On Good Terms: Five Reasons Why Businesses Should Take Their Terms of Use Seriously

As a contract between a business and its users, terms of use establish the conditions under which the company’s website, mobile application, or other online service can be accessed and used. Terms of use should include provisions that, among other things, protect the business’ intellectual property, establish rules of conduct, limit liability, and state how disputes will be resolved. They are often the first line of defense against the ever-present threat of consumer class actions.

But without careful drafting and routine reviews, businesses can face substantial legal exposure, which can come in the form of gaps in protection, unlawful provisions, or an agreement that is altogether unenforceable. With this alert, we are digging into five reasons why businesses should take their terms of use seriously.

Mass Arbitration

Adopting a terms of use provision that subjects disputes to binding individual arbitration has long been regarded as a smart way for businesses to avoid class actions and limit costs. In recent years, however, plaintiffs’ firms have devised a new approach in response to arbitration provisions: mass arbitration. They gather a large class of claimants and threaten to file thousands of individual arbitrations. Because arbitration providers have traditionally made the business responsible for most or all of the arbitration fees in consumer disputes, this can saddle the business with overwhelming filing fees, often in the millions. The goal of the plaintiffs is not actually to arbitrate thousands of individual disputes but instead to force the business into a favorable settlement.

Businesses have tried a number of tactics to counteract the rising threat of mass arbitration. Many have modified their arbitration provisions to require special procedures — such as informal dispute resolution requirements, followed by batched, bellwether, and/or staged arbitration — when a large number of claims are filed by the same or coordinated firms. These efforts have seen mixed results, with courts finding some such provisions unconscionable because they would involve significant delays, apply internal precedent, or result in other forms of perceived unfairness. This remains an evolving area of the law. Companies should review and tailor their terms of use to address the risk of mass arbitration while steering clear of higher-risk provisions.

Some arbitration providers, including JAMS and the American Arbitration Association, have unveiled new mass arbitration procedures, which generally seek to make the business’ costs more manageable and increase efficiency by appointing a process administrator to resolve preliminary issues. These procedures are something for businesses to consider expressly adopting in their terms of use.

Website Tracking Litigation

In recent years, one of the most significant developments in the online legal landscape — and one of the most common subjects of mass arbitration demands — has been the explosion of website tracking litigation. Broadly speaking, these claims involve widely deployed advertising and analytics technologies, such as cookies, pixels, web beacons, and session replay tools that track information about user activity on websites and apps. Plaintiffs have utilized pre-internet laws, like the California Invasion of Privacy Act (CIPA), to allege that these tools collect and illegally disclose user data, such as IP addresses and device information.

In the initial wave of website tracking litigation, the most common theory asserted by plaintiffs was that the use of these tracking tools without affirmative consent (e.g., without clicking the “Accept” button on a cookie banner) violated CIPA’s wiretapping and eavesdropping provisions. More recently, these lawsuits have also alleged violations of CIPA’s lesser-known pen register and “trap and trace” provisions. Further, a number of website tracking lawsuits have alleged that certain uses of embedded pixels violate the Video Protection Privacy Act — a 1988 law enacted to address the disclosure of video-tape rental history — by tracking and disclosing data on user interaction with webpages featuring video content. Overall, the success of website tracking litigation has been mixed, though some complaints have survived the motion to dismiss stage. Moreover, plaintiffs’ firms have proved ceaselessly creative in their attempts to breathe new life into old laws, so we should expect no shortage of new theories of liability.

Importantly, terms of use can help mitigate the risk of website tracking litigation. A robust arbitration provision with carefully crafted mass arbitration language can significantly reduce dispute costs. Further, designing an informal dispute resolution process that requires claimants to file individual dispute notices and engage in one-on-one settlement talks before initiating any proceedings makes the business a less attractive target for mass claims. Additionally, terms of use should prohibit use of the website or app solely to induce a legal violation, obtain the user’s express agreement to the practices described in the applicable privacy policy, and require users to waive all claims related to the use of digital tracking technologies, including those arising before the user agreed to the terms of use, as these tools often begin collecting information the moment the user arrives at a webpage.

Auto-Renewal Laws

In addition to the Restore Online Shoppers’ Confidence Act and the FTC’s Click to Cancel Rule at the federal level, more than 25 states have enacted laws governing auto-renewing contracts. Although their scope and requirements differ, these auto-renewal laws impose obligations upon online businesses offering subscription-based services that charge consumers on a recurring basis until they cancel. Collectively, these laws create a complex patchwork of compliance standards, with the laws in California, the District of Columbia, and Vermont having notably strict requirements.

Many auto-renewal laws specifically require businesses to obtain the consumer’s “affirmative consent to the agreement containing the automatic renewal offer terms” and identify specific “offer terms” that the agreement must include. Terms of use — as the primary, and often only, contractual agreement governing the use of a website or app — are the logical “agreement” to use for this purpose. Accordingly, businesses that enroll consumers in subscription services online need to pay close attention to auto-renewal laws and ensure that they include all mandatory offer terms in their terms of use. As importantly, user interfaces must be designed to obtain the user’s “affirmative consent” to the terms of use, a surprisingly complex issue discussed in detail below.

