A law firm as creative as you are.
image001
You have the ambition. We can help you get there.

Recent Massachusetts Appeals Court Decision Interprets Enforceability of Online Terms and Conditions

Posted on May 9th, 2013

A recent Massachusetts appeals court decision by holds that a forum selection and limitation of liability clause is not enforceable under Massachusetts law in a browsewrap agreement.  This decision is a useful read both for lawyers drafting these documents and product developers and UI folks that create the user experience during which these legal terms are viewed and accepted.

The case involves the interpretation of Yahoo!’s Terms of Service (TOS) relating to its free email service.  The case was brought by the administrators of the estate of a Yahoo email user to get court approval for access to the account and the content of the emails.  Because the Yahoo! TOS had a forum selection clause requiring that all disputes be brought in California, the Court had the opportunity to interpret the enforceability under Massachusetts law of such clauses in online agreements.

After noting that the Court has not previously considered the enforceability of forum selection and limitation of liability clauses in online agreements, it looked to the case law on such issues in traditional paper contracts.  In those cases, courts have enforced such provisions as long as they have been reasonably communicated and accepted and if, considering all the circumstances, it is reasonable to enforce the provision at issue.  The burden on the first prong fall on the issuer of the TOS.  On the second prong (that the TOS themselves were reasonable), in the forum selection case, the burden falls on the plaintiffs, and no such burden applies in case of a limitations provision.

Applying this standard to online agreements, the Court held that Yahoo! did not meet their burden of showing the TOS were reasonably communicated and accepted.  Yahoo!’s affidavit that users were “given an opportunity to review” the TOS and Privacy Policy prior to registering” was not sufficient by itself.  The Court could not infer from that affidavit that the TOS were actually displayed on the user’s screen.  If the user was asked to follow a link to the TOS — which is a pretty typical user experience — Yahoo!’s affidavit would have to have provided the specific instructions relating to the link, how prominently displayed was the link, and any other information bearing on the reasonableness of this communication.

The Court also held that Yahoo! failed in showing that the TOS were accepted.  Past cases have enforced such provisions only in click-wrap agreements (where “terms of the agreement were displayed, at least in part, on the user’s computer screen and the user was required to signify his or her assent by clicking ‘I accept.’”), but not in browsewrap agreements (where ”website terms and conditions of use are posted on the website typically as a hyperlink at the bottom of the screen.”).

On that basis, the Court refused to extend the enforceability to browsewrap agreements and held that the record did not show “the terms of any agreement were reasonably communicated or that they were accepted.”

This case is reminder that legal attention to one’s online form agreements is a necessary part of operating a web-based business.  Especially if the offering is free (or fremium), website owners should take appropriate caution, and may want to sacrifice a little user experience and customer conversion in favor of knowing that to ensure that those online terms and conditions are actually going to be enforceable when the time comes.


ZIP Codes Constitute “Personal Identification Information” According to Recent Massachusetts Supreme Judicial Court Holding

Posted on Mar 27th, 2013

Overview

On March 11, 2013, the Massachusetts Supreme Judicial Court (SJC) followed courts in California* and many other jurisdictions, holding that ZIP Codes constitute personal identification information (PII). While this cases arises in the context of point of sale data collection by off-line brick and mortar retailer, the implications for this are significant for offline and online companies engaged in any collection of data from their customers and end users.

Case Summary

This case arises from the common practice by retailers of collecting customers’ zip codes at the time of purchases. Mass. General Laws Section 105(a) prohibits any business from recording or demanding that a credit card holder write “personal identification information, not required by the credit card issuer, on the credit card transaction form.” The PII contemplated in the section includes address and telephone number as they are explicitly listed but it also states that those are not the only PII it refers to. Any violation of Section 105(a) is considered to be “an unfair and deceptive trade practice” which means it is also in violation of Massachusetts General Laws, chapter 93A, section 2. 93A allows a plaintiff to claim treble damages and attorney’s fees, which can significantly up the ante in the event of potential violation.

The Tyler case was filed after the similar Pineda decision from California (see below) and was based on a complainant’s argument that she provided her ZIP Code to defendant Michael’s over the course of a year believing she had to in order to make her purchases. The plaintiff also alleged that Michael’s employees recorded her ZIP code information in an electronic transaction form and that Michaels was then able to get her address and phone number from commercial databases using her name and ZIP Code to send her unwanted, unsolicited marketing materials. The plaintiffs asserted that this was tantamount to writing PII on a credit card transaction form. Ergo, according to Massachusetts law, the practice should be considered a deceptive or unfair trade practice. Michaels moved to dismiss.

The district court agreed that ZIP codes are PII and that Section 105(a) may apply to the Michaels electronic credit card transaction forms. However, the district court dismissed because it found that, absent identity theft, there was no cognizable injury stated by the plaintiffs under chapter 93A of the General Laws. Thus, the district posed the following three questions to the SJC to answer under Massachusetts law:

(1) Do ZIP Codes constitute personal identification information (PII); (2) Absent identity fraud, can a violation of the Massachusetts General Laws, chapter 93, section 105(a) give rise to an action concerning PII; and (3) Third, does the phrase “credit card transaction form” covers both electronic and paper transaction forms equally. These three questions originated within a class action lawsuit citing violation of Section 105(a) on the part of Michaels who had allegedly asked for and stored customers’ credit cards’ ZIP codes.

The Court first clarified that “based on the text, title and caption, and legislative history of § 105,” the purpose of the statute was not in fact to protect against identity theft; rather, this section’s purpose is to protect consumer privacy with regard to credit card transactions. Because ZIP codes could allow other PII about consumers to be discovered using public databases (PII like addresses and phone numbers) the court reasoned that ZIP codes must also be PII. The court further observed that Section 105(a) is not specifically limited to identity theft and thus refused to limit it in this way. Finally, the statute explicitly states that it applies to “all credit card transactions”, so the court found that electronic credit card transaction forms would be included within its purview.

Impact of Tyler

It is possible that, as with the older Pineda case, the Tyler case might lead to additional class action lawsuits. In any event, given the Massachusetts SJC’s strong stand on consumer rights in Tyler, businesspeople and retailers (local or national) doing business in the Commonwealth of Massachusetts should re-evaluate their own practices to make certain they are in compliance with Section 105(a). This practice should also be taking place in the other states that have similar laws on the books.

It is possible, within the confines of Tyler, that collecting this kind of information for internal use only, and not for marketing or to sell or make a profit on the information, might not give rise to enough of an actual “harm” to support a cause of action. Any plaintiff still must prove an actual injury to some extent. Still, the decision makes collecting information beyond what is required by credit card issuers risky.

* (For a related case see the California Supreme Court decision Pineda v. Williams-Sonoma Stores which also holds that ZIP codes are personal identification information according to California’s Song-Beverly Credit Card Act, Civil Code section 1747.08. In excess of 15 states, Massachusetts and California among them, have laws that regulate the type of customer personal identification information that retailers may legally collect and store.)

If you have any questions about this topic, please feel free to email us.