Changing Terms of Service? Be Ready For A Class Action Lawsuit

Written by Mark Rasch
July 26th, 2013

Attorney Mark D. Rasch is the former head of the U.S. Justice Department’s computer crime unit and today is a lawyer in Bethesda, Md., specializing in privacy and security law.

Think you have complete control of the terms of service (TOS) of your website? As a retailer, you probably assume that you can dictate terms to customers, especially about any services you offer them besides selling them merchandise. And when photo-sharing website Instagram changed its terms of service in mid-January of this year, it probably didn’t expect too many people to even notice. Those who did might be displeased with the changes, and might abandon the service or go to another one. But what Instagram should have expected was a class-action lawsuit.

And just such a suit was filed on July 16 in California Superior Court in San Francisco.

At issue in the litigation was the change in Instagram’s copyright policy. The prior policy indicated that Instagram did not claim any ownership rights in people’s photographs. The new policy states that Instagram “does not claim ownership of any Content that you post on or through the Service. Instead, you hereby grant to Instagram a non-exclusive, fully paid and royalty-free, transferable, sub-licensable, worldwide license to use the Content that you post on or through the Service, subject to the Service’s Privacy Policy, available here, including but not limited to sections 3 (“Sharing of Your Information”), 4 (“How We Store Your Information”), and 5 (“Your Choices About Your Information”). You can choose who can view your Content and activities, including your photos, as described in the Privacy Policy.”

Instagram also changed its limitations on liability to be more favorable to themselves, and grant themselves additional remedies. You really didn’t expect changes that would favor the consumer, did you?

The relationship between websites and their users is, for the most part, a creature of contract law. While the underlying business being promoted may be regulated, and there may be laws on marketing and promotion (e.g, deceptive trade practice or lawyer advertising rules), issues like ownership of intellectual property, privacy rights, rights to exploit content, liability, remedies, venue and jurisdiction are “negotiated” by contract.

Problem is, they aren’t really ever negotiated. They are dictated by the website operator, who frequently reserves the right to change these terms at will, simply by, well, changing them. In many cases, it is the consumer’s obligation to check the website to find out that the terms have changed.

Typically, you “agree” to a contract by either signing the contract (clicking “I agree”) or engaging in conduct which demonstrates assent (“by using the service you agree to these terms”). But after you have already agreed to a contract, and the other party, dissatisfied with the agreement they have negotiated (especially here when they wrote it), wants to change it, this is typically called a “novation” to the contract. For a “novation” to be effective there has to be some consideration for the change—essentially a new contract.

Ordinarily, website operators get around this requirement in several ways. First, they write in the original contract that they can change the terms at any time with or without notice. It’s like Big Jule in Guys and Dolls, who plays craps with blank dice: “I had the spots taken off for luck. But I remember where the spots formerly were.” A contract which can be changed at any time by one party typically is not a “binding contract.” But somehow courts have let website operators get away with this.


One Comment | Read Changing Terms of Service? Be Ready For A Class Action Lawsuit

  1. Bernard Regier Says:

    Very enlightening article. In regards to policy statements/terms of service, why hasn’t Craigslist been sued up the wahoo for not allowing users to cancel their memberships? Of their many uncouth business practices, including complete lack of accountability and doling out strange, arbitrary punishments to out-of-line members(see for 8-9 hundred horror stories), disallowing individuals to terminate service seems the most unlawful. I don’t know anything about contractual law or online regulations, but If I owned a store, I could refuse or restrict service to anyone or lock them out if necessary; what I CAN’T do is lock them in!Your thoughts? Repectfully,
    –Bernie R.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.