Finally, this is far from the only requirement in auto-renewal laws. These laws commonly provide for the prominent presentation of certain integral offer terms on the webpage where the user enrolls (not just in the terms of use), acknowledgement emails upon enrollment, reminder notices prior to billing, and specific cancellation methods. This is another fluid area of the law, with new developments virtually every year. New auto-renewal laws, in Utah and Minnesota, took effect in January while significant amendments to California’s already robust auto-renewal law will take effect in July.

Creating an Enforceable Contract

Beyond the substance of the agreement, a critical threshold question is whether a business’ terms of use represent a valid, enforceable agreement in the first place, as even the most well-drafted terms of use are useless if they are not a valid contract. Online contracting is held to the same requirement of mutual assent as traditional contracting. So called “browsewrap” agreements — where the terms of use are merely linked to in the website footer — are usually unenforceable. Instead, businesses should require users to take an action that affirmatively manifests their assent to the terms of use.

While simple in theory, this can be more complex in practice. The best practice is to create a dedicated action in the user flow requiring users to affirmatively represent their assent to the terms of use. This can be accomplished with an unchecked box or an “I Agree” button positioned next to a conspicuous hyperlink to the terms of use and language explaining that the relevant action (i.e., checking the box or clicking the button) constitutes the user’s assent to the agreement. Terms of use presented in this manner — often called a “clickwrap” agreement because the user clicks a button to manifest its assent — are generally enforceable. Requiring the user to take the additional step of scrolling to the bottom of the agreement provides an even stronger case for user assent.

A middle ground that has gained popularity is the “sign-in wrap” agreement, which uses an existing action in the user flow, like signing into an account (hence the name) or completing a purchase, to obtain the user’s assent. For example, it is common for e-commerce websites to place a notice near a “Place Order” button stating that, by completing the purchase, the user is signifying its agreement to the terms of use. While often preferred to clickwrap for its smaller digital footprint (with one less button to click), sign-in wrap agreements involve much more uncertainty. Because the user is not required to take action dedicated solely to the terms of use, they provide less clear-cut evidence of assent. The user has more leeway to argue that it did not see the notice disclosing the terms of use and, therefore, did not knowingly provide assent to the agreement. The enforceability of sign-in wrap agreements depends heavily on the design of the user interface, which courts scrutinize with a surprising level of detail. Ultimately, while this approach can result in an enforceable contract, it leaves little room for error and calls for a careful legal review prior to implementation.

Whether you opt for a clickwrap or sign-in wrap agreement, it is critical to retain a digital record of each user’s assent to the terms of use. When seeking to enforce its terms of use, a business should be able to present a clear record of how and when each user accepted the agreement.

Updating Terms of Use

Let’s say you carefully prepare terms of use and implement a process that effectively binds users to the agreement. All set, right? Yes, but only until you have to update them. There are plenty of reasons why a business might need to modify its terms of use — to comply with new legal requirements, address rising class action trends, or reflect changes to its website or services, to name a few — but the method of implementing those modifications is just as important as their substance.

Again, online contracting is subject to the same requirements as offline contracting. This means that terms of use cannot be modified without the assent of both parties. The surest way to accomplish this is with an interstitial pop-up that requires users to accept the modified terms of use before they can use the website or app again. Courts have consistently enforced terms of use modified in this manner, provided that the pop-up links to the updated terms of use and requires the user to click “I Accept” or otherwise manifest their assent to the modified agreement.

Instead of a pop-up, however, many companies prefer to send mass emails stating that the terms of use have been updated. In that case, it is critical for the email to clearly and conspicuously provide notice of the updates, hyperlink to the updated terms of use, and explain that continued use of the website or app will constitute the user’s acceptance of the modified agreement. Further, the email should reference the terms of use updates in the subject line, accurately describe the updates in the body, and omit any unrelated information. There are many examples of courts enforcing updated terms of use when notice is given in this manner, provided that the user continues using the site or service after receiving the email.

At the same time, this approach is not ironclad. Users have argued, with varying degrees of success, that they are not bound by the updated terms of use because they never received, or read, the email. At a minimum, a business providing notice by email should retain an electronic record establishing that the email was effectively transmitted to each user on file (i.e., without a bounce-back or other failure to send). Even better is to implement read receipts, so that, if necessary, you can prove in court that the user both received and opened the email. Still, for changes that are particularly important — for example, the addition of an arbitration agreement to the terms of use — businesses should consider using an interstitial pop-up instead to provide a greater degree of certainty.

The issues above are only a handful of the critical legal issues implicated by website, mobile, and online service terms of use. For assistance drafting or reviewing, or for guidance on any other advertising or e-commerce, please do not hesitate to reach out to the ArentFox Schiff Advertising team.