On Wednesday, December 14, 2016, President Obama signed the Consumer Review Fairness Act of 2016 (the “Act”) into law.  The Act makes void certain clauses of a form contract that prohibit or restrict an individual from engaging in a review of a seller’s goods, services, or conduct.  The Act follows California’s enactment of Assembly Bill 2365 in September 2014 (codified at Civil Code section 1670.8) which similarly bars consumer contract provisions that purport to waive consumers’ right to make disparaging comments about goods or services.

Subject to enumerated exceptions, the Act makes a provision of a form contract void from the inception if it: (1) prohibits or restricts an individual who is a party to such a contract from engaging in written, oral, or pictorial reviews, or other similar performance assessments or analyses of, including by electronic means, the goods, services, or conduct of a person that is also a party to the contract; (2) imposes penalties or fees against individuals who engage in such communications; or (3) transfers or requires the individual to transfer intellectual property rights in review or feedback content (with the exception of a nonexclusive license to use the content) in any otherwise lawful communications about such person or the goods or services provided by such person.

A “form contract” is a contract with standardized terms: (1) used by a person in the course of selling or leasing the person’s goods or services, and (2) imposed on an individual without a meaningful opportunity to negotiate the standardized terms. The definition excludes an employer-employee or independent contractor contract.

Enforcement authority is provided to the Federal Trade Commission (FTC) and states, and the Act requires the FTC to provide businesses with nonbinding best practices for compliance.

A link to the legislation may be found here.

Be Sociable, Share!
    Comments { 0 }


    On Wednesday, December 14, 2016, President Obama signed the “Better Online Ticket Sales Act of 2016” (the “BOTS Act” or the “Act”) into law. The Act prohibits the circumvention of a security measure, access control system, or other technological measure on an Internet website or online service of a ticket issuer that is used to enforce posted event ticket purchasing limits or to maintain the integrity of posted online ticket purchasing order rules for a public event with an attendance capacity exceeding 200 persons. The Act also prohibits the sale of or offers to sell an event ticket in interstate commerce obtained through such a circumvention violation if the seller participated in, had the ability to control, or should have known about the violation.

    It shall not be unlawful under the BOTS Act to create or use software or systems to: (1) investigate, or further the enforcement or defense of, alleged violations; or (2) identify and analyze flaws and vulnerabilities of security measures to advance the state of knowledge in the field of computer system security or to assist in the development of computer security products.

    Violations shall be treated as unfair or deceptive acts or practices under the Federal Trade Commission Act. The Act provides authority to the Federal Trade Commission and states to enforce against such violations.

    A link to the legislation may be found here.

    Be Sociable, Share!
      Comments { 0 }


      On or before December 31, 2017, online service providers that have previously registered DMCA designated agents with the U.S. Copyright Office must re-register through its new online registration system. Otherwise, the online service provider will not be eligible for the safe harbor protections of the Digital Millennium Copyright Act (the “DMCA”). The notification of this new regulation can be found here.

      The safe harbor provisions of the DMCA provide a shield against copyright infringement liability based upon content posted by internet users. Without the safe harbor protections, an online service provider can be exposed to copyright infringement without its knowledge when the content underlying the infringement is posted by an internet user. Online service providers include, for example, website hosting, blogs, email services, chat rooms or other venues in which user-generated content may be posted online.

      This shield requires that the online service provider comply with all of the requirements of the DMCA, which beginning December 1, 2016 will include the online registration of a designated agent for the online service provider.  The new registration system is accessible at

      Designated agent registrations must be renewed every three years.

      Be Sociable, Share!
        Comments { 0 }


        The New Jersey Truth-in-Consumer Contract, Warranty and Notice Act (“TCCWNA”), enacted nearly 35 years ago, has over the past 7 years become increasingly popular with class action attorneys.  Cases generally target retailers’ online terms and conditions that include provisions that purport to limit rights or remedies under other state or Federal laws.  The TCCWNA prohibits a:

        seller, lessor, creditor, lender or bailee…in the course of his business offer to any consumer or prospective consumer or enter into any written consumer contract or give or display any written consumer warranty, notice or sign…which includes any provision that violates any clearly established legal right of a consumer or responsibility of a seller, lessor, creditor, lender or bailee as established by State or Federal law at the time the offer is made or the consumer contract is signed or the warranty, notice or sign is given or displayed.

