Justia Contracts Opinion Summaries

Articles Posted in Internet Law
by
Shymikka Griggs filed a data-breach action against NHS Management, LLC, a consulting firm providing management services for nursing homes and physical-rehabilitation facilities. NHS collects sensitive personal and health information from employees, patients, and vendors. In May 2021, NHS discovered a cyberattack on its network, which lasted 80 days. NHS notified affected individuals, including Griggs, in March 2022. Griggs, a former NHS employee, claimed her personal information was found on the dark web, leading to credit issues, spam communications, and fraudulent activities.Griggs initially filed a class-action complaint in the United States District Court for the Northern District of Alabama but later dismissed it. She then filed a class-action complaint in the Jefferson Circuit Court in June 2023, alleging negligence, negligence per se, breach of contract, invasion of privacy, unjust enrichment, breach of confidence, breach of fiduciary duty, and violation of the Alabama Deceptive Trade Practices Act. NHS moved to dismiss the complaint, arguing lack of standing and failure to state a claim. The Jefferson Circuit Court dismissed Griggs's complaint with prejudice.The Supreme Court of Alabama reviewed the case and affirmed the circuit court's judgment. The court held that Griggs failed to sufficiently plead her claims. Specifically, she did not demonstrate that NHS owed her a duty under Alabama law, failed to establish proximate cause for her negligence per se claim, did not allege intentional conduct for her invasion-of-privacy claim, and did not show that she conferred a benefit on NHS for her unjust-enrichment claim. Additionally, the court found that breach of confidence is not a recognized cause of action in Alabama and that Griggs did not establish a fiduciary relationship between her and NHS. View "Griggs v. NHS Management, LLC" on Justia Law

by
PayPal users can transfer money to businesses and people; they can donate to charities through the Giving Fund, its 501(c)(3) charitable organization. Kass created a PayPal account and accepted PayPal’s 2004 User Agreement, including a non-mandatory arbitration clause and allowing PayPal to amend the Agreement at any time by posting the amended terms on its website. In 2012 PayPal amended the Agreement, adding a mandatory arbitration provision. Users could opt out until December 2012. In 2016, PayPal sent emails to Kass encouraging her to make year-end donations. Kass donated $3,250 to 13 charities through the Giving Fund website. Kass alleges she later learned that only three of those charities actually received her gifts; none knew that Kass had made the donations. Kass claims that, although Giving Fund created profile pages for these charities, it would transfer donated funds only to charities that created a PayPal “business” account; otherwise PayPal would “redistribute” the funds to similar charities.Kass and a charity to which she had donated filed a purported class action. The district court granted a motion to compel arbitration, then affirmed the arbitrator’s decision in favor of the defendants. The Seventh Circuit vacated. In concluding that Kass had consented to the amended Agreement, the district court erred by deciding a disputed issue of fact that must be decided by a trier of fact: whether Kass received notice of the amended Agreement and implicitly agreed to the new arbitration clause. View "Kass v. PayPal Inc." on Justia Law

by
Plaintiff worked for a company later acquired by the Paradies Shops. He, like many employees, entrusted his employer with sensitive, personally identifiable information (PII). In October 2020, Paradies suffered a ransomware attack on its administrative systems in which cybercriminals obtained the Social Security numbers of Plaintiff and other current and former employees. Shortly after learning of the data breach, Plaintiff brought claims for negligence and breach of implied contract on behalf of himself and those affected by the data breach, arguing Paradies should have protected the PII. He now appeals from the district court’s order granting Paradies’s motion to dismiss for failure to state a claim. He contends the district court demanded too much at the pleadings stage.   The Eleventh Circuit affirmed the dismissal of the breach of implied contract claim and reversed the district court’s dismissal of Plaintiff’s negligence claim, and remanded for further proceedings. The court explained that, as the Georgia Supreme Court has noted, “traditional tort law is a rather blunt instrument for resolving all of the complex tradeoffs at issue in a case such as this, tradeoffs that may well be better resolved by the legislative process.” Nevertheless, having applied Georgia’s traditional tort principles, the court concluded Plaintiff has pled facts giving rise to a duty of care on the part of Paradies. Getting past summary judgment may prove a tougher challenge, but Plaintiff has pled enough for his negligence claim to survive a Rule 12(b)(6) motion to dismiss. View "Carlos Ramirez v. The Paradies Shops, LLC" on Justia Law

