e-commercelaw&policy
FEATURED ARTICLE
03/09
cecile park publishing
Head Office UK Cecile Park Publishing Limited, 17 The Timber Yard, Drysdale Street, London N1 6ND
tel +44 (0)20 7012 1380 fax +44 (0)20 7729 6093 info@e-comlaw.com
www.e-comlaw.com
E-CONTRACTS
Old contracts in new realms:
keeping track of the changes
As online contract law develops, it
may be helpful to take an updated
look at some of the approaches
used in the US. Holly K.Towle,
Partner at K&L Gates, looks at
several emerging trends or needs
that companies contracting online
need to bear in mind to avoid
complex legal proceedings.
Online contracts written for an
offline world, but made or
performed electronically, can have
unintended consequences. For
example, if a party must ‘deliver’ a
document, posting it online might
only meet a ‘make available’
requirement. When a contract calls
for ‘written’ amendments, does that
contemplate paper only or does it
encompass email statements?
When an ‘integration’ or ‘merger’
clause says the agreement in the
scroll box is the ‘entire’ agreement
of the parties, is that true or did
one party really intend for online
consents, disclosures and terms of
use also to apply?
In short, contracts written for a
physical world should be updated
for electronic settings1. Further,
within e-settings, contracts written
for one setting need to be adapted
to others, e.g., a contract written
assuming a desktop computer
screen will not necessarily work for
mobile devices.
E-SIGN consumer rule
15 U.S.C. §7001(c) is a special
consumer rule in the federal
Electronic Signatures in Global and
National Commerce Act (‘the Act’).
The Act does not really have global
reach, but by using that word,
Congress created the acronym ‘ESIGN’ for this basic enabling
statute for electronic signatures
and records in the US. Section
7001(c) contains a consumer
protection rule that is perilous to
overlook. It pertains when a
e-commerce law and policy january 2011
company is required to provide to
a consumer (an individual acting
primarily for personal, household
or family purposes) information
(e.g., a disclosure) in ‘writing’ (on
paper). In the US, such consumer
protection disclosures must be
provided by a range of industries,
e.g., financial institutions. When a
company is required to provide
such a written disclosure, it may
not substitute an electronic version
unless it first complies with
§7001(c).
This requires three steps
involving details that can be
surprisingly difficult to meet in
context. Very generally, the
company wanting to substitute an
electronic disclosure for paper
must:
provide a clear and conspicuous
E-SIGN statement consisting of
specified content about dealing
electronically, and listing software
and hardware needed for access
and retention;
obtain the consumer's
affirmative consent to substitution;
and
obtain or confirm that consent
electronically in a manner
reasonably demonstrating the
consumer's ability to access the econsumer protection disclosure. If
there is a change in software and
hardware, a fourth step looms, i.e.,
providing notice of changes and
reconfirming the third step.
Only after meeting §7001(c) may
the consumer protection disclosure
be provided electronically paper.
This is harder than it sounds and a
consequence of non-compliance is
a deemed failure to provide the
consumer protection disclosure2.
Additional e-regulations or ‘egloss’
Even contracts complying with the
first and second steps might not
comply with regulations adding a
gloss to how things must be done
electronically. For over a decade,
the focus in the US has been on
whether it was possible to meet
electronically a law requiring a
‘writing’ or ‘signature’, and
‘enabling’ laws have, in general,
said ‘yes’3. However, a new
generation of regulations is
emerging with additional, special
rules regulating how that must be
done or simply extending to
businesses, consumer protections
akin to E-SIGN §7001(c)4. Some
of this ‘e-gloss’ will be invalid
under E-SIGN restrictions on
regulators, but not all.
An example of ‘e-gloss’ is a new
Federal Trade Commission (FTC)
rule for mortgage foreclosure
services. Its definition of ‘clear and
prominent’ specifies details for all
of these communications: textual
(written or printed, including
computer screen text), oral,
audible, video and interactive
media (e.g.,internet, software and
online services). The portion of the
definition for textual
communications and interactive
media illustrates the scope of detail
found in this kind of ‘e-gloss’5.
Finding such rules or ‘e-gloss’
requires locating and reviewing the
exact background law for each
subject matter of the contract. This
has long been the task of attorneys,
but it is increasingly arduous
because of its random nature and
the fact that it is often buried in
non-uniform guidance,
commentary or interpretations.
Attribution
It does little good to make a
contract if the company seeking to
enforce it cannot attribute it to the
intended party: if contracting
procedures create ambiguity
regarding who clicked ‘I Agree’ or
typed in a signature or is
referenced, a company may find
itself without a contract, or may
have one with or pertaining to
someone other than intended. This
problem can arise from ambiguous
03
E-CONTRACTS
language or the inability to know
who made the agreement.
In Prudential Insurance Co. of
America v Dukoff6, an online life
insurance application was too
ambiguous to allow summary
judgment on who contracted with
the company. The choices were: the
husband - claimed by one side to
have filled out the application on
his wife - the wife, claimed by one
side to have filled out the
application on herself, or both?
