Zappos.com, owned by Amazon, is a large online retailer of shoes, clothing, and accessories. In early 2012, Zappos announced that the company had suffered a major security breach when a successful cyber attack exposed 24 million customers’ information. Consequently, these customers began filing lawsuits to recover damages resulting from the security breach.
There has been some debate over whether these “browsewrap” agreements are enforceable. For example, in December 2009, a Missouri court held that a similar “browsewrap” agreement was enforceable in Major v. McCallister, 302 S.W.3d 227. Some critics also question whether the Zappos ruling might have been different if the issue at hand had been less impactful than forcing 24 million customers to individually arbitrate in Nevada. Regardless, the Zappos case should serve as a warning to online businesses against relying on “browsewrap” agreements. “[T]he advent of the Internet has not changed the basic requirements of a contract, and there is no agreement where there is no acceptance, no meeting of the minds, and no manifestation of assent. A party cannot assent to terms of which it has no knowledge or constructive notice, and a highly inconspicuous hyperlink buried among a sea of links does not provide such notice. Because Plaintiffs did not assent to the terms, no contract exists, and they cannot be compelled to arbitrate.” In re Zappos.com, 893 F. Supp. 2d at 1066.