Zappos.com Loses Arbitration Bid in Data Breach Class Action Lawsuit

[Jeffrey Walton <noloader () gmail com>]

Good for US consumers.... It would be nice if the US legislature would
act to bar the practice (from AT&T to Microsoft), but its a stretch
when the politicians are bought and traded like playing cards and
commodities.

http://www.topclassactions.com/lawsuit-settlements/lawsuit-news/2633-zapposcom-loses-arbitration-bid-in-data-breach-class-action-lawsuit

After dedicating quite a bit of coverage to the growing number of
companies placing mandatory arbitration clauses in their user
contracts, effectively banning consumer class action lawsuits, it was
a welcome repose yesterday to read an article on Forbes.com about a
court shooting down Zappos.com’s request to force users into
arbitration following the massive Zappos data breach that occurred in
January.

Nearly 24 million consumers were affected by the Zappos data breach,
sparking dozens of class action lawsuits against the company. Zappos
tried to send the lawsuits to arbitration based on the arbitration
clause in its user agreement, but a federal court recently struck down
the agreement for being too obscure and deceptive.

The main problem, according to the court, is that the arbitration
clause is buried as a “snippet” in a 4-page Terms of Use contract,
which can only be found by clicking on an obscure link on the site.

“We cannot conclude that Plaintiffs ever viewed, let alone manifested
assent to, the Terms of Use. The Terms of Use is inconspicuous, buried
in the middle to bottom of every Zappos.com webpage among many other
links, and the website never directs a user to the Terms of Use. No
reasonable user would have reason to click on the Terms of Use, even
those users who have alleged that they clicked and relied on
statements found in adjacent links, such as the site’s ‘Privacy
Policy,’” the court said.

Later, the court blasts Zappos for trying to bind users into
arbitration simply because they browse the site. According to the
court:

“The arbitration provision found in the Zappos.com Terms of Use
purportedly binds all users of the website by virtue of their
browsing. However, the advent of the Internet has not changed the
basic requirements of a contract, and there is no agreement where
there is no acceptance, no meeting of the minds, and no manifestation
of assent. A party cannot assent to terms of which it has no knowledge
or constructive notice, and a highly inconspicuous hyperlink buried
among a sea of links does not provide such notice. Because Plaintiffs
did not assent to the terms, no contract exists, and they cannot be
compelled to arbitrate.”

Now that the court has ruled Zappos.com’s arbitration clause
unenforceable, the class action lawsuits against the company will
likely proceed. The cases have been consolidated into a single class
action lawsuit entitled In re: Zappos.com Inc., Customer Data Security
Breach Litigation (MDL No. 2357), U.S. District Court, District of
Nevada.

The Zappos.com Data Breach Class Action Lawsuit is seeking damages and
injunctive relief for consumers affected by the hack, including that
Zappos pay for credit monitoring and identity theft insurance.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.