In re Zappos.com, Inc., Customer Data Security Breach Litigation | |
---|---|
Court | United States District Court for the District of Nevada |
Decided | September 27, 2012 |
Docket nos. | 3:12-cv-00325 |
Defendants | Amazon.com, Inc., dba Zappos.com |
Prosecution | Stacy Penson, Stephanie Priera, Robert Ree, Josh Richards, Christa Seal, Shari Simon, Mrs. Sylvia St. Lawrence, Theresa D. Stevens, Kathryn Vorhoff, Brooke C. Brown, Tara J. Elliott and Ms. Dahlia Habashy |
Citation | 893 F. Supp. 2d 1058 |
Holding | |
Customers did not agree to Zappos.com's browsewrap terms of use; arbitration clause is unenforceable | |
Court membership | |
Judge sitting | Robert Clive Jones |
Keywords | |
browsewrap |
In re Zappos.com, Inc., Customer Data Security Breach Litigation, 893 F. Supp. 2d 1058 (D. Nev. 2012), was a United States District Court for the District of Nevada case in which the Court held that Zappos.com's customers were not held to the browsewrap terms of use because of their obscure nature. The courts also held that the agreement was unenforceable because Zappos had reserved the right to change it at any time without informing the customers. [1] This court decision set a precedent for businesses that use browsewrap agreements and/or include a clause in their agreements that allow them to change the agreements at any time. The decision encouraged conversation on how a business should most fairly display its terms of use and how to avoid unfairness and ambiguity when writing them. [2]
Zappos has a customer base of over 24 million people. In January 2012, Zappos suffered a data security breach that gave hackers personal information of their customers. While the security breach exposed names, addresses, and phone numbers of Zappos customers, it did not expose the customers' credit card information. After Zappos became aware of the security breach, Zappos sent an email to its customers notifying them of the security breach and advised that they change their login credentials on the site. [3]
Several Zappos customers independently filed suit against Zappos claiming that their business model did not protect the valuable information of their customers. [4] [1] Plaintiffs listed twelve causes of action for the suit accusing Zappos of not taking adequate measures to safeguard customers' personally identifiable information. [5] By June 2012, there were nine lawsuits in progress, originating from five court districts. [6]
After the lawsuits multiplied, Zappos moved to consolidate these pre-trial proceedings into a centralized forum. The Judicial Panel on Multidistrict Litigation agreed that centralization would help move the cases along by avoiding duplicate work. The most time-saving implementation being a resolution of the facts involved in the case and series of events leading to and following the security breach. Because of the location of the plaintiffs, many suggested their home districts for the centralized proceedings: the District of Nevada, the Western District of Kentucky, the Southern District of Florida, and the District of Massachusetts. The Judicial Panel concluded that the District of Nevada was most appropriate because the breached Zappos servers and their administrators were based in Hendersonville, Nevada. [6]
On 14 June 2012, Zappos filed a motion to compel arbitration and stay action. Such a motion would require that the Court stop proceedings on the consolidated suits that were arranged to take place in a single class action. Zappos would now require each individual plaintiff to go through an arbitration process. This motion was held in a clause in Zappos's terms of use, which declared that disputes shall be resolved through confidential arbitration. [1]
Any dispute relating in any way to your visit to the Site ... shall be submitted to confidential arbitration in Las Vegas, Nevada, .... You hereby consent to, and waive all defense of lack of personal jurisdiction in the state and federal courts of Nevada.