        N.J.S.A. § 56:12-15.

        Several recent federal district court decisions question whether plaintiffs have suffered harm sufficient to satisfy Article III standing requirements articulated by the Supreme Court in Spokeo, Inc. v. Robins, 136 S. Ct. 1540, 1548 (2016).  In Candelario v. Rip Curl, Inc., 2016 U.S. Dist. LEXIS 163019 (C.D. Cal. Sept. 7, 2016), the court dismissed plaintiff’s complaint alleging that defendant Rip Curl’s online terms and conditions contained impermissible limitations on defendant’s liability.  The court found that plaintiff had not pled any injury-in-fact by virtue of having read the terms after being disappointed by an item of clothing she purchased from defendant’s website.

        A link to the opinion may be found here.

        Be Sociable, Share!
          Comments { 0 }


          Beginning in early 2016, courts throughout the country have seen a trend of class action lawsuits brought under the New Jersey Truth-In-Consumer Contract Warranty and Notice Act (the “TCCWNA”).  Liability under the TCCWNA is premised upon entering into, giving or displaying a contract, warranty, notice or sign “which includes any provision that violates any clearly established legal right of a consumer or responsibility of a seller, lessor, creditor, lender or bailee as established by State or Federal law.”  In addition to prohibiting invalid and unenforceable provisions, the statute bars the use of catch-all invalidity provisions, which state generally that some provisions of the contract, notice, or sign may be void, inapplicable, or unenforceable.  Considering the broad statutory language, many agreements commonly used by covered entities are rendered unlawful by this statute.  It is advisable for such entities to have their website(s), consumer agreements and website terms of use reviewed for TCCWNA compliance, and in the meantime consider screening New Jersey consumers from all marketing, sales, loans or collections.

          Be Sociable, Share!
            Comments { 0 }


            On March 17, 2016, the California Court of Appeals, 2nd District, issued an opinion certified for publication affirming a ruling of the Los Angeles Superior Court denying a petition to compel arbitration by defendant Provide Commerce, Inc., owner of  Long v. Provide Commerce, 216 Cal. App. LEXIS 199 (Case No. B257910).  The court found notice of the “browsewrap” Terms of Use agreement was inadequate to bind the user to the TOU where he was not required to affirmatively consent and where the overall design of the website would not have placed a reasonably prudent user on notice of the agreement.  According to the court:

            “no California appellate court has yet addressed what sort of website design elements would be necessary or sufficient to deem a browsewrap agreement valid in the absence of actual notice. Accordingly…our analysis is largely guided by two federal cases from the Second and Ninth Circuit Courts of Appeals, each of which considered the enforceability of a browsewrap agreement applying the objective manifestation of assent analysis dictated by California law. [citing Specht v. Netscape Communs. Corp. (2d Cir. 2002) 306 F.3d 17, 30 fn. 13, and Nguyen v. Barnes & Noble Inc. (9th Cir. 2014) 763 F.3d 1171, 1175.] In keeping with the principles articulated in these authorities, we conclude the design of the website, even when coupled with the hyperlink contained in the confirmation email, was insufficient to put Plaintiff on inquiry notice of the subject Terms of Use.”

            Long, supra, at 13.  The court goes on to quote the following “bright line rule for determining the validity of browsewrap agreements” as announced in Nguyen:

            “[W]here a website makes its terms of use available via a conspicuous hyperlink on every page of the website but otherwise provides no notice to users nor prompts them to take any affirmative action to demonstrate assent, even close proximity of the hyperlink to relevant buttons users must click on—without more—is insufficient to give rise to constructive notice.”

            Id. at 17 (quoting Nguyen, supra, at pp. 1178-1179.)  “Typically that ‘something more’ had taken the form of an explicit textual notice warning users to ‘Review terms’ or admonishing users that by clicking a button to complete the transaction ‘you agree to the terms and conditions in the [agreement].’” Id. at 16-17.  In this case no such explicit textual notice was provided.

