base of over 24 million people. In January 2012, Zappos suffered a data security breach that gave hackers personal information of their customers. While the security breach exposed names, addresses, and phone numbers of Zappos customers, it did not expose the customers' credit card information. After Zappos became aware of the security breach, Zappos sent an email to its customers notifying them of the security breach and advised that they change their login credentials on the site. [3]

Several Zappos customers independently filed suit against Zappos claiming that their business model did not protect the valuable information of their customers. [4] [1] Plaintiffs listed twelve causes of action for the suit accusing Zappos of not taking adequate measures to safeguard customers' personally identifiable information. [5] By June 2012, there were nine lawsuits in progress, originating from five court districts. [6]

After the lawsuits multiplied, Zappos moved to consolidate these pre-trial proceedings into a centralized forum. The Judicial Panel on Multidistrict Litigation agreed that centralization would help move the cases along by avoiding duplicate work. The most time-saving implementation being a resolution of the facts involved in the case and series of events leading to and following the security breach. Because of the location of the plaintiffs, many suggested their home districts for the centralized proceedings: the District of Nevada, the Western District of Kentucky, the Southern District of Florida, and the District of Massachusetts. The Judicial Panel concluded that the District of Nevada was most appropriate because the breached Zappos servers and their administrators were based in Hendersonville, Nevada. [6]

On 14 June 2012, Zappos filed a motion to compel arbitration and stay action. Such a motion would require that the Court stop proceedings on the consolidated suits that were arranged to take place in a single class action. Zappos would now require each individual plaintiff to go through an arbitration process. This motion was held in a clause in Zappos's terms of use, which declared that disputes shall be resolved through confidential arbitration. [1]

Any dispute relating in any way to your visit to the Site ... shall be submitted to confidential arbitration in Las Vegas, Nevada, .... You hereby consent to, and waive all defense of lack of personal jurisdiction in the state and federal courts of Nevada.

Zappos argued that its customers were required to go through arbitration instead of personal jurisdiction because they automatically agreed to the terms of use when they used the Zappos.com website. Browsewrap agreements such as this are created when the user does not have to click a button or check a box to indicate that they have accepted the terms of service for a particular website. [5]

ACCESSING, BROWSING, OR OTHERWISE USING THE SITE INDICATES YOUR AGREEMENT TO ALL THE TERMS AND CONDITIONS IN THIS AGREEMENT

The difference between a clickwrap agreement and a browsewrap agreement is that in a browsewrap agreement, the visitor to a site accepts the terms of service simply by visiting the website. [7]

Opinion of the Court

The Court denied Zappos's motion to compel arbitration and stay action for two reasons: 1. the plaintiffs did not assent to the terms of use, and 2. the arbitration requirement is unenforceable. [8]

The Court started by citing the Federal Arbitration Act and pointed out that the right to compel arbitration relied on a valid contract, which that element was highly contested. Judge Jones cited several cases supporting the procedure of determining whether the parties formed a contract before deciding whether or not to compel arbitration including Chiron Corp. v. Ortho Diagnostics Sys., Inc., 207 F.3d 1126 (2000). [9] In other words, the right to compel arbitration requires an enforceable contract, and an enforceable contract requires mutual assent. This brought the nature of Zappos's terms of use into question and whether the user had actually entered a contract with Zappos under the browsewrap agreement. [8]

In a browsewrap agreement, the user must know of the website's terms and conditions in order to accept them. The Court points out that on the Zappos website, a link to the terms of use is towards the bottom of each page; "when the Zappos.com homepage is printed to hard copy, the link appears on page 3 of 4." The link did not have any distinguishing features that set it apart from surrounding links. This embedding of terms did not make it reasonably obvious to the user where and how to find the terms, indicating the user experience was flawed. Additionally, the site did not give special mention of the terms of use when a user would sign up, log in, or make a purchase, further indicating that there was no mutual agreement once the user gave Zappos personal and private information. From this, the Court concluded that the Plaintiffs may not have known about the terms of use, arguing that "No reasonable user" would have clicked the link. [8]

The Court also highlighted a clause in Zappos's terms of use, which declared, "We reserve the right to change this Site and these terms and conditions at any time." This would give Zappos the right to choose whether to pursue arbitration, and its customers would be bound by its decision automatically. The Court wrote that this kind of agreement would give Zappos an "escape hatch" that it could use "if it determined arbitration was no longer in its interest." Because of this, the Court found that the arbitration agreement is illusory and would not be enforced in this case. [8]

