Pinterest “Buyable Pins” And Ecommerce Liability

Agreement SM

Last week, Pinterest announced the release of “Buyable Pins” – streamlining the online purchasing process that enables Pinterest users to buy pinned items from several stores without having to leave the Pinterest site or app.  For consumers, Buyable Pins make it easier to move from a Pin to purchase. For businesses, this opens a door to a large new audience who loves to shop.

Here’s everything you need to know about selling on Pinterest and potential areas of Ecommerce liability.

Online Contracts Reduce Merchant Risk. Sometimes.

A substantial number of court opinions in recent years have looked at the validity of various provisions contained in online contracts. The starting point for most analyses is the point of contract formation, because terms of online contracts are enforceable only if the contract was validly formed. Courts have scrutinized ecommerce contracts, primarily in four areas: (a) Terms of Sale; (b) Returns/Exchanges; (c) Governing Law & Venue; and (d) Arbitration. Quite often, courts have refused to enforce such terms, due to deficiencies in the formation of online contracts.

As a general proposition, formation of contracts (offer and acceptance) and enforceability of contractual provisions (choice of governing law) are matters determined by reference to state law. However, in the United States, federal courts are often required to determine matters of state law and most states have relatively uniform requirements with respect to the three principal concepts in the determination of contract enforceability: offer, acceptance and consideration.

With respect to contract law in relation to online commerce (ecommerce), contracts generally take one of two forms: (1) “click-through” or “click-wrap” agreements, and (2) “browse-wrap” agreements, often referred to as Terms of Use or Terms of Service. It is worth noting that a recent Eastern District of New York court decision classified online contracts in four categories (a) browsewrap[sic]; (b) clickwrap[sic]; (c) scrollwrap[sic]; and (d) sign-in-wrap. Berkson v. Gogo, LLC, Case No. 14-CV-1199 (USDC E.D.N.Y. April 9, 2015). Functionally, the last three tend to look substantially similar (e.g. there is some action required to consent to the agreement, see discussion of “consent,” below) and will be treated as such for purposes of this article.

This is particularly important for merchants using “Buyable Pins” on Pinterest. Unless the online terms of the agreement between the merchant and the customer are validly binding and enforceable, many of the protections offered to the merchant in the online contract will not be available.

As noted above, courts have frequently refused to enforce provisions around a merchant’s ability to modify some terms post-sale (Terms of Sale), the availability of and methods for returns and exchanges, how and where lawsuits may be filed (Governing Law & Venue), and requirements to submit disputes to arbitration. This presents particular issues for Buyable Pins. Merchants need to think carefully about how a user is presented with the opportunity to accept or reject an online contract, and how the user “manifests consent to the agreement.”

The so-called “click-wrap” agreement is usually the agreement formed when a user purchases goods or services through an ecommerce shopping cart application. A user is presented with the online terms and conditions and must “click-through” as part of the transaction.

Consenting to Online Terms.

“Click-wrap” agreements derive their name from the shrink-wrap agreements that were first incorporated into commercially-distributed software. Users were deemed to have accepted the terms of the agreement by opening the package and installing the software. In ProCD, Inc. v. Zeidenberg, 86 F.3d 1447, 1450 (7th Cir.1996), the court held that a user was bound by the terms and conditions of a software license agreement (contract) included in a users’ manual within the packaging, and which was displayed on a computer screen upon installation and use of the software. Such contracts are enforceable unless their terms are objectionable on grounds applicable to contracts in general (for example, if they violate a rule of positive law, or if they are unconscionable).

Consenting to Arbitration, Choice of Law and Venue.

Another concern is the scope of the terms and conditions applicable to the contracts, and whether additional terms may be incorporated by reference or presented after the transaction has been processed. Courts have been severely reluctant to enforce additional contract terms that would affect a user’s rights, such as the user’s ability to enforce the contract, including arbitration provisions, choice of law, and choice of venue provisions in online contracts, especially where such terms were communicated after-the-fact. This issue was addressed by a federal court in Schnabel v. Trilegiant. 697 F. 3d 110 (2nd Cir.2012)

Consenting to Changes in Price.

A very recent case involving Safeway grocery stores challenged a merchant’s practice of charging slightly different (and higher) prices for items ordered online than those purchased in-store. The in-store prices varied day-to-day. Typically, after a customer placed an online order, the items were actually selected from a physical store and delivered to the customer. At issue was the enforceability of Safeway’s “amend-at-will-without-notice” clause contained in the online terms.

Finding the clause unenforceable, the court reasoned “beyond the impracticality of expecting consumers to spend time inspecting a contract they have no reason to believe has been changed, the imposition of such an onerous requirement on consumers would be particularly lopsided, as Safeway is aware that it has — or has not — made changes to the Terms and is the party to the contract that wishes for the new terms to govern.” Rodman v. Safeway Inc., 2014 WL 6984703 (N.D. Cal. Dec. 10, 2014)

Best Practices For Merchants.

