How Zappos’ User Agreement Failed In Court and Left Zappos Legally Naked (Forbes Cross-Post)
By Eric Goldman
In re Zappos.com Inc., Customer Data Security Breach Litigation, 2012 WL 4466660 (D. Nev. Sept. 27, 2012).
In January, Zappos (part of $AMZN) announced a massive data security breach affecting 24 million consumers. As typically happens in these situations, plaintiffs’ class action lawyers swarmed over Zappos for the breach, filing dozens of lawsuits. Zappos tried to send the lawsuits to arbitration based on an arbitration clause in its user agreement. Recently, a federal court struck down Zappos.com’s user agreement, denying Zappos’ arbitration request. This is an unfortunate ruling for Zappos, because its contract–now dead–would have been quite helpful in combating this high-profile and potentially very expensive data security breach lawsuit. More importantly, the mistakes Zappos made in its user agreement–though common throughout the Internet–are completely and easily avoidable. This post will make some suggestions for how to avoid Zappos’ fate.
Courts generally divide user agreements into one of three groups: “clickwraps,” “browsewraps” and “clearly not a contract.” I don’t use the term clickwrap; instead I prefer the term “clickthrough agreement.” A clickthrough agreement is presented to users in such a way that they must take some action–usually, clicking on a button–that unambiguously signifies that they are assenting to the contract. When properly implemented, clickthrough agreements are extremely effective in courts.
In contrast, “browsewraps” are user agreements that purport to bind users simply because users browse the website. I don’t use the term browsewrap; instead, I prefer to call those documents “not a contract.” Although there are some aberrational cases to the contrary, for the most part courts do not treat browsewraps as a contract, and anyone relying on a so-called browsewrap does so at their extreme peril.
The court does not have kind words for Zappos’ implementation:
Later, the court reinforces how unimpressed it is with Zappos’ browsewrap argument:
Zappos Reserved the Right to Amend the Contract Whenever It Wanted
The court takes this amendment power to its logical conclusion. If Zappos can change the terms at any time, then it can change the arbitration clause at any time. Thus, citing to a long list of cases, the court says that such unilateral power to change the arbitration clause makes the clause “illusory”–and thus unenforceable.
Zappos can hardly be surprised by this adverse judicial ruling. We have known for years that browsewraps are unenforceable (see some of the cases discussed here) and judges clearly dislike unilateral amendment clauses (see, e.g., the uncited Ninth Circuit’s Douglas ruling from 2007 and the cited 2009 ruling in the Blockbuster/Facebook Beacon case).
Still, the ruling leaves Zappos in a bad position. Its contract is legally irrelevant, meaning that all of the risk management provisions in its contract are ineffective–its disclaimer of warranties, its waiver of consequential damages, its reduced statute of limitations, its clause restricting class actions in arbitration…all of these are gone, leaving Zappos governed by the default legal rules, which aren’t nearly as favorable to it. Losing its contract provisions meant Zappos is legally naked.
Avoiding this outcome is surprisingly easy. Use clickthrough agreements, not browsewraps, and remove any clauses that say you can unilaterally amend the contract.
Even if you aren’t an e-commerce site, it’s still easy to form a clickthrough agreement if you have an account registration process. Right before users complete the registration, present the terms as “By [creating an account], you agree to the user agreement” with a link to the document.
Thus, the only websites that can’t easily implement a clickthrough agreement are sites that have no checkout or registration processes. Websites in that category should carefully consider why they need a user agreement at all.
No Unilateral Amendment Clauses. If you are changing the user agreement only for new users who enter into the contract after the change, you don’t need to tell them that you’ve amended the terms. They are automatically bound to your then-current terms when they click through. If you form a contract with your users each time you interact with them (such as with an e-commerce site), you aren’t “amending” your contract; you’re just changing the terms for subsequent transactions.
In contrast, if you are providing ongoing services to users and you want to change the deal with them, then you need to amend the existing agreement. Unfortunately, there is no reliable legal way to do so other than to require users to click through the new terms–an imperfect solution because many existing users never come back to the site, and other users will balk at the request. And worse, any failed amendment creates a variety of legal vulnerabilities, so you need an airtight amendment implementation.
Thus, to develop a legally effective contract amendment process, you should brainstorm with your attorney about creative solutions that provide flexibility without breaking the law or undermining your contract. Or, just accept that you can never materially change the contract terms for users who have signed up under a different deal. You might be surprised how little that limits you in practice.
Either way, Zappos’ loss provides a good warning what not to do: don’t just clone-and-revise the amendment provisions you’ve seen on other sites. THAT DOESN’T WORK in court, and you’ll be in for an unpleasant surprise if you learn that the hard way.
Disclaimer: this post is just a general discussion about legal topics. It doesn’t provide legal advice. Consult your own attorney before making any decisions.