Zappos argued that its customers were required to go through arbitration instead of personal jurisdiction because they automatically agreed to the terms of use when they used the Zappos.com website. Browsewrap agreements such as this are created when the user does not have to click a button or check a box to indicate that they have accepted the terms of service for a particular website. [5]
ACCESSING, BROWSING, OR OTHERWISE USING THE SITE INDICATES YOUR AGREEMENT TO ALL THE TERMS AND CONDITIONS IN THIS AGREEMENT
The difference between a clickwrap agreement and a browsewrap agreement is that in a browsewrap agreement, the visitor to a site accepts the terms of service simply by visiting the website. [7]
The Court denied Zappos's motion to compel arbitration and stay action for two reasons: 1. the plaintiffs did not assent to the terms of use, and 2. the arbitration requirement is unenforceable. [8]
The Court started by citing the Federal Arbitration Act and pointed out that the right to compel arbitration relied on a valid contract, which that element was highly contested. Judge Jones cited several cases supporting the procedure of determining whether the parties formed a contract before deciding whether or not to compel arbitration including Chiron Corp. v. Ortho Diagnostics Sys., Inc., 207 F.3d 1126 (2000). [9] In other words, the right to compel arbitration requires an enforceable contract, and an enforceable contract requires mutual assent. This brought the nature of Zappos's terms of use into question and whether the user had actually entered a contract with Zappos under the browsewrap agreement. [8]
In a browsewrap agreement, the user must know of the website's terms and conditions in order to accept them. The Court points out that on the Zappos website, a link to the terms of use is towards the bottom of each page; "when the Zappos.com homepage is printed to hard copy, the link appears on page 3 of 4." The link did not have any distinguishing features that set it apart from surrounding links. This embedding of terms did not make it reasonably obvious to the user where and how to find the terms, indicating the user experience was flawed. Additionally, the site did not give special mention of the terms of use when a user would sign up, log in, or make a purchase, further indicating that there was no mutual agreement once the user gave Zappos personal and private information. From this, the Court concluded that the Plaintiffs may not have known about the terms of use, arguing that "No reasonable user" would have clicked the link. [8]
The Court also highlighted a clause in Zappos's terms of use, which declared, "We reserve the right to change this Site and these terms and conditions at any time." This would give Zappos the right to choose whether to pursue arbitration, and its customers would be bound by its decision automatically. The Court wrote that this kind of agreement would give Zappos an "escape hatch" that it could use "if it determined arbitration was no longer in its interest." Because of this, the Court found that the arbitration agreement is illusory and would not be enforced in this case. [8]
Zappos argued that, under the equitable estoppel doctrine, the plaintiffs may not sue for breach of contract trying to avoid the terms of use by not submitting to arbitration. The Court declined to apply the doctrine, stating that the plaintiffs were not aware of the terms of use, and they were suing based on "other statements and guarantees found on the website." [8]
Zappos did not make any changes to its terms of use following the Court decision. Law blogger William Carleton reported on 8 November 2012, two months after the decision, that Zappos's terms of use was identical to an archived copy from May 2011. Carleton also tried registering for the site and placing an order. He noted that there was still no salient presentation of the terms of service nor any dedicated "accept" button. [10]
On 9 September 2013, the Court dismissed most of the common law claims against Zappos. The Court also dismissed a few of the statutory claims, some with leave to amend. [5]
A settlement was reached in October 2019. Customers received a 10% discount on one order. Zappos denied wrongdoing, but is expected to pay $1.6 million in court costs. [11]
Many law blogs posted advisories to businesses in response to this decision. One common theme was the recommendation of clickwrap over browserwrap, in which the site explicitly obtains assent when a user clicks an "accept" button. [2] [4] [1] Another common recommendation was for businesses to revise or remove any language from its terms of use that would allow it to change the terms of use without notice. [4] [2] [12]
Law firm Lewis Roca Rothgerber pointed out that this decision does not declare all browsewrap contracts unenforceable. This case decided that Zappos's particular implementation of their terms of use, and the arbitration clause in particular were unenforceable. The law firm stated that browsewrap agreements have been enforced in other courts. It also suggests that businesses that want to continue to use browsewrap agreements should provide a conspicuous link to their agreements, "Front and Center." [12]
Law firm Stanfield Hiserodt suggested that the size of the case, with 24 million claimants in the class action, may have played a role in the decision. Stanfield drew attention to the impossibility of having all 24 million individuals visit Nevada for arbitration.