“Buyable Pins” highlight the legal risks inherent in ecommerce contracts. Seamlessly moving form Pin to purchase will no doubt increase sales and customers and reduce abandoned virtual shopping carts. However, merchants need to be mindful that the risk of losing a lawsuit because of an unenforceable contract is greater than the risk of losing a sale because a customer had to objectively consent to that contract.

Here are six “best practices” to ensure that the online contract formation process is bullet-proof: 1) use a multi-step account activation (or transaction confirmation) process where the user is shown the contract (can be in a separate “pop-out” window); 2) use a notice appearing in bold print stating, “Carefully read the following terms and conditions. If you agree with these terms, indicate your assent below;” 3) present the terms and conditions in a new window, with a scroll bar that allows the user to scroll down and read the entire contract (the Berkson “scrollwrap” agreement; 4) link to a printer-friendly version to read the contract printed on paper or view it on a full-screen; 5) display a box and the words, “Yes, I agree to the above terms and conditions” viewable without scrolling; and 6) have a functional requirement that the user click the box in order to proceed to the next step.

While I cannot guarantee that using these techniques will ensure that your online contracts will be fully-enforceable 100% of the time, it will make it exceptionally hard for a potential plaintiff to argue that there was no enforceable contract.

When it comes to addressing emerging ecommerce legal risks, it is often difficult to determine whether you should slow down, change course, signal for help, or simply muddle through. Often, companies need to quickly identify potential issues, assess the risk, and implement controls to steer clear of unneeded exposure. The professionals at the Adler Law Group can help you review, enhance and adopt standardized contracts and implement methodologies for approaching these challenges by setting objectives, determining scope, allocating resources, and developing agreements that will efficiently and effective manage risks, while keeping pace with the business.

Focus | Vision | Perspective | Passion

Executives face a confusing and dynamic set of challenges ensuring their business remains legally compliant. Yet few can afford the highly-qualified and versatile legal staff needed to deal with today’s complex legal & regulatory environment. Adler Law Group was created to provide clients with a competitive advantage by enabling them to leverage their intangible assets and creative content in a way that drives innovation and increases the overall value of the business.

For a FREE, no-obligation 1 hour consultation to learn the best ways to identify, protect and leverage your ideas, please call: (866) 734-2568, click: http://www.adler-law.com, or write: David @ adler-law.com.

Adler Law Group – Providing innovative legal counsel that elevates aspirations to achievements.™

Three Things I Learned About Personal Cybersecurity At RSAConference That You Should Be Doing Right Now

Image representing CloudFlare as depicted in C...

Image via CrunchBase

I just returned from RSAConference 2013 where I had the privilege and honor of giving a presentation of the legal risks caused by social media in the workplace. As a speaker-attendee, I had the priceless benefit of access to all the other speakers and programs held during the conference.

One such program I attended was “We Were Hacked: Here’s What You Should Know”. The speakers, Matthew Prince (@eastdakota) CEO of CloudFlare, and Mat Honan (@mat) writer for Wired Magazine, shared their common experience as targets of high profile hacks. Hearing the details from them first hand, including information from interviews with the hackers themselves, I learned how easy it is to be the victim of hacking and how it’s the little things that create exploitable seams in our information security barriers.

Rather than rewrite their stories, I thought I would share three simple lessons I learned that I’ve already implemented and you should too. Besides, Matt does a better job telling his own story which can be found here.

Here are the three things I learned about how you can protect yourself and others in your organization.

First, security attacks go after the “low hanging fruit” and that often means figuring out a way to exploit your personal email address. With so many web-based services and so much login information to remember, many of us use our personal email as our username for everything from the web sites on which we comment, to our online photo gallery, to our online banking service. Unfortunately, this is probably the address we use for password recovery if we forget. Given that our digital lives are easily mapped, hackers already have one piece of the two-piece login puzzle: they know your user name.

TIP NO. 1: Use a private, obscure email address for your more sensitive information.

Second, once a hacker has accessed your accounts, your computer and your files, the fun has just begun for them. As Matt Honan described, these often adolescent script kiddies simply don’t understand the value of your stored memories and other information. In his case, all the photos of his children were permanently deleted. Regardless of a hacker attack, stuff happens and you don’t want to lose everything because you we’re too lazy to back up.

TIP NO. 2: Back Up your digital life, early and often.

Third, today’s’ Internet is an interdependent ecosystem. Just because you or your organization takes security seriously, doesn’t mean that other do as well. Your internal systems are not enough. Like it or not, the seams of your security perimeter are intertwined and permeated by the services and systems of customers and vendors. For most consumers, the there is a Hobbesian choice of Security v. Convenience. Multiple login usernames and super long passwords are difficult to remember and tedious to use. As a result, most people choose the least secure means of authentication on the assumption that using astringent password is enough. Unfortunately, some people don’t even bothers with that. A recent ZoneAlarm study found that “password” was the fourth most commonly used password by consumers.