The answer mattered to several
claims, including under agency law
and an insurance law statute
restricting the ability of the
company to contest statements
made by the ‘applicant’. The
company could not prove who the
‘applicant’ was.
In Dillard Store Services, Inc. v
Kerr7, a department store could not
enforce an arbitration agreement
against its sales clerk. The clerk had
not turned up for the right shift
and was cautioned to meet her
online schedule. She said she had
not seen it and her manager took
her to an employee-available
computer in the cafeteria to help
her set up an employee account, a
process which included obtaining
employee consent to an arbitration
agreement. The question came
down as to who consented - the
employee, the manager or
someone else involved in the
process? Because the store could
not reasonably prove the answer, it
could not enforce the arbitration
contract.
Data protection
The above illustrates the need
under contract law to ‘know your
counterparty’, but there is also a
developing need under US identity
theft prevention laws and to avoid,
according to the FTC, the unfair
act of not adequately
authenticating customers8. Dealing
with the wrong person (the
identity thief) carries increasing
04
Finding such
rules or ‘egloss’
requires
locating and
reviewing the
exact
background
law for each
subject
matter of the
contract. This
[task] is
increasingly
arduous
exposure for the company so
dealing and the person whose
identity is stolen. Both are victims
of the identity thief9. However,
efforts taken to know your
counterparty can conflict with data
protection laws, creating the
unenviable position of being
caught between a rock and a hard
place10.
Incorporated contract terms
Contracts increasingly attempt to
incorporate by reference separate
terms posted online and, often, this
does not work for a range of
reasons11. Case law tends to be fact
dependent and ‘outcome’-based,
particularly if it is cumbersome to
access the terms. A recent example
is an unpublished case12 where an
installation CD contained a tenpage clickwrap agreement in scroll
box asking users to ‘Please read’ a
Subscriber Agreement posted
online. The court refused to grant
a motion to avoid trial for several
reasons and held that:
‘As presented, the Clickwrap
Agreement does not clearly
incorporate the Subscriber
Agreement by reference and to reach
the arbitration clause requires the
user to leave the installation
program, log onto the Internet (if
possible), navigate to the proper
page, and read the Subscriber
Agreement, then return to the
installation program's scroll down
window to read the remaining ten
pages of the High-Speed Internet
Modem Installation Legal
Agreement before choosing whether
to agree to the terms. In addition,
the arbitration issue is confused by
the fact that the readily available
agreements [in the scroll box]
provide a forum in the court system
for resolution of conflicts springing
from the scroll box contracts. This
creates an ambiguity regarding
recourse in the event of a dispute.’
Access controls
The FTC has begun to claim that
having inadequate access controls
to protect personal data is an
unfair act. FTC enforcement
actions have resulted in private
settlement orders indicating what
the FTC believes is appropriate for
the service provider's system, its
administrators and even it
customers' systems. Several states
also require businesses to
implement and maintain
reasonable security measures,
including to protect personal
information from ‘unauthorized
access’13.
Specific topic statutes and
payment card organization
rules
State legislatures dive into this
arena with non-uniform laws on
random topics which are difficult
to discover. A new California
statute14 is illustrative and impacts
formation of consumer
subscription or membership
contracts when services will be
continuous or automatically
renewed at the end of a definite
term (e.g., annually). An example
is a health club membership for
which the annual fee is
automatically charged to a
payment card or directly debited
from the consumer's bank account.
Absent compliance, the statute
converts provision of services or
goods into an ‘unconditional gift’.
It requires the service provider to
make particular disclosures in a
stated time and manner, provide a
particular acknowledgement of
order receipt, obtain ‘affirmative’
consent, and provide a particular
notice of material changes and
cancellation procedures. The
statute makes it unlawful to make a
charge or debit absent affirmative
consent (subject to exceptions).
This kind of statute applies in
addition to already existing rules of
payment systems and state or
e-commerce law and policy january 2011
E-CONTRACTS
federal laws such as federal
Regulation E (which applies to preauthorized debits to consumer
bank accounts)15, payment card
organization rules for ‘recurring
transactions’ and so on.
Other payment card organization
rules can also impact online
contracting. An example is a Visa
rule prohibiting ‘data passes’. As
explained in a US Senate
Committee report16, after
customers have made a purchase
but before completing sale
confirmation, customers are
presented with another offer which
is actually from a third party but
appears to be connected to the
purchase. This appearance is
buttressed because the first
merchant has ‘passed’ data to the
second, the consumer is not
required to re-enter credit card
information and, thus, may not
realize a separate purchase is being
made. Visa rules apparently
expressly prohibit the practice as of
1 May 201017. Violation of this kind
of payment card rule can result in
a ‘chargeback’ of the transactions,
and at least one court has viewed a
high rate of ‘chargeback’ as
evidence of consumer confusion in
an unfair acts or deceptive
practices claim18.