            The court’s opinion may be found at the following link:


            Be Sociable, Share!
              Comments { 0 }


              On November 13, 2015, the United States District Court for the Northern District of California dismissed a lawsuit by Sikhs for Justice Inc. (“SFJ”) asserting several causes of action against Facebook, Inc., including a federal claim of racial discrimination, for having allegedly blocked SFJ’s Facebook page in India without notice or explanation. Sikhs for Justice “SFJ”, Inc. v. Facebook, Inc., 2015 U.S. Dist. LEXIS 154716 (N.D. Cal. Nov. 13, 2015).  According to SFJ, Facebook acted “on its own or on the behest of the Government of India” because of discrimination against SFJ and its members on the grounds of race, religion, ancestry, and national origin. 

              The court denied the claim pursuant to 47 U.S.C. 230, the federal Communications Decency Act. Its subsection (c)(1) states in pertinent part that “[n]o provider or user of an interactive computer service [“ICS”] shall be treated as the publisher or speaker of any information provided by another information content provider.”  The court relied upon Ninth Circuit precedent for the proposition that subsection (c)(1) immunizes ICS removal of user content.

              Notably, the court did not reference 47 U.S.C. 230, subsection (c)(2), which provides that “[n]o provider or user of an interactive computer service shall be held liable on account of– (A) any action voluntarily taken in good faith to restrict access to or availability of material…”  By relying upon subsection (c)(1), which does not require a finding of good faith, the court granted Facebook’s FRCP 12(b)(6) motion.

              Be Sociable, Share!
                Comments { 0 }


                On October 6, 2015, the European Union’s highest court (the “ECJ”) issued an order (the “Order”) invalidating the 15-year-old U.S.-EU Safe Harbor Program (the “Program”).  Schrems v. Data Prot. Comm’r, E.C.J., No. C-362/14.  The Program allowed U.S. companies to transfer EU citizens’ data to the U.S. by self-certifying to the U.S. Department of Commerce privacy principles similar to those contained in the EU Data Protection Directive (95/46/EC).  The basis for the Order was that the Program didn’t safeguard personal data against surveillance by the U.S. government and didn’t allow sufficient redress to EU citizens whose privacy had been breached by such surveillance. The case was initiated by Austrian law student Max Schrems against Facebook in Ireland where Facebook’s European operations are headquartered.  The case was referred to the ECJ by Ireland’s High Court after the Irish Office of the Data Protection Commissioner said it didn’t need to examine the complaint about data transfers made by Facebook Ireland Inc. because the transfers were done in accordance with the Program.  The ECJ found that U.S. authorities could ignore the privacy protections of the Program and could “access the personal data transferred from the member states to the United States and process it in a way incompatible, in particular, with the purposes for which it was transferred, beyond what was strictly necessary and proportionate to the protection of national security.” The European Commission has stated publicly that any transfer of data from European Economic Area in the last 15 years that relied on the Safe Harbor Program may be subject to legal challenge.  While approximately 4,400 U.S. companies are certified under the Program, the Order would not prevent the continued transfer of data by those with alternative means for data transfers in place, such as binding corporate rules or model contracts.

                Be Sociable, Share!
                  Comments { 0 }


                  On July 31, 2015, in Mollett v. Netflix, Inc., No. 12-17045, the Court of Appeals for the Ninth Circuit affirmed the order of the United States District Court for the Northern District of California dismissing claims brought under the Video Privacy Protection Act (“VPPA”), 18 U.S.C. § 2710, and California Civil Code § 1799.3 by two plaintiffs on behalf of themselves and other similarly-situated Netflix subscribers.  Plaintiffs allege that Netflix violated the statutes by permitting certain disclosures about their viewing history to third-parties, namely, subscribers’ family, friends and guests.  The claims were directed at Netflix’s display of a subscriber’s video queue and “recently watched” video titles on a subscriber’s television when Netflix is activated.  Netflix brought a motion to dismiss for failure to state a claim on the grounds that, inter alia, disclosures of personal information are made to subscribers themselves and therefore permissible.  The Ninth Circuit stated that:

                  “The interpretation of this section of the VPPA is an issue of first impression for this Circuit.  The VPPA was enacted in 1988 in response to the Washington City Paper’s publication of then-Supreme Court nominee Robert Bork’s video rental history. [citation omitted] The paper had obtained (without Judge Bork’s knowledge or consent) a list of the 146 films that the Bork family had rented from a Washington, D.C.-area video store.  Id.  Members of the Judiciary Committee “denounced the disclosure” and Congress acted swiftly to enact the VPPA . . . ‘[t]o preserve personal privacy with respect to the rental, purchase or delivery of video tapes or similar audio visual materials.’ Id. at *7.”

