Pinterest “Buyable Pins” And Ecommerce Liability

Agreement SM

Last week, Pinterest announced the release of “Buyable Pins” – streamlining the online purchasing process that enables Pinterest users to buy pinned items from several stores without having to leave the Pinterest site or app.  For consumers, Buyable Pins make it easier to move from a Pin to purchase. For businesses, this opens a door to a large new audience who loves to shop.

Here’s everything you need to know about selling on Pinterest and potential areas of Ecommerce liability.

Online Contracts Reduce Merchant Risk. Sometimes.

A substantial number of court opinions in recent years have looked at the validity of various provisions contained in online contracts. The starting point for most analyses is the point of contract formation, because terms of online contracts are enforceable only if the contract was validly formed. Courts have scrutinized ecommerce contracts, primarily in four areas: (a) Terms of Sale; (b) Returns/Exchanges; (c) Governing Law & Venue; and (d) Arbitration. Quite often, courts have refused to enforce such terms, due to deficiencies in the formation of online contracts.

As a general proposition, formation of contracts (offer and acceptance) and enforceability of contractual provisions (choice of governing law) are matters determined by reference to state law. However, in the United States, federal courts are often required to determine matters of state law and most states have relatively uniform requirements with respect to the three principal concepts in the determination of contract enforceability: offer, acceptance and consideration.

With respect to contract law in relation to online commerce (ecommerce), contracts generally take one of two forms: (1) “click-through” or “click-wrap” agreements, and (2) “browse-wrap” agreements, often referred to as Terms of Use or Terms of Service. It is worth noting that a recent Eastern District of New York court decision classified online contracts in four categories (a) browsewrap[sic]; (b) clickwrap[sic]; (c) scrollwrap[sic]; and (d) sign-in-wrap. Berkson v. Gogo, LLC, Case No. 14-CV-1199 (USDC E.D.N.Y. April 9, 2015). Functionally, the last three tend to look substantially similar (e.g. there is some action required to consent to the agreement, see discussion of “consent,” below) and will be treated as such for purposes of this article.

This is particularly important for merchants using “Buyable Pins” on Pinterest. Unless the online terms of the agreement between the merchant and the customer are validly binding and enforceable, many of the protections offered to the merchant in the online contract will not be available.

As noted above, courts have frequently refused to enforce provisions around a merchant’s ability to modify some terms post-sale (Terms of Sale), the availability of and methods for returns and exchanges, how and where lawsuits may be filed (Governing Law & Venue), and requirements to submit disputes to arbitration. This presents particular issues for Buyable Pins. Merchants need to think carefully about how a user is presented with the opportunity to accept or reject an online contract, and how the user “manifests consent to the agreement.”

The so-called “click-wrap” agreement is usually the agreement formed when a user purchases goods or services through an ecommerce shopping cart application. A user is presented with the online terms and conditions and must “click-through” as part of the transaction.

Consenting to Online Terms.

“Click-wrap” agreements derive their name from the shrink-wrap agreements that were first incorporated into commercially-distributed software. Users were deemed to have accepted the terms of the agreement by opening the package and installing the software. In ProCD, Inc. v. Zeidenberg, 86 F.3d 1447, 1450 (7th Cir.1996), the court held that a user was bound by the terms and conditions of a software license agreement (contract) included in a users’ manual within the packaging, and which was displayed on a computer screen upon installation and use of the software. Such contracts are enforceable unless their terms are objectionable on grounds applicable to contracts in general (for example, if they violate a rule of positive law, or if they are unconscionable).

Consenting to Arbitration, Choice of Law and Venue.

Another concern is the scope of the terms and conditions applicable to the contracts, and whether additional terms may be incorporated by reference or presented after the transaction has been processed. Courts have been severely reluctant to enforce additional contract terms that would affect a user’s rights, such as the user’s ability to enforce the contract, including arbitration provisions, choice of law, and choice of venue provisions in online contracts, especially where such terms were communicated after-the-fact. This issue was addressed by a federal court in Schnabel v. Trilegiant. 697 F. 3d 110 (2nd Cir.2012)

Consenting to Changes in Price.

