How Routine Clicks Can Become Binding Contracts: Did I just agree to an app’s terms of service and privacy policy?

When you download a mobile application or register for something on a website, you likely notice that they each maintain terms of service and probably a privacy policy without giving a second thought to them. In most instances, this won’t affect your day-to-day life. But what if you later find out that one of those apps is tracking your every move, selling that geolocation data to third parties, and you are not happy about it? What about if you want to file a lawsuit, are you bound by an arbitration clause that was in the terms of service? Did you even know there was an arbitration clause? Some people may reflexively say to themselves:

I didn’t even see the privacy policy so I can’t be bound by it. . . .

That is not always the case. Even if you didn’t read the terms of service or the privacy policy, by using an app or a website, you may still be bound by it.

On the other side, as an app or website owner, you specifically select contract provisions to protect your business and, in some cases, limit your liability. Because of this, it is in your best interests to have a valid and enforceable agreement between you and your customers. There are a number of factors that a court will consider, but, here, we are primarily focusing on the sign-up process. Did you provide the notice of the terms of any agreement you may want to enforce in the future? The answer to this may hinge on the design and content of your app or website. This has been a critical issue in cases brought against the owners of several popular apps and websites including Uber, Facebook, and DoorDash.

A PHILADELPHIA COURT DASHES UBER’S ATTEMPT TO ENFORCE AN ARBITRATION AGREEMENT

In Kemenosh v. Uber Technologies, Inc., the plaintiff sued Uber after she was injured in an accident involving a vehicle summoned through Uber’s app. Uber claimed that the plaintiff was foreclosed from filing a complaint because she was bound by an arbitration agreement that she purportedly consented to in 2013 when registering to use the popular ride-sharing app.

Uber claimed that, at the end of the registration process, the plaintiff would have arrived at a screen that reads:

By creating an Uber account you agree to the TERMS OF SERVICE & PRIVACY POLICY

The phrase “Terms of Service and Privacy Policy” was in a hyperlinked box that could be clicked for easy access. Uber did not require its customers to review the hyperlinked policies (or check a box confirming that they did) to complete registration — a critical distinction in these types of cases — and plaintiff disputed seeing any hyperlink, let alone clicking on one. Uber could not dispute this since it did nothing to confirm that end-users were aware of these policies. Either way, once the plaintiff entered her credit card information, a “Done” button appeared in the right corner of the screen, which would have completed the registration process once clicked.

Not surprisingly, Uber’s terms of service contained a provision stating that “you and Company are each waiving the right to a trial by jury or to participate as a plaintiff or class User in any purported class action or representative proceeding.” In November 2016, Uber sent an email to the plaintiff advising her that it revised its arbitration agreement and that its updated terms of service could be accessed “here,” with here displayed in bright green hyperlinked text. The plaintiff claimed that she never received nor read the 2016 email or the updated terms of service.

After deciding that Pennsylvania — not California — law applied, the court noted that an offer to enter into a contract “must be intentional and sufficiently definite in terms, and no offer will be found to exist where its essential terms are unclear.” While Uber claimed that the plaintiff agreed to arbitrate, the court found that the 2013 registration process screens failed to properly communicate an offer.

Uber did not offer any authority to support its position that a working hyperlink constituted a valid offer to arbitrate. In contrast, the court suggested that a reasonably prudent cell phone user would not necessarily know hyperlinked terms included a waiver of certain rights. Even so, the court found that “the deficiency of Uber’s registration process is not its inconspicuousness but rather its failure to adequately communicate an offer to arbitrate in a definite manner, so as to create a meeting of the minds.” Uber’s references to its “Terms of Service and Privacy Policy” during the registration process did not alert the user that these documents contain an arbitration clause or jury trial waiver. The court recognized that the outcome may have been different if Uber required a registrant to open the hyperlink, check a box

certifying that they read the terms of service, or somehow conveyed that the user should read them — none of which Uber did.