Zappos argued that, under the equitable estoppel doctrine, the plaintiffs may not sue for breach of contract trying to avoid the terms of use by not submitting to arbitration. The Court declined to apply the doctrine, stating that the plaintiffs were not aware of the terms of use, and they were suing based on "other statements and guarantees found on the website." [8]

Subsequent developments

Zappos did not make any changes to its terms of use following the Court decision. Law blogger William Carleton reported on 8 November 2012, two months after the decision, that Zappos's terms of use was identical to an archived copy from May 2011. Carleton also tried registering for the site and placing an order. He noted that there was still no salient presentation of the terms of service nor any dedicated "accept" button. [10]

On 9 September 2013, the Court dismissed most of the common law claims against Zappos. The Court also dismissed a few of the statutory claims, some with leave to amend. [5]

Commentary from law blogs

Many law blogs posted advisories to businesses in response to this decision. One common theme was the recommendation of clickwrap over browserwrap, in which the site explicitly obtains assent when a user clicks an "accept" button. [2] [4] [1] Another common recommendation was for businesses to revise or remove any language from its terms of use that would allow it to change the terms of use without notice. [4] [2] [11]

Law firm Lewis Roca Rothgerber pointed out that this decision does not declare all browsewrap contracts unenforceable. This case decided that Zappos's particular implementation of their terms of use, and the arbitration clause in particular were unenforceable. The law firm stated that browsewrap agreements have been enforced in other courts. It also suggests that businesses that want to continue to use browsewrap agreements should provide a conspicuous link to their agreements, "Front and Center." [11]

Law firm Stanfield Hiserodt suggested that the size of the case, with 24 million claimants in the class action, may have played a role in the decision. Stanfield drew attention to the impossibility of having all 24 million individuals visit Nevada for arbitration.

Related Research Articles

Terms of service are the legal agreements between a service provider and a person who wants to use that service. The person must agree to abide by the terms of service in order to use the offered service. Terms of service can also be merely a disclaimer, especially regarding the use of websites. Vague language and lengthy sentences used in the terms of use have brought concerns on customer privacy and raised public awareness in many ways.

Forum selection clause

A forum selection clause in a contract with a conflict of laws element allows the parties to agree that any disputes relating to that contract will be resolved in a specific forum. They usually operate in conjunction with a choice of law clause which determines the proper law of the relevant contract.

<i>Specht v. Netscape Communications Corp.</i> American legal case

Specht v. Netscape, 306 F.3d 17, is a case in the United States Court of Appeals for the Second Circuit regarding the enforceability of browse-wrap software licenses. The court held that merely clicking on a download button does not show assent to license terms if those terms were not conspicuous and if it was not explicit to the consumer that clicking meant agreeing to the license.

Browse-wrap is a term used in Internet law to refer to a contract or license agreement covering access to or use of materials on a web site or downloadable product. In a browse-wrap agreement, the terms and conditions of use for a website or other downloadable product are posted on the website, typically as a hyperlink at the bottom of the screen. Unlike a clickwrap agreement, where the user must manifest assent to the terms and conditions by clicking on an "I agree" box, a browse-wrap agreement does not require this type of express manifestation of assent. Rather, a web-site user purportedly gives their consent simply by using the product — such as by entering the website or downloading software.

Prima Paint Corp. v. Flood & Conklin Mfg. Co., 388 U.S. 395 (1967), is a United States Supreme Court decision that established what has become known as the "separability principle" in contracts with arbitration clauses. Following an appellate court ruling a decade earlier, it reads the 1925 Federal Arbitration Act (FAA) to require that any challenges to the enforceability of such a contract first be heard by an arbitrator, not a court, unless the claim is that the clause itself is unenforceable.

<i>Bragg v. Linden Lab</i>

Bragg v. Linden Research, Inc., 487 F. Supp. 2d 593, was a civil action removed to the United States District Court for the Eastern District of Pennsylvania in October 2006. Linden Lab, an online virtual world service provider of Second Life, terminated the account of user Marc Bragg when Linden Lab discovered that Bragg had found a way to acquire land in the virtual world at a lower-than-market price. The user brought this suit, which was ultimately settled before a final decision was reached. However, the District Court did decide on two issues which may be important in future virtual-world litigation: that the Second Life Terms of Service's mandatory arbitration provision was unenforceable, and that interaction with a person in a virtual world can satisfy a state's "minimum contacts" requirement for personal jurisdiction.