A very recent case involving Safeway grocery stores challenged a merchant’s practice of charging slightly different (and higher) prices for items ordered online than those purchased in-store. The in-store prices varied day-to-day. Typically, after a customer placed an online order, the items were actually selected from a physical store and delivered to the customer. At issue was the enforceability of Safeway’s “amend-at-will-without-notice” clause contained in the online terms.

Finding the clause unenforceable, the court reasoned “beyond the impracticality of expecting consumers to spend time inspecting a contract they have no reason to believe has been changed, the imposition of such an onerous requirement on consumers would be particularly lopsided, as Safeway is aware that it has — or has not — made changes to the Terms and is the party to the contract that wishes for the new terms to govern.” Rodman v. Safeway Inc., 2014 WL 6984703 (N.D. Cal. Dec. 10, 2014)

Best Practices For Merchants.

“Buyable Pins” highlight the legal risks inherent in ecommerce contracts. Seamlessly moving form Pin to purchase will no doubt increase sales and customers and reduce abandoned virtual shopping carts. However, merchants need to be mindful that the risk of losing a lawsuit because of an unenforceable contract is greater than the risk of losing a sale because a customer had to objectively consent to that contract.

Here are six “best practices” to ensure that the online contract formation process is bullet-proof: 1) use a multi-step account activation (or transaction confirmation) process where the user is shown the contract (can be in a separate “pop-out” window); 2) use a notice appearing in bold print stating, “Carefully read the following terms and conditions. If you agree with these terms, indicate your assent below;” 3) present the terms and conditions in a new window, with a scroll bar that allows the user to scroll down and read the entire contract (the Berkson “scrollwrap” agreement; 4) link to a printer-friendly version to read the contract printed on paper or view it on a full-screen; 5) display a box and the words, “Yes, I agree to the above terms and conditions” viewable without scrolling; and 6) have a functional requirement that the user click the box in order to proceed to the next step.

While I cannot guarantee that using these techniques will ensure that your online contracts will be fully-enforceable 100% of the time, it will make it exceptionally hard for a potential plaintiff to argue that there was no enforceable contract.

When it comes to addressing emerging ecommerce legal risks, it is often difficult to determine whether you should slow down, change course, signal for help, or simply muddle through. Often, companies need to quickly identify potential issues, assess the risk, and implement controls to steer clear of unneeded exposure. The professionals at the Adler Law Group can help you review, enhance and adopt standardized contracts and implement methodologies for approaching these challenges by setting objectives, determining scope, allocating resources, and developing agreements that will efficiently and effective manage risks, while keeping pace with the business.

Focus | Vision | Perspective | Passion

Executives face a confusing and dynamic set of challenges ensuring their business remains legally compliant. Yet few can afford the highly-qualified and versatile legal staff needed to deal with today’s complex legal & regulatory environment. Adler Law Group was created to provide clients with a competitive advantage by enabling them to leverage their intangible assets and creative content in a way that drives innovation and increases the overall value of the business.

For a FREE, no-obligation 1 hour consultation to learn the best ways to identify, protect and leverage your ideas, please call: (866) 734-2568, click: http://www.adler-law.com, or write: David @ adler-law.com.

Adler Law Group – Providing innovative legal counsel that elevates aspirations to achievements.™

#Mobile #Privacy Continues to Challenge Marketers, Developers & Lawmakers

The rapid growth and expansion in the mobile market presents a number of privacy and security issues for mobile software and hardware developers, platform operators, advertisers and marketers who collect, store, use and share consumer information. As awareness of privacy risks grow among consumers, legislators and regulators are increasing scrutiny of mobile privacy and privacy policies in mobile apps.

Businesses operating in the mobile industry are facing a widening array of Regulatory compliance issues. Staying abreast of legal risks and issues can be daunting. How can mobile operators and application developers spot trends and adjust strategies to start competitive? First, keep an eye on FTC activity. Second, monitor new bills coming up in Congress. Third, follow this blog, adlerlaw.wordpress.com.