The court also determined that Uber failed to show that the plaintiff had agreed to its arbitration agreement through the 2016 email, but for a different reason. Uber submitted business records purportedly demonstrating that Uber sent the email and plaintiff, in turn, received it. The plaintiff provided an affidavit disputing this. Since the parties relied on written statements and did not present any live witnesses, the court concluded that Uber failed to satisfy its burden that the plaintiff received the email. In other words, the court did not reach the question of whether Uber’s email was sufficient to establish that the parties entered into a valid agreement to arbitrate. Indeed, the email stated that Uber “revised [its] arbitration agreement which explains how legal disputes are handled[.]” There is a strong possibility that, based on the court’s opinion, that this would have been sufficient, i.e., conveying an offer to arbitrate.

Cases against Facebook and Doordash and the Second Circuit’s view of Uber’s registration process may shed some light on how this issue may fair in other courts. . . .

THE SECOND CIRCUIT PREVIOUSLY FOUND THAT UBER’S “SIGN-IN-WRAP” PROVIDED REASONABLY CONSPICUOUS NOTICE OF ITS TERMS OF SERVICE

More than one year before Kemenosh was decided, the Second Circuit had arrived at a different conclusion concerning a plaintiff’s assent to arbitrate its claims against Uber based on a similar — if not identical — registration process. In Meyer v. Uber Technologies, Inc., the Second Circuit observed that the terms of service notice appeared below the “Register” button on the payment screen, a layout commonly referred to as “sign-in-wrap.” Meyer claimed that he did not (or was not able to) see the hyperlink to the terms of service, and thus the arbitration provision it contained, when he clicked register on the app.

The Second Circuit noted that “[c]ourts around the country have recognized that [an] electronic ‘click’ can suffice to signify the acceptance of a contract” as long as the layout and language of the website or app gives the user “reasonable notice” that this click will establishes assent. In Uber’s case here, the Second Circuit concluded that Uber provided reasonably conspicuous notice of its terms of service based on a number of factors, among them:

• an “uncluttered” payment screen;
• the hyperlinked text is located directly below the registration button;
• the entire screen is visible at once;
• the underlined, dark-printed hyperlink, although in small font, contrasted sharply with its white background; and
• the terms of service are presented simultaneously to enrollment.

After disposing of Meyer’s challenges to the app’s layout, the Second Circuit also rejected his claim that a hyperlink on its own is insufficient to find reasonable notice, likening a click to hyperlinked text to the “twenty-first century equivalent of turning over the cruise ticket.” In other words, the language Uber used was a prompt to read the agreements and “signaling that their acceptance of the benefit of registration would be subject to contractual terms.” Finally, the Second Circuit stated that just because the register button had the dual functions of creating an account and consenting to the terms of service did not create ambiguity in Meyer’s assent.

Meyer’s holding was recently validated by a federal court in California. In Peter v. DoorDash, Inc., the Northern District of California relied on Meyer to conclude that similarly situated sign-in-wrap bound plaintiffs to an arbitration provision in DoorDash’s hyperlinked terms of service. In doing so the court observed that “[t]he screens are similarly uncluttered and wholly visible, and the notice text appears even closer to the sign-up button on DoorDash’s page than on Uber’s.”

CLICKWRAP V. BROWSEWRAP: THE DIFFERENCE CAN BIND YOU EVEN IF YOU DIDN’T READ THE TERMS OF USE OR PRIVACY POLICY

In In re Facebook Biometric Information Privacy Litigation, three plaintiffs alleged that the social media website’s “Tag Suggestions” program, which scanned and stored faces in uploaded photographs so that it or you could “tag” those users in subsequently uploaded photos, violated the Illinois Biometric Information Privacy Act, 740 Ill. Comp. Stat. 14/1 et seq. Facebook moved to dismiss the complaint, claiming that users AGREED that the law of California — not Illinois — governed the dispute. The plaintiffs’ reply? Not so fast, Facebook! We never agreed to your User Agreement.