by
Skillz provides a mobile platform that hosts games in which players compete for cash prizes. To participate in paid-entry competitions, a user must save the player account; after entering a date of birth, the user must tap a box with the word “Next.” Below the “Next” box is the advisory statement: “By tapping ‘Next,’ I agree to the Terms of Service and the Privacy Policy.” A hyperlink, if tapped, takes the user to Skillz’s terms of service. Gostev saved a Skillz player account in 2019. The Terms of Service then had 15 pages.Gostev sued Skillz, alleging that its games constituted illegal gambling, predatory and unlawful practices, and violated the Unfair Competition Law and the Consumers Legal Remedies Act, Gostev alleged the arbitration agreement was unenforceable. Skillz argued that Gostev’s challenges to the enforceability of the arbitration provision had to be submitted to an arbitrator.The court of appeal affirmed a finding that the arbitration agreement was procedurally and substantively unconscionable. The court noted provisions that a plaintiff’s damages are limited, the arbitration must occur in San Francisco, a plaintiff only has one year to bring his claim, the parties must split the arbitration fees and costs, and the defendant can obtain equitable relief without posting a bond or security. Unconscionability ”permeates the agreement such that severance is unavailable,” View "Gostev v. Skillz Platform, Inc." on Justia Law

by
A major data breach compromised sensitive consumer information on thousands of credit cards. In this appeal, we address who must pay for the cleanup. Beginning in 2014, hackers compromised credit card data at multiple businesses owned by Landry’s Inc. (“Landry’s”). Many of those cards belonged to Visa and Mastercard. In response, Visa and Mastercard imposed over twenty million dollars in assessments on JPMorgan Chase and its subsidiary Paymentech (collectively, “Chase”), who were responsible for securely processing card purchases at Landry’s properties. Chase then sued Landry’s for indemnification, and Landry’s impleaded Visa and Mastercard. The district court dismissed Landry’s third-party complaints against Visa and Mastercard and granted summary judgment for Chase, finding that Landry’s had a contractual obligation to indemnify Chase. Landry’s argued that it should not have to indemnify Chase because the assessments are not an enforceable form of liquidated damages.   The Fifth Circuit affirmed. The court explained that since Landry’s indemnification obligation stems from its own acts or omissions under the Merchant Agreement, the debt is its own. Further, the court wrote that Landry’s alleged for its deceptive business practices claims that the assessments were “invalid” under the Payment Brand Rules and “applicable law” and, therefore, the Payment Brands’ “imposition and collection of the [assessments] was an unlawful business practice.” Because these claims turn on the assessments’ enforceability under Chase’s contracts with the Payment Brands, they are functionally the same as the subrogated claims. Since Landry’s cannot challenge the Payment Brands over those contracts as Chase’s subrogee, it cannot do so through a change in labeling. View "Paymentech v. Landry's" on Justia Law

by
LinkedIn Corp. sent hiQ Labs, Inc. ("hiQ") a cease-and-desist letter, asserting that hiQ violated LinkedIn’s User Agreement. LinkedIn asserted that if hiQ accessed LinkedIn’s data in the future, it would be violating state and federal law, including the CFAA, the Digital Millennium Copyright Act (“DMCA”) and the California common law of trespass.HiQ sought injunctive relief and a declaratory judgment that LinkedIn could not lawfully invoke the CFAA, the DMCA, California Penal Code Sec. 502(c), or the common law of trespass against it. LinkedIn appealed the district court’s decision ordering LinkedIn to withdraw its cease-and-desist letter, to remove any existing technical barriers to hiQ’s access to public profiles, and to refrain from putting in place any legal or technical measures with the effect of blocking hiQ’s access to public profiles.The court affirmed the district court, finding that hiQ currently had no viable way to remain in business other than using LinkedIn public profile data for its “Keeper” and “Skill Mapper” analytics services and that hiQ demonstrated a likelihood of irreparable harm absent a preliminary injunction. The court found that the district court properly determined that the balance of hardships tipped in hiQ’s favor. The court concluded that hiQ showed a sufficient likelihood of establishing the elements of its claim for contract interference, and it raised a question on the merits of LinkedIn’s affirmative justification defense. Finally, the court found that the district court properly determined that the public interest favored hiQ’s position. View "HIQ LABS, INC. V. LINKEDIN CORPORATION" on Justia Law

