Ping® February 2022 – Just How Enforceable Are Online Terms?

Just How Enforceable Are Online Terms? What You Need To Know

We have all, at some point while online, clicked on the “I Accept” button without giving it a second thought. Whether creating a social media account, signing up a for an online service, or just trying to get to bank statements, more and more businesses are linking to their standard terms and conditions online for suppliers and customers. But just how enforceable are these? Does it matter where the link is displayed or how it is displayed. Some courts have refuse to enforce online disclosures due to perceived problems with website layout.

Almost every commercial website provides some amount of information and resources. More often than not, today’s websites offer robust features and content such as article commenting/discussion groups and “pay-wall” access to restricted content and features. In addition, many websites offer content, feeds and articles that are licensed from third parties the use of which may be restricted to in-browser page viewing or caching, with further commercial use restricted. For most businesses, since customers will search and purchase through a website (or mobile application), the principal ecommerce risk is the legal relationship between website users and the web site operator. Whether users only browse information or continue to complete a purchase transaction, a contractual relationship can be formed addressing both parties rights, obligations and remedies.

Two Types of Online Contracts

With respect to contract law in relation to the offer and sale of goods or services, online (ecommerce) contracts generally take one of two forms: (1) Click-through or “Click-wrap” agreements, and (2) User Agreements, often referred to as Terms of Use, Terms of Service, or “Browse-wrap” Agreements. As a general proposition, formation of contracts (offer and acceptance) and enforceability of contractual provisions (choice of governing law) are matters determined by reference to state law. However, in the United States, federal courts are often required to determine matters of state law and most states have relatively uniform requirements with respect to the three principal concepts in the determination of contract enforceability: offer, acceptance and consideration.

Click-wrap Agreements

The first type of contract, the so-called “Click-wrap” agreement, is usually the agreement formed when a website user purchases goods or services through an ecommerce shopping cart application (e.g. purchasing airline tickets). In the context of online contracts, a user is presented with the online terms and conditions and must “click-through” as part of the transaction.

“Click-wrap” agreements derive their name from the shrink-wrap agreements that were first incorporated into commercially-distributed software. Users were deemed to have accepted the terms of the agreement by opening the package and installing the software. In ProCD, Inc. v. Zeidenberg, the court held that a user was bound by the terms and conditions of a software license agreement (contract) included in a users’ manual within the packaging, and which was displayed on a computer screen upon installation and use of the software. Such contracts are enforceable unless their terms are objectionable on grounds applicable to contracts in general (for example, if they violate a rule of positive law, or if they are unconscionable).

Browse-wrap Agreements

The second type of contract, commonly-known as “browse-wrap” agreements, apply to contractual agreements between the website user and the website operator that arise even though the user may not engage in pro-active contract acknowledgement. Browse-wrap agreements are generally comprised of terms and conditions posted on a website, typically accessible via a hyperlink appearing on various pages on the website, or at the bottom of the website pages, with no requirement that a website user take any affirmative action to indicate assent to the terms and conditions. 

The existence and enforceability of browse-wrap agreements is crucial to operation of a website because as a user may search information, information related to the other programs or other information available on the website, without actually consummating a purchase transaction. Since a business likely wishes to protect its proprietary information and other content available to users of the website, it is important review the availability and enforceability of browse-wrap contracts.

Two Cases Two Different Outcomes

Maine State Court held in Sarchi v. Uber Technologies (2022 ME 8 – Maine Judicial Branch) that online contracts are enforceable only if the consumer (1) has reasonable notice of the online contract terms, and (2) has manifested consent to those terms. Following First Circuit’s formulation in Cullinane v. Uber Technologies (No. 16-2023 (1st Cir. 2018)), the Court held the contract unenforceable because 1) the consumer was not provided reasonable notice of the terms, 2) the hyperlink to the contract terms was not readily identified as a link through the use of underlining, blue text, or appearance as a button; 3) the hyperlink was inconspicuous given the use of small font; and 4) the hyperlink was unlikely to draw attention because the screen focused on payment information rather than the hyperlink.