Electronic records
If there is a dispute, it does not do
much good to have carefully
formed a compliant contract if
electronic records for it cannot be
introduced into court, and erecords are more vulnerable to
being rejected than paper. An
illustrative case is In re Vee
Vinhnee19, where a creditor was
denied recovery because it did
could not establish an evidentiary
foundation for the accuracy of its
electronic record keeping system.
Note also that evidentiary rules are
not the only relevant rules: some
‘e-enablement’ statutes such as ESIGN contain new e-record rules.
e-commerce law and policy january 2011
Standard e-contract rules
The following additional questions
continue to be relevant:
Does the user have notice a
contract is being made20?
Is the contract formed at the
correct time and have
requirements in basic ‘e-enabling’
laws been met or varied if allowed?
Have required pre-contract
disclosures been made and
formatting requirements met,
including for concepts such as
‘conscionability’, unfair acts or
deceptive practices and any ‘e-gloss’
rules?
Is there an opportunity to
review and reject the contract
terms (such as outlined in the
Uniform Computer Transaction
Act § 112)21? If terms cannot be
reviewed until later, is there a right
of return upon rejection of the
later-delivered terms22?
Is there a manifestation of assent
to the contract by the party
intended to be bound in the form
(if any) required by applicable law?
Holly K. Towle Partner
K&L Gates (Seattle)
holly.towle@klgates.com
1. For more examples and further
discussion, see Towle, Holly, ‘Modern
Contracts: Boilerplate Needs an
Overhaul for the Information Economy’,
Electronic Commerce & Law Report, 14
ECLR 1583, 11/04/2009.
2. For a review of § 7001(c), see Towle,
Holly, ‘The Law of Electronic Commercial
Transactions’ (2003-2010, A.S. Pratt &
Sons) at Chapter 11 (Consumer Law
Issues in E-Commerce).
3. See footnote 2 (Chapter 4).
4. For example, the Internal Revenue
Service has several times issued
regulations containing variations of the ESIGN §7001(c) consumer rule for use
with notices to businesses or in business
settings to which E-SIGN does not apply.
5. 16 CFR 322.2(a)(1) and (4).
6. Prudential Insurance Co. of America v
Dukoff, EDNY, No. 07-1080 (12/18/09).
7. Dillard Store Services, Inc. v Kerr,
2009 WL 385863 (D. Kan. 2009).
8. Footnote 2 (Chapters 15 and
16.06[2][c]).
9. See footnote 2 (Chapter 15).
10. See Towle, Holly, ‘Personal Data as
Toxic Waste: A Data Protection
Conundrum’, Privacy & Data Security
Law Journal, June 2009.
11. Footnote 2 (Chapter 5.03[2][d]).
12. Grosvenor v Qwest Communications
International, Inc., 2010 WL 3906253,
unpublished.
13. See e.g., Cal. Civ. Code §
1798.81.5.
14. See CA Bus. & Prof. Code § 1760017606, at www.leginfo.ca.gov/cgibin/displaycode?section=bpc&group=17
001-18000&file=17600-17606
15. Footnote 3 (Chapter 11).
16. See ‘Aggressive Sales Tactics on the
Internet and Their Impact on American
Consumers’, by the Committee on
Commerce, Science and Transportation,
available from http://commerce.
senate.gov/public/index.cfm?
p=Search&num=&filter=0&q=%22Aggres
sive+Sales+Tactics+on+the+Internet+an
d+Their+Impact+on+American+Consum
ers
17. See http://broadcast01p.
visabroadcasts.com/doc/201004201249
36/28a6730974b8943ee0d6a34963ca4
0c3 (I say ‘apparently’ because the
publicly posted set of Visa rules had, at
the time I located the public press
release URL, not been updated to
include the rule and seem not to mesh
with citations in the release. Many card
organization rules are never publicly
posted.)
18. See e.g., FTC v Grant Connect, LLC,
Slip Copy, 2009 WL 3074346 (D NV
2009); decision also includes list of
preliminary injunction requirements for
defendants' ‘continuity program’ and its
pre-authorized debits of consumer bank
accounts.
19. In re Vee Vinhnee, 336 B.R. 437 (9th
Cir. 2005).
20. See e.g., Specht v Netscape
Communications Corp., 306 F.3d 17(2nd
Cir. 2002) (insufficient notice). See also
UCITA §§ 208 and 209 (2000)(ways to
provide notice).
21. UCITA has only been adopted in two
states, but it and its official comments
are useful to understanding US common
law and differences between contract
laws written for sales goods (such as the
Uniform Commercial Code Article 2
regarding sales of goods) and
information licenses or access contracts.
From a compliance perspective, courts
have tended to require the same or less
than UCITA since its issuance, so
compliance by analogy can often be
helpful in a setting where contract law for
information transactions is not yet clear.
22. See UCITA § 209 (2000) (rules for
some later-deliver terms).
05