by
Plaintiffs used the defendants’ websites but did not see a notice stating, “I understand and agree to the Terms & Conditions, which includes mandatory arbitration.” When a dispute arose, defendants moved to compel arbitration, arguing that plaintiffs’ use of the website signified their agreement to the mandatory arbitration provision found in the hyperlinked terms.The Ninth Circuit held that plaintiffs did not unambiguously manifest their assent to the terms and conditions when navigating through the websites. As a result, they never entered into a binding agreement to arbitrate their dispute, as required under the Federal Arbitration Act. The panel explained that the courts have routinely enforced “clickwrap” agreements, which present users with specified contractual terms on a pop-up screen requiring users to check a box explicitly stating “I agree” to proceed. However, courts are more reluctant to enforce browsewrap agreements, which provides notice only after users click a hyperlink.Finally, the panel held that the district court properly exercised its discretion in denying the defendants’ motion for reconsideration based on deposition testimony taken two months prior to the district court’s ruling on the motion to compel arbitration. Plaintiffs did not unambiguously manifest their assent to the terms and conditions when navigating the website. Thus, they never entered into a binding agreement to arbitrate. The court affirmed the district court’s order denying the defendants’ motion to compel arbitration. View "DANIEL BERMAN V. FREEDOM FINANCIAL NETWORK LLC" on Justia Law

by
Blizzard Entertainment, Inc. (Blizzard) appealed an order denying its motion to compel arbitration. B.D., a minor, played Blizzard’s online videogame “Overwatch,” and used “real money” to make in-game purchases of “Loot Boxes” - items that offer “randomized chances . . . to obtain desirable or helpful ‘loot’ in the game.” B.D. and his father (together, Plaintiffs) sued Blizzard, alleging the sale of loot boxes with randomized values constituted unlawful gambling, and, thus, violated the California Unfair Competition Law (UCL). Plaintiffs sought only prospective injunctive relief, plus attorney fees and costs. Blizzard moved to compel arbitration based on the dispute resolution policy incorporated into various iterations of the online license agreement that Blizzard presented to users when they signed up for, downloaded, and used Blizzard’s service. The trial court denied the motion, finding a “reasonably prudent user would not have inquiry notice of the agreement” to arbitrate because “there was no conspicuous notice of an arbitration” provision in any of the license agreements. The Court of Appeal disagreed: the operative version of Blizzard’s license agreement was presented to users in an online pop-up window that contained the entire agreement within a scrollable text box. View "B.D. v. Blizzard Entertainment" on Justia Law

by
In this dispute over terms of an online auction, the Fifth Circuit concluded that the district court abused its discretion by improperly admitting evidence and taking judicial notice of the terms. The court explained that Exhibit 41, an internet printout, was not properly authenticated, and the district court abused its discretion by determining that the exhibit was fit under Federal Rule of Evidence 803. Furthermore, the district court erred in taking judicial notice of the terms because a private internet archive falls short of being a source whose accuracy cannot reasonably be questioned as required by Rule 201. Because the district court's errors were not harmless, the court reversed and remanded for further proceedings. View "Weinhoffer v. Davie Shoring, Inc." on Justia Law

by
McKeon has sold “MACK’S” earplugs to retail consumers since the 1960s. In the 1980s, Honeywell's predecessor began marketing and selling MAX-brand earplugs to distributors. The brand names are phonetically identical. In 1995, McKeon sued. The parties entered a settlement agreement that the district court approved by consent decree. To prevent customer confusion, Honeywell agreed not to sell its MAX-brand earplugs into the “Retail Market” but could continue to sell its earplugs in “the Industrial Safety Market and elsewhere." The agreement and the consent decree never contemplated the internet. In 2017, McKeon complained about sales of MAX-brand earplugs on Amazon and other retail websites.The district court ruled in favor of McKeon. The Sixth Circuit affirmed and remanded. Laches is available to Honeywell as an affirmative defense but does not apply to these facts. Parties subject to consent decrees cannot scale their prohibited conduct over time, using minor undetected violations to justify later larger infringements. Honeywell did not establish that McKeon should have discovered the breaching conduct before Honeywell drastically increased online sales. McKeon’s interpretation of the consent decree is the better reading. Concluding that Amazon is a “retail establishment” makes sense given the parties’ intent. View "McKeon Products, Inc. v. Howard S. Leight & Associates, Inc." on Justia Law