Additionally the Court concluded the consumer did not assent to the terms by clicking the “Done” button on the payment screen because the significance of clicking that button to indicate the user’s consent to the terms of agreement was not explained.

Ping® January 2022 – Reminder To Review Your Contracts

Review Your Contracts Every Year.

One of the most important tools to protect your business – your ideas (copyrights, trademarks, trade secrets, confidential and proprietary information), customer relationships and talent pool – is your written contract. Your contract is the foundation for a reliable relationship for you, your customers and your employees. More importantly, it helps to prevent misunderstandings and false expectations that can lead to a breakdown in your customer relationship, jeopardize projects, or even worse, result in litigation.    

Starting with a form is just OK.

Many companies start with a model or “form” contract adapted from forms available online or drafted when the business first started.  Oftentimes, I am presented with form contracts “downloaded from the Internet” or provided by a form-filling service that will do cheap and quick corporations or LLCs, without actually providing any legal services. Although these forms may be a good starting point, your business needs, it deserves, contracts tailored to the specific needs of the enterprise or relationships.

Franken-contracts can ruin your business.

As businesses develop over time, you may have revised your contracts, adding a little here, removing a little there. Maybe you read an article about an important case in your industry and decided to add some text from the contract discussed in the court’s legal opinion. In many cases, over time, the agreements become “Franken-contracts” an odd amalgamation of trade lingo, inconsistent terms and even contradictory conditions. At best these are ambiguous and confusing to read. At worst, they become unenforceable.

Review contract annually to avoid weak spots.

At some point, you should review, revise and generally “tighten” existing contracts. You should have your lawyer review them to make sure that there are no mistakes, ambiguities or omissions that could cost you or your customers. I urge clients to have their contract forms reviewed on an annual basis. Depending on changes in the law, changes in the industry or changes in your own business, this process should only take a few hours.

Contact us for a free, no-obligation consultation.

To learn more about how we can help your with your business and contracts, contact the Lawyers at the Adler Law Group at David @ adler – law . com (without spaces) or (866) 734-2568. Learn more abut us here:

http://www.adler-law.com

COVID-19 is changing consumer behavior in important and probably permanent ways.

COVID-19 is changing consumer behavior in important and probably permanent ways. This is why marketers should take notice.

Sparked by the coronavirus pandemic, consumer and business e-commerce transactions accelerated the ongoing shift toward online commerce. This enables even more marketing opportunities that create real time connections with customers. From pink ribbons to Product Red, social feeds are full of calls to support those in need. In this way, online cause marketing can drive “consumption philanthropy” replacing mindless buying with virtuous action. Tying cause-worthy buying with the latest ecommerce boom creates new opportunities for marketers.

However, before turning your blog, social media accounts, or website into a funnel to raise money for First Responders, it is important to understand that all states have laws that govern charitable solicitations. Running promotions and undertaking solicitations for charities means that unless the business itself is set up as a tax exempt charitable entity, these activities are considered “Commercial co-ventures.” Generally this is a person (or business) who, for profit, is primarily engaged in commerce other than in connection with soliciting for charities and who conducts a charitable sales promotion.

In Illinois, Sec.3. (b) of the Solicitation for Charity Act provides the following persons shall not be required to register with the Attorney General: 3. “Persons requesting any contributions for the … benefit of any individual, specified by name at the time of the solicitation, if the contributions collected are turned over to the named beneficiary, first deducting reasonable expenses for costs of banquets, or social gatherings, if any, provided all fund raising functions are carried on by persons who are unpaid, directly or indirectly, for such services.” Emphasis mine.

Even if you are not raising money for a good cause, consider using disclaimer s to let your audience know product and company names are trademarks of the respective owners and does not imply any affiliation with or endorsement by them.

Does My Business Need A “Button” To Comply With The CCPA’s Do Not Sell Rule?