Arbitration, in the context of the law of the United States, is a form of alternative dispute resolution. Specifically, arbitration is an alternative to litigation through which the parties to a dispute agree to submit their respective evidence and legal arguments to a third party for resolution. In practice, arbitration is generally used as a substitute for litigation. In some contexts, an arbitrator has been described as an umpire.
Terms of service are the legal agreements between a service provider and a person who wants to use that service. The person must agree to abide by the terms of service in order to use the offered service. Terms of service can also be merely a disclaimer, especially regarding the use of websites. Vague language and lengthy sentences used in these terms of service have caused concerns about customer privacy and raised public awareness in many ways.
In contract law, a forum selection clause in a contract with a conflict of laws element allows the parties to agree that any disputes relating to that contract will be resolved in a specific forum. They usually operate in conjunction with a choice of law clause which determines the proper law of the relevant contract.
Specht v. Netscape, 306 F.3d 17, is a ruling at the United States Court of Appeals for the Second Circuit regarding the enforceability of clickwrap licenses under contract law. The court held that merely clicking on a download button does not show consent with license terms, if those terms were not conspicuous and if it was not explicit to the consumer that clicking meant agreeing to the license.
Buckeye Check Cashing, Inc. v. Cardegna, 546 U.S. 440 (2006), is a United States Supreme Court case concerning contract law and arbitration. The case arose from a class action filed in Florida against a payday lender alleging the loan agreements the plaintiffs had signed were unenforceable because they essentially charged a higher interest rate than that permitted under Florida law.
Browsewrap is a term used in Internet law to refer to a contract or license agreement covering access to or use of materials on a web site or downloadable product. In a browse-wrap agreement, the terms and conditions of use for a website or other downloadable product are posted on the website, typically as a hyperlink at the bottom of the screen. Unlike a clickwrap agreement, where the user must manifest assent to the terms and conditions by clicking on an "I agree" box, a browse-wrap agreement does not require this type of express manifestation of assent. Rather, a web-site user purportedly gives their consent simply by using the product — such as by entering the website or downloading software.
Bragg v. Linden Research, Inc., 487 F. Supp. 2d 593, was a ruling at the United States District Court for the Eastern District of Pennsylvania. The case resulted in an important early ruling on the enforceability of an online End User License Agreement (EULA) under American contract law, though it did not ultimately gain influence as a precedent. The ruling also clarified the matter of personal jurisdiction for a dispute involving a user of a website that originates in a different region.
MDY Industries, LLC v. Blizzard Entertainment, Inc and Vivendi Games, Inc., 629 F.3d 928, is a case decided by the United States Court of Appeals for the Ninth Circuit. At the district court level, MDY had been found liable under theories of copyright and tort law for selling software that contributed to the breach of Blizzard's End User License Agreement (EULA) and Terms of Use (ToU) governing the World of Warcraft video game software.
The court's ruling was appealed to the United States Court of Appeals for the Ninth Circuit, which reversed the district court in part, upheld in part, and remanded for further proceedings. The Court of Appeals ruled that for a software licensee's violation of a contract to constitute copyright infringement, there must be a nexus between the license condition and the licensor’s exclusive rights of copyright. However, the court also ruled, contrary to Chamberlain v. Skylink, that a finding of circumvention under the Digital Millennium Copyright Act does not require a nexus between circumvention and actual copyright infringement.
Southland Corp. v. Keating, 465 U.S. 1 (1984), is a United States Supreme Court decision concerning arbitration. It was originally brought by 7-Eleven franchisees in California state courts, alleging breach of contract by the chain's then parent corporation. Southland pointed to the arbitration clauses in their franchise agreements and said it required disputes to be resolved that way; the franchisees cited state franchising law voiding any clause in an agreement that required franchisees to waive their rights under that law. A 7-2 majority held that the Federal Arbitration Act (FAA) applied to contracts executed under state law.
