- Who We Serve
Clickwrap agreements are the new frontier in contracting for the eCommerce industry. But despite their advantages for customer experience and conversion rates, enforcement of these agreements can be difficult without certain standards in place. To create enforceable clickwrap agreements, a company must be able to definitively prove which version of the agreement a specific customer or third party signed. And this proof will often come down to the company’s back-end records.
As Facebook learned the hard way in the Cambridge Analytica scandal, the inability to prove “version control” for clickwrap agreements can present real legal headaches.
Content Download: Clickwrap Litigation Trends: 2021 Report
Online contracts are a necessary element for modern eCommerce, with clickwrap agreements in particular providing many advantages. Clickwrap agreements require the user to check a box or click a button in order to affirmatively agree to the contract terms.
When compared to requiring an electronic signature made by a user’s mouse or finger, there is a clear benefit for user experience. And clickwrap agreements also have the benefit of increased enforceability, since the customer is affirmatively consenting to the contract terms.
But clickwrap agreements can also be challenged in court. One major hurdle for enforceability is when the terms of a clickwrap agreement are updated. The company needs to be able to prove which version of the agreement the user “signed.” This ability to track contract versions is commonly referred to as “version control.”
Back-end records are key to instituting version control for clickwrap agreements. Back-end records are company records containing relevant data captured at the time of contract acceptance. This data includes the identity of the user and the time of contract acceptance.
Most crucially for the purposes of version control, back-end records can also indicate which version of a clickwrap agreement was actually signed.
The Cambridge Analytica debacle at Facebook illustrates the importance of back-end recordkeeping for version control.
Cambridge Analytica was a political consulting firm that harvested identifying information for up to 87 million Facebook users. The information was gathered using a personality quiz app, which had to be added to a user’s Facebook account in order to take the quiz.
Related Content: Facebook Terms of Service: What Did You Sign Up For?
This app then gave Cambridge Analytica access to all the quiz taker’s profile information and user history. More importantly, the app provided Cambridge with that same information for all the Facebook friends of the quiz taker, which Cambridge used for politically targeted ads.
In addition to the resulting public relations crisis, Facebook also faced numerous government investigations and litigation over the data breach. In defense, Facebook attempted to rely on the terms and conditions of their user agreements, which allowed for data sharing with third party apps.
Unfortunately for Facebook, the data sharing terms were not added to their user agreement until the 2009 version. Facebook argued that users who signed up pre-2009 automatically assented to continuous future updates. Not only was this argument unsuccessful, Facebook also could not prove its post-2009 users clearly understood and assented to the updated contract terms.
Facebook was missing one key element in attempting to rely on the Facebook terms of service: back-end records to prove which version of the agreement the Facebook user signed.
Reliable back-end records should indicate that a specific user signed a specific agreement at a specific time.
Several cases demonstrate how back-end records can head off legal challenges to online contracts.
For example, Southwest Airlines was able to have a federal class action lawsuit against it dismissed, based on the arbitration clause in their employment contract. In Tanis v. Southwest Airlines, Southwest Airlines was able to prove an employee checked a box affirming her acceptance of the contract terms. They were able to do so using an electronic record of the employee’s name, her employee ID, and the date and time of execution.
Similarly, the company Bite Squad was successful in compelling individual arbitration in response to a federal class action. In Holley v. Bite Squad, a Bite Squad executive submitted an affidavit stating that employment applicants were emailed an electronic copy of a hiring packet, which included an arbitration agreement. Critically, the same executive attached “Audit Trails” for each of the individual plaintiffs. These Audit Trails indicated when each plaintiff viewed and signed the arbitration agreement.
Facebook was not able to enforce the terms and conditions of its user agreements, specifically those terms allowing for third party data sharing. The company lacked any back-end records to prove a specific Facebook user agreed to specific terms at a specific time.
In short, Facebook did not implement version control, and so Facebook users were not fully bound by the Facebook terms of service.
A company seeking enforceable clickwrap agreements should have protocols and standards in place to ensure version control, including back-end records of acceptance. Otherwise, they could be faced with expensive and time-consuming litigation. To see how your agreements stack up on a legal basis, take our Clickwrap Litigation Readiness Self-Assessment.