FTC Privacy Enforcement Actions

Earlier this year, the FTC expanded mobile privacy obligations beyond software to include hardware makers when it announced a settlement with HTC America over charges that HTC failed to use adequate “security by design” in millions of consumer mobile devices. As a result, the company is required to patch vulnerabilities on the devices which include #Smartphones and #Tablets. The settlement, the first action involving a mobile device manufacturer and the new “Privacy By Design” guidelines, sheds some light on the legal risks for mobile device manufacturers and, to some extent, mobile application developers.

Congressional Privacy Laws, Bills & Initiatives

Not surprisingly, federal legislators are taking up the mantle of Consumer Privacy in the area of Mobile Applications. In January 2013, U.S. Rep. Hank Johnson, introduced his mobile privacy bill, The Application Privacy, Protection and Security Act of 2013, or the “APPS Act,”. The bill focuses on transparency, user control and security, mandating that an application 1) provide the user with notice of the terms and conditions governing the collection, use, storage, and sharing of the personal data, and 2) obtain the consent of the user to the terms and conditions. Significantly, the privacy notice is required to include a description of the categories of personal data that
will be collected, the categories of purposes for which the personal data will be used, and the categories of third parties with which the personal data will be shared.

The Bill also requires that application developers have a data retention policy that governs the length for which the personal data will be stored and the terms and conditions applicable to storage, including a description of the rights of the user and the process by which the user may exercise such rights in addition to data security and access procedures and safeguards.

App developers unaware of the data protection requirements may face significant risks and potential harm to their reputation among users of smart devices. If you have concerns about what key data protection and privacy legal requirements apply to mobile applications and the types of processing an app may undertake contact us for a mobile app legal audit. Vague or incomplete descriptions of the ways which a mobile app handles data or a lack of meaningful consent from end users before that processing takes place can lead to significant legal risk. Poor security measures, an apparent trend towards data maximisation and the elasticity of purposes for which personal data are being collected further contribute to the data protection risks found within the current app environment.

Learn more David M. Adler here.

#Bank Information #Security: The Evolving Threat From Insiders

VIDEO: The Evolving Insider Threat– Dawn Cappelli, Randy Trzeciak of CMU’s Insider Threat Center

This video from RSA Conference 2013 discusses:

  • Who typically commits insider crimes – and how;
  • How employees are being victimized from outside;
  • Why our critical infrastructure is at heightened risk.

Even if you are an employer using standard commercial verification measures, you should be cautious about misuse of any information by employees, managers and contractors. Accordingly, you should be careful with training and education and not on only newly-hired employees. Further, plan on how login credential and access to sensitive information will be handled and/or turned over when training or when terminating, suspending, withholding pay, lowering pay, or taking any other adverse action against an employee.

Three Things I Learned About Personal Cybersecurity At RSAConference That You Should Be Doing Right Now

Image representing CloudFlare as depicted in C...

Image via CrunchBase

I just returned from RSAConference 2013 where I had the privilege and honor of giving a presentation of the legal risks caused by social media in the workplace. As a speaker-attendee, I had the priceless benefit of access to all the other speakers and programs held during the conference.

One such program I attended was “We Were Hacked: Here’s What You Should Know”. The speakers, Matthew Prince (@eastdakota) CEO of CloudFlare, and Mat Honan (@mat) writer for Wired Magazine, shared their common experience as targets of high profile hacks. Hearing the details from them first hand, including information from interviews with the hackers themselves, I learned how easy it is to be the victim of hacking and how it’s the little things that create exploitable seams in our information security barriers.

Rather than rewrite their stories, I thought I would share three simple lessons I learned that I’ve already implemented and you should too. Besides, Matt does a better job telling his own story which can be found here.

Here are the three things I learned about how you can protect yourself and others in your organization.

First, security attacks go after the “low hanging fruit” and that often means figuring out a way to exploit your personal email address. With so many web-based services and so much login information to remember, many of us use our personal email as our username for everything from the web sites on which we comment, to our online photo gallery, to our online banking service. Unfortunately, this is probably the address we use for password recovery if we forget. Given that our digital lives are easily mapped, hackers already have one piece of the two-piece login puzzle: they know your user name.