<i>MDY Industries, LLC v. Blizzard Entertainment, Inc.</i>

MDY Industries, LLC v. Blizzard Entertainment, Inc and Vivendi Games, Inc., 629 F.3d 928, is a case decided by the United States Court of Appeals for the Ninth Circuit. At the district court level, MDY had been found liable under theories of copyright and tort law for selling software that contributed to the breach of Blizzard's End User License Agreement (EULA) and Terms of Use (ToU) governing the World of Warcraft video game software.
The court's ruling was appealed to the United States Court of Appeals for the Ninth Circuit, which reversed the district court in part, upheld in part, and remanded for further proceedings. The Court of Appeals ruled that for a software licensee's violation of a contract to constitute copyright infringement, there must be a nexus between the license condition and the licensor’s exclusive rights of copyright. However, the court also ruled, contrary to Chamberlain v. Skylink, that a finding of circumvention under the Digital Millennium Copyright Act does not require a nexus between circumvention and actual copyright infringement.

Southland Corp. v. Keating, 465 U.S. 1 (1984), is a United States Supreme Court decision concerning arbitration. It was originally brought by 7-Eleven franchisees in California state courts, alleging breach of contract by the chain's then parent corporation. Southland pointed to the arbitration clauses in their franchise agreements and said it required disputes to be resolved that way; the franchisees cited state franchising law voiding any clause in an agreement that required franchisees to waive their rights under that law. A 7-2 majority held that the Federal Arbitration Act (FAA) applied to contracts executed under state law.

<i>Bowers v. Baystate Technologies, Inc.</i>

Bowers v. Baystate Technologies, 320 F.3d 1317, was a U.S. Court of Appeals Federal Circuit case involving Harold L. Bowers and Baystate Technologies over patent infringement, copyright infringement, and breach of contract. In the case, the court found that Baystate had breached their contract by reverse engineering Bower's program, something expressly prohibited by a shrink wrap license that Baystate entered into upon purchasing a copy of Bower's software. This case is notable for establishing that license agreements can preempt fair use rights as well as expand the rights of copyright holders beyond those codified in US federal law.

<i>Lane v. Facebook, Inc.</i>

Lane v. Facebook was a class-action lawsuit in the United States District Court for the Northern District of California regarding internet privacy and social media. In December 2007, Facebook launched Beacon, which resulted in users' private information being posted on Facebook without the users' consent. Facebook ended up terminating the Beacon program and created a $9.5 million fund for privacy and security. There was no monetary compensation awarded to Facebook users affected negatively by the Beacon program.

AT&T Mobility LLC v. Concepcion, 563 U.S. 333 (2011), is a legal dispute that was decided by the United States Supreme Court. On April 27, 2011, the Court ruled, by a 5–4 margin, that the Federal Arbitration Act of 1925 preempts state laws that prohibit contracts from disallowing class-wide arbitration, such as the law previously upheld by the California Supreme Court in the case of Discover Bank v. Superior Court. As a result, businesses that include arbitration agreements with class action waivers can require consumers to bring claims only in individual arbitrations, rather than in court as part of a class action. The decision was described by Jean Sternlight as a "tsunami that is wiping out existing and potential consumer and employment class actions" and by law professor Myriam Gilles as "the real game-changer for class action litigation". By April 2012, Concepcion was cited in at least 76 decisions sending putative class actions to individual arbitration. After the decision, several major businesses introduced or changed arbitration terms in their consumer contracts, although the hypothesis of massive adoption of consumer arbitration clauses following the decision has been disputed.

<i>Harris v. Blockbuster, Inc.</i>

Harris v. Blockbuster, Inc., 622 F. Supp. 2d 396, established precedent in the district that when a contract has a clause that authorizes one party to make changes to the "contract" without notification, that it is illusory and hence the entire "contract" is void.

Green Tree Financial Corp-Ala. v. Randolph, 531 U.S. 79 (2000), is a decision by the United States Supreme Court. The case dealt with the enforceability of arbitration agreements that did not discuss the cost of the arbitration itself and with the finality of certain arbitration decisions.