The California Consumer Privacy Act (“CCPA”) was enacted in early 2018 and went into effect in 2020. Among many concerns about the ability of small businesses to comply with obligations imposed by the CCPA is the requirement that a company allow Californians to access the information held about them, or, in some situations, request that the information that they provided to a company be deleted.  Your clients may be asking you about the CCPA.  While each business should evaluate the law in terms of its own specific situation, here are some general guidelines to start the process.

Does the CCPA Apply to My Business?

If your business satisfies one or more of the following, then the CCPA applies:

(i) annual gross revenue in excess of $25 million?

(ii) buys, receives, sells, or shares the personal information of 50,000 or more consumers, households, or devices, (a) for commercial purposes (assume always true), (b) alone or in combination (assume always true), (c) annually, and

(iii) derives fifty percent (50%) or more of its annual revenues from selling consumers’ personal information.

Even if the business does not collect personal information, as long as is collected on behalf of a business (such as through a third party), the business could be covered by the CCPA, assuming the other requirements are satisfied.

What is the Do Not Sell Rule?

The Do Not Sell rule is a key part of the regulation. It states that businesses must give consumers the option to opt-out of the sale of their personal data.

Specifically, the regulation says that businesses must:

  • Have a page on their website titled “Do Not Sell My Personal Information.” On this page, consumers based in California can opt-out of the sale of their personal data.
  • The business must clearly link to the “Do Not Sell My Personal Information” webpage from the homepage.
  • The website must describe the consumer’s rights to opt-out of the sale of personal data and provide a link to the “Do Not Sell My Personal Information” page in its privacy policy.
  • Once a user requests that a business not sell their personal information, the business must respect this decision for a minimum of 12 months.
  • Finally, websites should have a way to prove that they are respecting these customer requests.

Businesses and website owners need to put processes in place that will help them adhere to the above guidelines.

For more information about the impact of the CCPA on your business, please contact the lawyers at Adler Law Group to schedule a consultation.

Tracking Tech Case Provides Guidance on Customer Opt Outs

From healthcare apps, to mobile devices, to utilities, services are collecting and aggregating customer data across many different types of connected devices. Many mobile apps and services rely on a consumer’s location information. As more mobile apps connect to the Internet to send and receive location data, the FTC, legislators, privacy advocates, and others have identified location information as a particularly sensitive category of data. A recent study conducted by Carnegie Mellon University contained shocking revelations about the frequency with which location information is gathered and transmitted to companies through their mobile apps. At the same time, the recent settlement with in-store retail customer tracking provider Nomi highlights the FTC’s increased scrutiny of data gathering practices and disclosures of mobile application developers.

It is no secret that retailers could derive significant business intelligence from the real-time moments through stores. This is one of the areas around which companies innovate around customers’ private information. For example, Nomi Technologies, a company whose technology allows retailers to track consumers’ movements through their stores, made headlines when it agreed to settle Federal Trade Commission charges that it misled consumers about opting out of their tracking services. This is not why you want to have your company’s innovations in the news.

Business counsel both inside and outside of companies developing applications that leverage mobile geolocation data of consumers and employees should be aware of the many issues that are developing around this area such as: How is geolocation information gathered and how does data flow from device, to app to, third party? How is it shared and used in mobile advertising? When is consent required and how should stakeholders obtain such consent?

 

DATA PRIVACY DAY 

Do You Understand Your Data Privacy Rights?

Data Privacy Day was started in 2007 in response to widespread lack of understanding about how personal data was being protected. Today, 91% of adults “agree” or “strongly agree” that consumers have lost control over how personal information is collected and used by companies, according to a recent Pew Research Center Survey.

Data is one of the natural resources of the 21st century. It should be treated like all other precious resources. Understanding, responsibility, and accountability are key. Ubiquitous Internet connections, unprecedented processing power and speed combined with staggeringly large databases have the ability to help both the private and public sectors. However, there is a growing split between the benefits of data-driven activities and perceptions of decreased privacy rights needs to be addressed. There is a balance that needs to be found between the responsibility of governments and that of businesses in ensuring an adequate level of protection to citizens and consumers, while supporting technological innovation.

