Overview
The District Court for the Northern District of California recently provided guidance in Alkutkar v. Bumble Inc., No. 22-CV-00422- PJH (N.D. Cal. Sept. 8, 2022), reconsideration denied, No. 22-CV-00422-PJH, (N.D. Cal. Nov. 16, 2022), regarding the steps a business should take to secure end-user consent for updates to terms of service agreements. In lieu of passive email or browsewrap notices, Alkutkar affirms that businesses should secure consent through an active means of acceptance. This article provides background and guidance regarding effective methods of securing consent for terms of service updates as well as discusses what we can expect for businesses in 2023.
Background: Browsewrap and passive consent
As software has moved to the cloud, so has electronic contracting. Businesses routinely employ “terms of service,” “terms of use” or simply “terms” agreements to govern their hosted solutions. From time to time, businesses will update their terms to evolve with changes in technology and the law. In doing so, businesses face a hidden issue involving whether end users have actually agreed to and accepted the new terms. A common practice in revising terms is to simply post the new terms with an “effective date” set to the date of posting. While administratively easy to do, this “browsewrap” approach generally does not require existing end users to affirmatively consent to the new terms. Some operators implement an extra step or two to announce the new terms via email and/or site banner notices. But even with these passive notices, courts have increasingly disfavored browsewrap approaches. For example, in Wilson v. Huuuge, Inc., 944 F.3d 1212 (9th Cir. 2019), the court stated: “In the absence of actual knowledge, a reasonably prudent user must be on constructive notice of the terms of the contract for a browsewrap agreement to be valid. … A reasonably prudent user cannot be expected to scrutinize the app’s profile page with a fine-tooth comb for the [t]erms.”
In other words, enforceability of a browsewrap increasingly depends on whether the end user is or should have been aware of the new or revised terms in the first place. Email and site banners may not be viewed by end users, so they may not create the type of actual or constructive knowledge contemplated by the court. That has shifted responsibility back to the site operator to build in new technologies, such as “blocker cards,” “gateways” and “pop-up” functionalities, which put the end user on active notice of the updated terms. The gravity of such functionality was at the centerpiece of Alkutkar.
‘Alkutkar v. Bumble’: Active consent demonstrated with blocker card technology
In January 2021, Bumble updated its terms of service to add an arbitration clause. Bumble then provided notice of the update to its end users via email and by implementing a “blocker card” that end users encountered when first opening the app. To fully access the app, an end user was required to affirmatively consent to the updated terms by checking a consent box presented with the blocker card.
Alkutkar, a Bumble user, filed a class action against Bumble on Jan. 22, 2022, for violations of consumer protection laws based on misleading advertisements. Bumble then filed a motion to compel arbitration based on the mandatory arbitration clause included in Bumble’s updated terms of service. In response, Alkutkar asserted that he did not consent to Bumble’s updated terms of service, including the mandatory arbitration clause.
Following development of an extensive evidentiary record, the court granted Bumble’s motion on Sept. 8, 2022. In ruling for Bumble, the court heavily relied on the strength of Bumble’s argument respecting the blocker card functionality, stating: “access and use of the app is a demonstrable consequence of Alkutkar’s assent to the updated [t]erms. … Bumble’s records indicate that plaintiff was shown the blocker card on his mobile Bumble app on March 4, 2021, at 22:27:35 GMT. … [P]laintiff’s activity on the app on March 4, 2021, including adding photos and swiping on profiles, would not have been possible unless he first clicked to accept the updated [t]erms. … Plaintiff additionally accessed and used the app on March 5, 7 and 11, activities only achievable following clicking assent on the blocker card.”
‘Alkutkar v. Bumble’: Motion for reconsideration denied
On Nov. 16, 2022, the District Court issued an order denying a motion for reconsideration brought by Alkutkar, claiming, in part, that there was a genuine dispute of material fact as to whether he viewed or agreed to the blocker card. Alkutkar asserted that either the blocker card did not appear or it did appear but someone else using his phone saw it and clicked the “I agree” button. The court was unpersuaded, however, and dismissed Alkutkar’s claims as both “equivocating” and “self-serving.”
The court reasoned that even if other people had access to Alkutkar’s phone and clicked the “I accept” button on the blocker card, Alkutkar wouldn’t know whether or not the blocker card appeared, rendering a key part of his claim as “mere speculation.” Further, the fact that Bumble could not prove that it was Alkutkar and not someone else using Alkutkar’s phone who clicked the button was unpersuasive. Alkutkar could have easily corroborated his claims with declarations from other users of his device explaining that they saw (or did not see) the blocker card. Instead, Alkutkar chose not to name the alleged other users or provide the dates they hypothetically used his phone to access his Bumble account. Interestingly though, in a footnote, the court stated that if the alternative explanation that someone else clicked “I accept” on the blocker card had been corroborated by Alkutkar, it might have created a triable issue.
In the final analysis, the court reaffirmed that Alkutkar had previously admitted that he accessed the app in March 2021 (after the date the blocker card had been implemented) and provided no corroboration at the time that the blocker card failed to work as intended. Therefore, even though Alkutkar claimed a genuine dispute of material fact as to whether he viewed and clicked on the blocker card, his inconsistent and contradictory statements necessarily precluded any reconsideration.
Looking ahead
Alkutkar and prior cases demonstrate that passive updates to terms (e.g., via browsewrap), standing alone, are likely insufficient. Therefore, implementing a mandatory clickthrough requirement designed to affirmatively secure consent to updated terms is now a best practice. Technologies like the blocker card used by Bumble present an effective means of securing consent and help create an evidentiary record of when a particular end user’s account has accepted the terms.
However, businesses should be aware that arguments as to whether it was the account holder who actually manifested consent may be asserted in litigation. As such, we recommend using multifactor authentication methods to help strengthen the evidentiary record that it was the account holder — and not a third party — that consented to the revised terms.
In 2023, companies should be actively considering how to architect and implement sufficient mechanisms and technologies to ensure end users actively consent to updated terms of service.