Let’s take a look at how the three plaintiffs signed up for Facebook:

Plaintiff 1:

• Required to “click a box next to the words, ‘I have read and understood the Terms of Use, and I agree to them.”
• Box was separate from the “sign up” button to complete registration
• “Terms of Use” were also highlighted and hyperlinked to the agreement

Plaintiff 2:

• Two different sign-up screens were randomly presented to new users
• Both screens required user to click a box next to similar language as the first plaintiff
• Box was separate from the “sign up” button to complete registration
• “Terms of Use” were also highlighted and hyperlinked to the agreement

The third plaintiff had to click a “sign up” button above a sentence stating that the user agreed to the hyperlinked Terms of Service and Privacy Policy (as opposed to a separate box separately agreeing to these policies).

The difference between the first two plaintiffs and the third does not seem like much, but the Court found a meaningful distinction. In all three circumstances, the court found that the sign-up process fell towards “browsewrap,” but that those encountered by the first two plaintiffs had more legally favorable clickwrap features. Huh?

In a clickwrap agreement, the user is presented with a list of terms and conditions of use before being asked to agree to them. Courts typically find these types of agreements valid and enforceable because, as noted in Berkson v. Gogo LLC, “by requiring a physical manifestation of assent, a user is said to be put on inquiry notice of the terms assented to.” (Berkson also recognized two additional types of internet-based agreements — scrollwrap and sign-in-wrap).

In contrast, for a browsewrap agreement, a website’s or app’s terms and conditions of use are generally posted in a hyperlink at the bottom of the screen.

While quickly glancing at a website or app when signing up, the differences between clickwrap and browsewrap may not be meaningful to you at that moment, courts have found that their differences affect whether you are bound by the agreements each are linked to — whether you read them or not.

The Court in the Facebook case provided a helpful graphic to differentiate the unique features of clickwrap and browsewrap, which I recreated and slightly modified below:

Clickwrap and browsewrap Facebook Graphic

Although there is no brightline rule on which procedure is valid and enforceable, the Ninth Circuit “has recognized that the closer digital agreements are to the clickwrap end of the spectrum, the more often they have been upheld as valid and enforceable.”

The court concluded that, in this instance, Facebook demonstrated that all three plaintiffs assented to the user agreement, suggesting that “[w]hat appears to save the approach is that a user like [the third plaintiff] had to take some action — a click of a dual-purpose box — from which assent might be inferred. A contract was not foisted upon him simply by passively viewing a website.” In Berkson, a New York federal court similarly found that “[f]or an internet browsewrap contract to be binding, consumers must have reasonable notice of a company’s ‘terms of use’ and exhibit ‘unambiguous assent’ to those terms.”

THE TAKEAWAY

Whether a web or app’s terms of service or privacy policy are enforceable can have an impact on many things for both its developer and the end-user, including how personal data can be used, whether the app can track your movements, whether the parties are required to arbitrate any disputes, and the availability of class actions. As our experience and understanding of smartphones and mobile platforms continue to evolve, it will become increasingly difficult to simply claim “I didn’t know” about user agreements and privacy policies. Nevertheless, at this point, the design, layout, and content of an app or website remains critical in determining whether it provided reasonably conspicuous notice of its terms of service or privacy policy. AS observed from decisions discussed above, there is no one size fits all policy and it remains an intensive factual determination. For the web or app owner, the placement of its terms and privacy policy and how it engages the end user are factors in whether a court will find them enforceable. On the other side, for the end-user, it is not always enough to say that you did not click on a hyperlink or that you did not see these documents to avoid being bound by their terms. Indeed, the more developers move away from browsewrap features, the more likely a court agree that you were on notice of its terms and assented to them.

Daniel Mirarchi Of Counsel Rogers Counsel

Written by Daniel J. Mirarchi, who is Of Counsel to Rogers Counsel and handles a variety of commercial litigation matters for the firm. Over the last 15 years, he has represented businesses, individuals, and public pension funds in securities, data breach, fraud, employment, breach of contract, and theft of trade secret matters.

Learn about the author, attorney Daniel Mirarchi, of-counsel at Rogers Counsel.