The purpose of Data Privacy Day is raise awareness among digital citizens and empower them with understanding how their data is being collected, stored and consumed. Often, that starts with being educated about the privacy policies of online companies and web properties.

The National Cyber Security Alliance (NCSA) officially kicked off today’s Data Privacy Day events with a broadcast from George Washington University Law School featuring Federal Trade Commissioner Maureen Ohlhausen and privacy and security experts from industry and government.

Whether you are a consumer, an application developer, a technology platform provider, consultant, or enterprise that relies on the collection, analysis and commercialization of data (who doesn’t these days) Adler Law Group can help you navigate this emerging area by 1) assessing and prioritizing privacy risks, 2) creating a baseline understanding of data assets, data flows and contractual commitments, 3) developing internal Privacy Polciies and processes, and 4) creating and delivering training programs for executives and employees that increases awareness and mitigate risk.

AEREO LOSES COPYRIGHT CASE

Technology Continues to Test The Bounds of Copyright Law

The Internet is an unprecedented source of disruption. From retail services (e.g. Amazon) to media and entertainment, almost every industry has been forced to rethink its business model due to the accessibility, ubiquity and democratizing force of the Internet. Aereo was positioned to disrupt the traditional media distribution model by giving consumers greater control over what were otherwise “free” over-the-air transmissions.

The Aereo service was premised on the idea that consumers should be able to watch and record over-the-air broadcast television programming via the Internet. Major broadcast networks that owned the content made accessible through Aereo challenged the model on the grounds that Aereo was violating the exclusive “public performance” right guaranteed by the Copyright Act.

Copyright law provides copyright owners six exclusive rights. One of those rights is the exclusive right to publicly perform the copyrighted work. Because this right is a statutory construct, one must look to the statute to determine its meaning. To “perform” and to perform “publicly” means “to transmit or otherwise communicate a performance or display the work to a place … or to the public, by means of any device or process, whether the members of the public capable of receiving the performance or display receive it in the same place or in separate places and at the same time or at different times.”

While many reacted by asking whether the case would stifle innovation and have a chilling effect on start-ups, this case does highlight the increasing tension between technological advances and copyright law.

From a practical standpoint, one need not be alarmed about the impact of the decision on most types of innovation. For one thing, the Court went to some lengths to craft a reasonably narrow decision, which applies only to broadcast TV retransmitted over the Internet.

As with any type of innovation, there are different types of risk. On the one hand, there is technology risk: the risk that whatever technology is necessary for some business plan simply won’t work. On the other hand, there is legal risk, highlighted by the Aereo decision: the risk that the entrepreneur’s interpretation of some act or case law won’t ultimately prevail. That’s what happened to Aereo.

As an IP lawyer, I am somewhat perplexed. It is hard for me to understand why Aereo made such a bold move. However, at least the district court agreed with Aereo’s interpretation.

Identifying Intellectual Property Issues in Start-Ups – Live Webcast!

Do you work with start-up companies and need a basic understanding of the various intellectual property issues that can arise?

I will be co-presenting in this online seminar that will help you:

  • understand the trademark and copyright problems your client may encounter with branding;
  • learn how to protect your client’s branding once established;
  • familiarize your practice with patents, including what they protect, timing, and strategies to prevent inadvertent loss of patent rights before filing the application;
  • understand trade secrets and the importance of non-disclosure and confidentiality agreements;
  • recognize intellectual property issues relating to technology, including open source code and the cloud;
  • establish a proactive approach toward intellectual property ownership between cofounders, employees, and vendors; understand business names, domain names, promotional issues, and website content concerns.

The program qualifies for 1.5 hours MCLE credit.

I would like to personally invite you to attend the upcoming Law Ed program titled, “Identifying Intellectual Property Issues in Start-Ups,” which I will be co-presenting via live webcast on Tuesday, May 27th.

Presented by the ISBA Business Advice and Financial Planning Section

Co-Sponsored by the ISBA Intellectual Property Section

Is Your Company’s Web Site Privacy Policy Compliant With New California Law?

