December 16, 2012
Minors’ Suit Over Facebook Credits Survives in Part – I.B. v. Facebook
[Post by Venkat Balasubramani with comments by Eric]
I.B. v. Facebook, C 12 1894 CW (N.D. Cal. Oct. 25, 2012)
Eric posted before about a Facebook sponsored stories lawsuit that was brought on behalf of minors. There, Facebook was confronted with an important issue: are transactions with minors on the same footing as transactions involving adults? ("Facebook's 'Browsewrap' Enforced Against Kids--EKD v. Facebook." That lawsuit is proceeding in the Northern District, and Facebook won a preliminary victory on the enforceability of the venue clause in its terms of service.) This lawsuit over Facebook credits is in the same vein. Although Facebook gets some of the claims dismissed, some survive, and this could turn out to be a painful issue to resolve for Facebook.
This lawsuit involves minors who created accounts on their own behalf (and where the account information reflects minor status). One of the minors asked his mother for permission to buy $20 of Facebook credits for use in "Ninja Saga." After buying these credits, he went on to make other “in-game purchases” and rang up a bill for several hundred dollars.
The other minor took his parents’ debit card without permission and made 20 or so charges that exceeded $1,000. Parents of both kids tried to get refunds and were not successful. They brought putative class claims.
Disaffirmance: The big question was whether the minors’ contract to purchase the Facebook credits were void or voidable.
California Family Code Section 6701 describes classes of agreements with minors that are void: contracts involving (1) a “delegation of power”; (2) real property; or (3) personal property not in the possession or control of the minor. The court agrees with Facebook that the credits transaction did not involve a delegation of power. However, the court disagrees with Facebook as to whether the agreements relate to personal property not in the immediate possession or control of the minor. The court says that the funds used to pay for the credits were not in the possession or control of the minor, and therefore the transaction could come within this prong.
The court also says that the minors may potentially disaffirm the contracts (i.e., they are voidable). Facebook argued that the minors could not disaffirm because they received the benefits, but the court says that if the minors want to disaffirm the entire contracts they can do so (distinguishing E.K.D. v. Facebook, where the court said that minors could not selectively disaffirm certain provisions or continue to accept the benefits but disclaim the burdens). The court also disagrees with Facebook that the minors can’t disaffirm and recover consideration paid by third parties (i.e., their parents). The situations where minors were not entitled to recover amounts paid by their parents all involved situations where the parents made separate guarantees or otherwise agreed to pay the amounts in question.
EFTA: Plaintiffs argued that the transactions violated the Electronic Funds Transfer Act. The court says that plaintiffs do not identify which specific provision of the statute Facebook violated that is applicable to non-financial institutions. The court dismisses with leave to amend this claim.
Consumer Legal Remedies Act: The parties disagreed as to whether the transactions were subject to the CLRA, which applies to sales or leases of “goods or services.” The court (citing to Ferrington v. McAfee) agrees with Facebook that credits were not goods or services and therefore not subject to the CLRA.
Unfair Competition Claims: Plaintiffs argued that the transactions were an unlawful or unfair business practices, relying on violations of the CLRA, EFTA, and the “Money Transaction Act.” The Money Transactions Act does not apply to “closed loop” cards that are only redeemable for goods or services provided by the issuer or its affiliate (e.g., a Starbucks card). The court agrees with Facebook and says that Facebook credits are excluded from the MTA since they can only be used to buy stuff provided by the issuer or its affiliate. With respect to unfair competition based on the CLRA and EFTA claims, the court dismisses but grants leave as to unfair competition based on EFTA violations. The court also allows the unfair competition claim to go forward to the extent it’s based on plaintiffs’ claim that Facebook made statements that all transactions were final, notwithstanding the minors’ right to disaffirm. Finally, the court says that the UCL claims based on the “fraudulent” prong of the statute are not pled with sufficient specificity. Plaintiffs have to go back and plead the what, where, how, and when of the allegedly fraudulent conduct.
Yikes. Facebook gets the court to cut down portions of this lawsuit, but this could turn out to be a problem! It’s one that Facebook should have anticipated, at least as to minors whose profiles indicated minor status, so it’s hard to have much sympathy.
The court reaches a roughly similar result to the one reached in the Apple in-app purchase case: “Parents' Lawsuit Against Apple for In-App Purchases by Minor Children Moves Forward -- In re Apple In-App Purchase Litigation.” It’s interesting how the court sidesteps the issue of whether the minor should be able to disaffirm notwithstanding the fact that the minor has already been conferred (or has consumed) the benefit at issue. (See E.K.D. v. Facebook and the A.V. v. iParadigms posts for discussion of this issue.) It's also interesting that the court does not discuss the possibility of the parents being forced to pursue their rights under Reg Z or under the banking institution's rules (under which they may be limited in the amount of their liability for unauthorized charges). I would think there's some sort of offset possibility here.
Perhaps a possible solution from the merchant’s standpoint is to shift everything to the password level, and require the password to be entered each time a purchase is made? A merchant who does this may be able to take advantage of provisions in its terms that require users to bear all risk of loss from any misuse of passwords. An alternative would be to include a disclaimer directed to parents when dealing with purchases through the accounts or minors (i.e., "once you let someone else make a purchase, they may continue to ring up charges")? I don’t know if either of these would offer any certainty to the merchant, since they underlying contractual relationship is between the minor and Facebook; the parent is arguably a stranger to this transaction.
Maybe Facebook is too big to care, or these types of transactions are fairly small in its overall bucket of revenues, but I'm constantly surprised at how brazenly Facebook pushes the envelope on grey area legal issues.
Related: see this recently filed complaint against Google for allegedly intercepting the gmail communications of minors (A.K. v. Google). I'm a bit more skeptical about this lawsuit, but thought it was worth flagging.
"Facebook's "Browsewrap" Enforced Against Kids--EKD v. Facebook."
“Parents' Lawsuit Against Apple for In-App Purchases by Minor Children Moves Forward -- In re Apple In-App Purchase Litigation.”
"Clickthrough Agreement Binding Against Minors--A.V. v. iParadigms"
"Court Declines to Dismiss or Transfer Lawsuit Over @OMGFacts Twitter Account -- Deck v. Spartz, Inc."
Eric's Comments. This case implicates one of the most enduring problems of cyberlaw: how can websites form legally binding obligations with kids when the websites aren't sure who's a kid and who isn't. In theory, every website's user agreement is vulnerable to collateral attack by the cohort of kids who have "agreed" to it but can treat the contract as voidable. The logical implications of this problem lead us to dark places: either websites are always vulnerable to class action lawsuits "on behalf of the kids" (I put it in quotes because class action lawyers are the real beneficiaries of the lawsuits, not the kids), or websites will have to impose meaningful age verification, with the resulting costs and privacy issues.
Amazingly, we've largely avoided these legal issues for the past two decades. We've seen only a few lawsuits on behalf of the kids, and through various doctrinal machinations, cases like Turnitin and EKD have found ways to avoid ripping open a big hole in cyberlaw.
In contrast, this opinion provides plaintiff lawyers with a number of possible ways to attack websites on behalf of the kids. It remains to be seen if that will happen, because this ruling depends in part on the specific mechanics of Facebook credits. Still, there's a small possibility we'll look back 5 years from now and view this case as a key turning point that structurally changed the web as we know it today--probably not for the better.