TIP NO. 1: Use a private, obscure email address for your more sensitive information.

Second, once a hacker has accessed your accounts, your computer and your files, the fun has just begun for them. As Matt Honan described, these often adolescent script kiddies simply don’t understand the value of your stored memories and other information. In his case, all the photos of his children were permanently deleted. Regardless of a hacker attack, stuff happens and you don’t want to lose everything because you we’re too lazy to back up.

TIP NO. 2: Back Up your digital life, early and often.

Third, today’s’ Internet is an interdependent ecosystem. Just because you or your organization takes security seriously, doesn’t mean that other do as well. Your internal systems are not enough. Like it or not, the seams of your security perimeter are intertwined and permeated by the services and systems of customers and vendors. For most consumers, the there is a Hobbesian choice of Security v. Convenience. Multiple login usernames and super long passwords are difficult to remember and tedious to use. As a result, most people choose the least secure means of authentication on the assumption that using astringent password is enough. Unfortunately, some people don’t even bothers with that. A recent ZoneAlarm study found that “password” was the fourth most commonly used password by consumers.

Google, Facebook and others have started using two-factor authentication. Two-factor authentication requires that one enter a code after entering the username/password combo. The code is sent via, text message, voice call or email. This greatly reduces the chances of unauthorized access because hackers would need to have your phone, in addition to your username/password combo.

TIP NO. 3: Whenever possible enable two-factor authentication.

Please understand that there is no “magic bullet” when it comes to Cybersecurity. Taking these precautions does not guarantee that you won’t be attached or that your account information won’t be accessed. However, these are important and easy steps that you can take to improve your personal data security.

Please comment and follow!

 

Facebook Marketing: Legal & Regulatory Compliance By David M. Adler, Esq.

Image representing Facebook as depicted in Cru...

Image via CrunchBase

AllFaceBook Presents AF Expo San Francisco June 27-29, 2011

COMMERCE & MONETIZATIONFacebook Marketing: Legal & Regulatory Compliance

The use of social media for marketing and advertising purposes is one of the fastest growing areas for business and marketers. The advent of social media sites like Facebook provides the opportunity for authentic interaction and engagement with customers. Therefore, it is no surprise that it is being used as a marketing tool by companies large and small to help them achieve their strategic goals. But with every technological development and opportunity, new legal and business risks present themselves. Understanding and minimizing these risks will help you maximize the opportunities. A best practices approach to social media marketing involves having the company’s philosophy, methodology, and guidelines captured in a comprehensive written policy that is clearly and regularly communicated to the employees, and regularly updated to keep abreast of new developments, opportunities and evolving legal guidance. Attendees will learn how to identify the legal issues and develop policies and procedures to keep informed about the current technology, marketing strategies and regulatory compliance.

Everyone at AF Expo shares a belief that the Facebook experience represents a paradigm shift in the way that marketing professionals identify, engage and convert customers. In the past, marketers had to conduct research to locate customs and to determine their wants and needs. Once these were identified, you needed to convince your customers to value your brand, understand your product/service and ultimately purchase what you were selling.
Facebook changes all of these assumptions. It offers an interactive platform where customs are actively engaged in seeking out the brands they are interested in – whether individually or through trusted networks, tell brand owned what they do and do not like about their brand and tell marketers whether they are open to receiving more information. Interestingly, the platform allows marketers to continue the conversation even when the customer has nominally disengaged (through trusted networks).
Like everything else, with great power comes great risks. Facebook marketing that is thoughtful, respectful and legally compliant is extremely effective. [give examples] However, marketing efforts that fail to understand and account for the requirements to maintain legal compliance can be a fixated.
In the beginning one could poke, like and comment. But what happens when you can purchase? Facebook is rapidly becoming a platform to identify, locate, contact and transact business with consumers of goods and services, both physical and virtual, using currency that is both physical and virtual.
My presentation will identify and explain the risks for Facebook marketers, grouped  into three risk categories, “The Three Cs” of Facebook marketing:
Content
Connecting
Commerce