Shearson/American Express Inc. v. McMahon, 482 U.S. 220 (1987), is a United States Supreme Court decision concerning arbitration of private securities fraud claims arising under the Securities Exchange Act of 1934. By a 5–4 margin the Court held that its holding in a 1953 case, Wilko v. Swan, that the nonwaiver provisions of the Securities Act of 1933 prevented the mandatory arbitration of such claims, did not apply to claims under the 1934 Act due to differences in the corresponding language of the two statutes, reversing a decision of the Second Circuit Court of Appeals that had affirmed what had been considered settled law, despite the lack of a precedent. It likewise held that claims under the Racketeer Influenced and Corrupt Organizations Act (RICO) were arbitrable, affirming an order from the district court that the Second Circuit had also upheld.

Rodriguez de Quijas v. Shearson/American Express Inc., 490 U.S. 477 (1989), is a United States Supreme Court decision concerning the arbitration of securities fraud claims. It was originally brought by a group of Texas investors against their brokerage house. By a 5–4 margin the Court affirmed the Fifth Circuit Court of Appeals and ruled that their claims under the Securities Act of 1933, which regulates trading in the primary market, must be arbitrated as stipulated in their customer agreements.

Nguyen v Barnes & Noble, Inc., 763 F.3d 1171, was a United States Court of Appeals for the Ninth Circuit decision in which the Court ruled that Barnes & Noble's 2011 Terms of Use agreement, presented in a browsewrap manner via hyperlinks alone, was not enforceable since it failed to offer users reasonable notice of the terms. The decision set an important precedent on the future design and presentation of online contracts for consumer-facing e-commerce sites.

Epic Systems Corp. v. Lewis, 584 U.S. ___ (2018), was a case decided by the Supreme Court of the United States on how two federal laws, the National Labor Relations Act (NLRA) and the Federal Arbitration Act (FAA), relate to whether employment contracts can legally bar employees from collective arbitration. The Supreme Court had consolidated three cases, Epic Systems Corp. v Lewis, Ernst & Young LLP v. Morris (16-300), and National Labor Relations Board v. Murphy Oil USA, Inc. (16-307). In a 5–4 decision issued in May 2018, the Court ruled that arbitration agreements requiring individual arbitration are enforceable under the FAA, regardless of allowances set out within the NLRA.

Am. Express Co. v. Italian Colors Rest., 570 U.S. 228 (2013), is a United States Supreme Court case decided in 2013.

<i>Douglas v. U.S. District Court ex rel Talk America</i>

Douglas v. U.S. Dist. Court ex rel Talk America, 495 F.3d 1062 (2007), is a U.S. Circuit Court of Appeals case that examines whether a service provider may change the terms of its service contract by merely posting a revised contract on its website, without informing the other party of the changes.

<i>Morrison v. Amway Corp.</i>

Morrison v. Amway Corp. 49 F. Supp. 2d 529 was a lawsuit concerning the enforcement of a contractual arbitration provision between the defendant Amway Corp. and the plaintiff their distributors.

References

  1. 1 2 3 4 Goldman, Eric. "How Zappos' User Agreement Failed In Court and Left Zappos Legally Naked" . Retrieved 1 October 2013.
  2. 1 2 3 "WSGR Alert: Federal District Court Refuses to Compel Arbitration, Holding That Zappos.com's "Browsewrap" Agreement Was Not a Valid Contract". Wilson Sonsini Goodrich & Rosati. Retrieved 1 October 2013.
  3. Hsieh, Tony. "Security Email" . Retrieved 2 October 2013.
  4. 1 2 3 Boyd, Gregory S. "Court Invalidates Zappos' Browsewrap Agreement" . Retrieved 1 October 2013.
  5. 1 2 3 Jones, Robert C. "ORDER". Justia Dockets & Filings. Retrieved 27 October 2013.
  6. 1 2 Heyburn II, John G. "TRANSFER ORDER". Justia Dockets & Filings. Retrieved 26 October 2013.
  7. Stanfield, Paul. "Zappos Gets Zapped. Browsewrap Agreements Are Collateral Damage". Austin Technology Blog. Archived from the original on 17 September 2014. Retrieved 1 October 2013.
  8. 1 2 3 4 5 Jones, Robert C. "Order". Justia Dockets & Filings. Retrieved 27 October 2013.
  9. McKeown, M. Margaret. "CHIRON CORP. v. ORTHO DIAGNOSTIC SYSTEMS, INC". Legale. Retrieved 27 October 2013.
  10. Carleton, William. "Zappos terms of use still "browsewrap"". Counselor @ Law. Retrieved 1 October 2013.
  11. 1 2 "Zappos and its effect on "browsewrap" agreements" . Retrieved 2 October 2013.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.