                  The Ninth Circuit dismissed plaintiffs’ claims. “The VPPA prohibits a ‘video tape service provider’ from knowingly disclosing ‘personally identifiable information’ about one of its consumers ‘to any person,’ and provides for liquidated damages in the amount of $2,500 for violation of its provisions.’ . . . The Act provides several exceptions to the disclosure prohibition, [including] allowing disclosure of a consumer’s video rental history to the consumer himself. . .”  Id. at *8.  The Ninth Circuit held that the disclosure alleged by the plaintiffs is a disclosure “to the consumer” that is permitted by the Act.  Id. at *9:

                  “The fact that a subscriber may permit third parties to access her account, thereby allowing third parties to view Netflix’s disclosures, does not alter the legal status of those disclosures.  No matter the particular circumstances at a subscriber’s residence, Netflix’s actions remain the same; it transmits information automatically to the device that a subscriber connected to her Netflix account.  The lawfulness of this disclosure cannot depend on circumstances outside of Netflix’s control.”

                  Id. at *12.  The Ninth Circuit applied the same analysis to dismiss the claims under California’s video privacy statute, Civil Code § 1799.3.

                  The Ninth Circuit’s opinion may be found at the following link:

                  Be Sociable, Share!
                    Comments { 0 }

                    California Court of Appeals Holds Personal Identification Information Protections Under Song-Beverly Credit Card Act Inapplicable to Online Purchase Where Buyer Elects to Pick Up Goods at Seller’s Store

                    The California Court of Appeals recently held in Ambers v. Beverages & More, Inc. (“BevMo”), Case No. B257487 (Cal. Ct. App., 2nd Dist., order entered May 4, 2015), that Civil Code section 1747.08 of the Song-Beverly Credit Card Act did not apply to an online purchase where the buyer elected to pick up the merchandise at the seller’s store. The court affirmed the lower court’s judgment in favor of defendant BevMo. This decision is in the wake of the California Supreme Court’s decision in Apple v. Superior Court (Krescent), 56 Cal. 4th. 128 (2013), in which the court held that the Song-Beverly Credit Card Act was inapplicable to an online transaction involving a downloadable product.

                    Section 1747.08, subdivision (a) provides:

                    Except as provided in subdivision (c), no person, firm, partnership, association, or corporation that accepts credit cards for the transaction of business shall do any of the following:


                    1. Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to write any personal identification information upon the credit card transaction form or otherwise.
                    2. Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the person, firm, partnership, association, or corporation accepting the credit card writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.
                    3. Utilize, in any credit card transaction, a credit card form which contains preprinted spaces specifically designated for filling in any personal identification information of the cardholder.


                    “Personal identification information” is defined in section 1747.08, subdivision (b), as “information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder’s address and telephone number.”

                    Section 1747.08, subdivision (c), sets forth certain exceptions to the statutory prohibitions. Subdivision (c)(4) allows personal identification information (“PII”) to be collected if it “is required for a special purpose incidental but related to the individual credit card transaction, including, but not limited to, information relating to shipping, delivery, servicing, or installation of the purchased merchandise, or for special orders.”

                    Plaintiff Ambers alleged he was required to provide PII to complete his online purchase, in violation of Song-Beverly.

                    The appellate court referenced Apple, supra, in which the court found the statute inapplicable to an online transaction because the collection of PII by online retailers could serve a legitimate purpose such as fraud prevention. Brick-and-mortar retailers, by contrast, could verify identity at the time of purchase without requiring the collection of PII. For example, they could compare the signature on the credit card transaction form with the signature on the back of the card.

                    Here, the appellate court found the reasoning in Apple applicable to an online credit card transaction where the merchandise is picked up at the store, because ownership of the merchandise passes immediately upon completion of the online purchase, and not when it is picked up at the store. Without obtaining Ambers’ PII, BevMo would have had no means of verifying that Ambers was an authorized user of the credit card number entered on BevMo’s website before the purchase transaction was completed.

                    Finally, the court rejected Ambers’ argument that presentation at pickup of his identification and the credit card he had used to complete the online purchase was sufficient antifraud protection for BevMo. The court reasoned that such presentation alone would not provide sufficient recourse if the transaction later proved to be fraudulent.

                    Be Sociable, Share!
                      Comments { 0 }