Bowers v. Baystate Technologies, 320 F.3d 1317, was a U.S. Court of Appeals Federal Circuit case involving Harold L. Bowers and Baystate Technologies over patent infringement, copyright infringement, and breach of contract. In the case, the court found that Baystate had breached their contract by reverse engineering Bower's program, something expressly prohibited by a shrink wrap license that Baystate entered into upon purchasing a copy of Bower's software. This case is notable for establishing that license agreements can preempt fair use rights as well as expand the rights of copyright holders beyond those codified in US federal law.
Lane vs. Facebook was a class-action lawsuit in the United States District Court for the Northern District of California regarding internet privacy and social media. In December 2007, Facebook launched Beacon, which resulted in users' private information being posted on Facebook without the users' consent. Facebook ended up terminating the Beacon program and created a $9.5 million fund for privacy and security. There was no monetary compensation awarded to Facebook users affected negatively by the Beacon program.
AT&T Mobility LLC v. Concepcion, 563 U.S. 333 (2011), is a legal dispute that was decided by the United States Supreme Court. On April 27, 2011, the Court ruled, by a 5–4 margin, that the Federal Arbitration Act of 1925 preempts state laws that prohibit contracts from disallowing class-wide arbitration, such as the law previously upheld by the California Supreme Court in the case of Discover Bank v. Superior Court. As a result, businesses that include arbitration agreements with class action waivers can require consumers to bring claims only in individual arbitrations, rather than in court as part of a class action.
Harris v. Blockbuster, Inc., 622 F. Supp. 2d 396, established precedent in the district that when a contract has a clause that authorizes one party to make changes to the "contract" without notification, that it is illusory and hence the entire "contract" is void.
Green Tree Financial Corp-Ala. v. Randolph, 531 U.S. 79 (2000), is a decision by the United States Supreme Court. The case dealt with the enforceability of arbitration agreements that did not discuss the cost of the arbitration itself and with the finality of certain arbitration decisions.
Rodriguez de Quijas v. Shearson/American Express Inc., 490 U.S. 477 (1989), is a United States Supreme Court decision concerning the arbitration of securities fraud claims. It was originally brought by a group of Texas investors against their brokerage house. By a 5–4 margin the Court affirmed the Fifth Circuit Court of Appeals and ruled that their claims under the Securities Act of 1933, which regulates trading in the primary market, must be arbitrated as stipulated in their customer agreements.
Disputes between consumers and businesses that are arbitrated are resolved by an independent neutral arbitrator rather than in court. Although parties can agree to arbitrate a particular dispute after it arises or may agree that the award is non-binding, most consumer arbitrations occur pursuant to a pre-dispute arbitration clause where the arbitrator's award is binding.
Nguyen v Barnes & Noble, Inc., 763 F.3d 1171, was a United States Court of Appeals for the Ninth Circuit decision in which the Court ruled that Barnes & Noble's 2011 Terms of Use agreement, presented in a browsewrap manner via hyperlinks alone, was not enforceable since it failed to offer users reasonable notice of the terms. The decision set an important precedent on the future design and presentation of online contracts for consumer-facing e-commerce sites.
Epic Systems Corp. v. Lewis, 584 U.S. ___ (2018), was a case decided by the Supreme Court of the United States on how two federal laws, the National Labor Relations Act (NLRA) and the Federal Arbitration Act (FAA), relate to whether employment contracts can legally bar employees from collective arbitration. The Supreme Court had consolidated three cases, Epic Systems Corp. v Lewis, Ernst & Young LLP v. Morris (16-300), and National Labor Relations Board v. Murphy Oil USA, Inc. (16-307). In a 5–4 decision issued in May 2018, the Court ruled that arbitration agreements requiring individual arbitration and prohibiting class action lawsuits are enforceable under the FAA, regardless of allowances set out within the NLRA.
Am. Express Co. v. Italian Colors Rest., 570 U.S. 228 (2013), is a United States Supreme Court case decided in 2013.
Morrison v. Amway Corp. 49 F. Supp. 2d 529 was a lawsuit concerning the enforcement of a contractual arbitration provision between the defendant Amway Corp. and the plaintiff their distributors.