Google, Facebook and others have started using two-factor authentication. Two-factor authentication requires that one enter a code after entering the username/password combo. The code is sent via, text message, voice call or email. This greatly reduces the chances of unauthorized access because hackers would need to have your phone, in addition to your username/password combo.

TIP NO. 3: Whenever possible enable two-factor authentication.

Please understand that there is no “magic bullet” when it comes to Cybersecurity. Taking these precautions does not guarantee that you won’t be attached or that your account information won’t be accessed. However, these are important and easy steps that you can take to improve your personal data security.

Please comment and follow!

 

Adlerlaw’s International Cyber Security Legal News

Experts: State Needs Long-Term Cyber Security Plan
WLTX.com

By TIM SMITH — The Greenville News. A month after state officials learned of a massive data breach at the Department of Revenue, officials are still discussing what security measures to take to protect all of the state’s computer systems.

How Obama’s reelection may spur work on cybersecurity in the United States
The Next Web (blog)

Now that the President’s electoral and popular vote victories are in the books, their various ramifications are still being felt. One key element of the addition of four more years to the President’s legacy is the issue of cybersecurity.

Israel’s HLS 2012 Event Highlights Cyber Security Innovations
Defense Update

The Cyber Security panel taking place in Tel-Aviv this week at the HLS 2012 event is attracting considerable interest on the backdrop of the recent revelations of massive Iranian cyber attacks crippling the networks of Aramco Oil Company in Saudi Arabia.

Cyber security facility launched
Alpena News
YPSILANTI, Mich. (AP) — Michigan Gov. Rick Snyder has announced the opening of a facility designed to help electronic security professionals detect and prevent cyber threats and attacks.

Evolving Cyber Crooks Waiting For That Click
The Borneo Post
On the final day of the three-day Cyber Security Awareness campaign, Mohd Izuddin bin Hj Md Hussin, Learning Solution Specialist from Tech One Global, who delivered a public talk on ‘Protect your Computer, Your Family and Yourself’ at Times Square.

Is Obama’s Cybersecurity Executive Order Imminent?
Of course, there remains the chance that Congress will pass some version of a cybersecurity bill before the president can issue his edict.

World Information, Data & Cyber Security News & Legal Roundup

German cybersecurity agency prods users to ditch IE

Computerworld – Germany’s cybersecurity agency on Monday urged users to drop Internet Explorer (IE) and switch to a rival, like Chrome or Firefox, until Microsoft patches a new critical bug in its browser.

Democratic senators call for ‘cybersecurity’ executive order
CNET

Senators call for ‘cybersecurity’ executive order. This summer’s partisan sparring that derailed a federal cybersecurity law has resumed, with Democrats proposing an executive order and Republicans saying it would levy “more mandates.”

Cybersecurity scholarships to be offered
UPI.com

“The nation is in dire need of people who are capable of handling the cybersecurity challenges we face,” professor of computing and information sciences Xinming “Simon” Ou said. “We are lagging behind in the number of experts we have versus the threats.

Cybersecurity: Kay Bailey Hutchison condemns Obama’s ‘heavy handed …
Houston Chronicle (blog)

Amid escalating partisan rhetoric over the bipartisan goal of protecting U.S. computer systems from terrorist attacks, Texas Kay Bailey Hutchison criticized President Obama for a “heavy handed, regulatory regime” that would be created.

National Cyber Security Alliance Announces Theme for Data Privacy Day
The Herald | HeraldOnline.com

18, 2012 /PRNewswire-USNewswire/ — The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online and official coordinator of Data Privacy Day (DPD), today …

When it comes to cybersecurity law, where do we draw the line?
ZDNet

Over the past few years, the Obama administration and Congress have taken a variety of legislative runs at creating comprehensive cybersecurity law. See Also: How cybersecurity is like Star Trek’s transporter.

Cyber security biggest challenge for universal credit, says David Freud
ComputerWeekly.com

Cyber security is the biggest challenge for the government’s universal credit roll-out, welfare reform minister David Freud has told a select committee. Speaking to a select committee, pensions minister Ian Duncan Smith said government had consulted …

NetLib teams with CIS to fight cyber security
Mass High Tech

Neil Weicher wants to win the battle in cyber security. NetLib, a Stamford, Conn.-based provider of encryption software founded by Weicher, has partnered with the Center for Internet Security, a non-profit focused on cyber security readiness.

UK spy agency tests Britons’ cyber skills
Reuters

The Government Communications Headquarters (GCHQ) said those aged 16 or over and not already working in cyber security could apply to test their ability to guard a computer network but only 150 contestants at most would be eventually allowed.

Former FBI Cybersecurity Official Steven Chabinsky Thinks FBI is Doing Great …
ticklethewire.com

The FBI’s former top attorney for cybersecurity, Steven Chabinsky, who stepped down this month, thinks the FBI is doing a great job battling the problem, but told the Washington Post that the “federal government” has taken a “failed approach”.