Privacy Law Update: California “Do Not Track” 

Two California laws went into effect at the beginning of the year that  require additional notifications to consumers.  The California Online Privacy Protection Act (“CalOPPA”) requires that web sites, mobile apps and other online services available to California residents (in reality anyone with a web site that may be accessed by a CA resident) post a privacy policy that gives notice to consumers regarding behavioral or interest-based advertising practices (“OBA”).

Disclosures must explain:
1. If a web site operator allows other parties to use tracking technologies in connection with the site or service to collect certain user data over time and across sites and services; and
2. How it responds to browser “do not track” signals or other mechanisms designed to give consumers choice as to the collection of certain of their data over time and across sites and services

In addition, the “California Shine the Light Act” requires that companies (except non-profits and businesses with less than 20 employees) collecting broadly defined personal information from California consumers on or offline either: (a) give consumers a choice as to the sharing of that information with third parties (including affiliates) for direct marketing purposes; or (b) provide notice of, and maintain, a method by which consumers can annually obtain information on the categories of information disclosed the names and addresses of the recipients of that data, and a description of the recipients’ business.

If an e-commerce service offers tangible goods or services, or vouchers for them, to California consumers, it must give certain notices to consumers, including how they can file a complaint with the CA Department of Consumer Affairs.

Are you  concerned about how to disclose how your service responds to “Do Not Track” signals or similar tools and settings, and whether third parties are permitted to collect personally identifiable information about consumer online activities over time and across different websites when a consumer uses that online service? We may be able to help. We can review your policies, your information gathering and sharing practices, and advise on whether there is room for improvement.

Please contact us for a no-fee consultation.

Proposed Amedments To Computer Fraud & Abuse Act

Enacted by Congress in 1986, the Computer Fraud and Abuse Act (CFAA) builds upon existing computer fraud law (18 U.S.C. § 1030). Initially, the CFAA was intended to limit federal jurisdiction to cases “with a compelling federal interest-i.e., where computers of the federal government or certain financial institutions are involved or where the crime itself is interstate in nature.” Notably, the CFAA criminalized certain computer-related acts such as distribution of malicious software code, propagating denial of service attacks as well as trafficking in passwords and similar items. Recently, the CFAA has gained prominence as a bludgeon used to prosecute a wide-range of activities, some broadly labelled “hacking” and other stretching the boundaries of “unauthorized” computer access.

Two recently introduced bills, one by Representative Zoe Lofgren (D-CA) in the House and one by Senator Ron Wyden (D-OR) in the Senate aim to amend the CFAA in hopes of ameliorating application of the CFAA to claims of breach of terms of service, employment agreements. Additionally, with the nickname “Aaron’s Law,” they also seek to limit what some see as the CFAA’s tendency to allow for overzealous prosecution that they claim characterized Aaron Swartz’s case.

In short the bills would amend the meaning of “exceeds authorized access,” changing it to “access without authorization,” which is defined to mean:

“to obtain information on a protected computer”;
“that the accesser lacks authorization to obtain”; and
“by knowingly circumventing one or more technological or physical measures that are designed to exclude or prevent unauthorized individuals from obtaining that information.”

For a well-documented discussion of the application and boundaries of the CFAA, check out the Electronic Frontier Foundations Legal Treatise on civil and criminal cases involving the Computer Fraud and Abuse Act here.

As businesses become ever more dependent on digital assets and systems, a working knowledge of the legal and regulatory framework that defines and protects those assets is paramount.

If you or your executive teams has questions about securing and protecting digital assets, please feel free to contact David M. Adler for a free consultation. LSGA advises a wide range of businesses on creating, protecting and leveraging digital assets as well as computer, data and information security and privacy.

Please tweet, comment on, and forward is article!

David M. Adler | Adler Law Group
300 Saunders Road, Suite 100
Riverwoods, Illinois 60015
Toll free Phone: (866) 734-2568
http://www.ecommerceattorney.com

*2015 Illinois Super Lawyer http://bit.ly/gFfpAt

Twitter: http://twitter.com/#!/adlerlaw
LinkedIn: http://linkedin.com/in/adlerlaw