ContractsProf Blog

Editor: D. A. Jeremy Telman
Valparaiso Univ. Law School

A Member of the Law Professor Blogs Network

Tuesday, August 10, 2010

Is a Website's Privacy Policy a Binding Contract?

Richard Raysman and Peter Brown write in today's NYLJ that the answer to that question remains unsettled. The issue was raised in a recent case involving a Cleveland newspaper that reported on a judge's anonymous comments (about pending cases) to its website.  Here's a taste of Raysman and Brown's article:

The law surrounding the contractual nature of privacy policies remains unsettled: Are they merely broad statements of company policy or enforceable contracts?

Some courts have held that general statements like privacy policies are unilateral corporate statements that are not sufficiently definite to form a contract. Others have found privacy policies can form a contract, particularly when parties claiming a breach have alleged that they read and subsequently relied on the policy prior to transacting business with the site operator. See e.g., Meyer v. Christie, 2007 WL 3120695 (D. Kan. Oct. 24, 2007).

Regardless, any successful claim for breach of contract requires a showing of compensable loss arising out of the alleged breach, beyond a generalized claim of loss of privacy.

For example, in Smith v. Trusted Universal Standards in Electronics Transactions Inc., 2010 WL 1799456 (D. N.J. May 4, 2010), the plaintiff alleged that his Internet service provider failed to adhere to its privacy policy by failing to explain fully why his communications were blocked for spam-related violations.

Ruling on a motion to dismiss, the court found that the plaintiff seemed to have alleged that the privacy policy provisions allegedly violated were part of his agreement with his ISP and that he relied on them.

However, the court dismissed the plaintiff's contract claims, with leave to amend, because the plaintiff failed to plead any loss stemming from the alleged breach.

Similarly, in Cherny v. Emigrant Bank, 604 F.Supp.2d 605 (S.D.N.Y. 2009), the court ruled that the disclosure of an e-mail address allegedly in contravention of the defendant's privacy policy that resulted in the plaintiff's receipt of spam, but no other misuse, could not form a cognizable breach of contract action because of a lack of recoverable damages.

They also discuss the FTC’s “aggressive stance” with regard to data privacy.  Interesting issue; the article is worth a read.

Brown & Raysman, Contractual Nature of Online Policies Remains Unsettled, NYLJ (8/10/10).

[Meredith R. Miller]

August 10, 2010 in In the News, Recent Cases | Permalink | Comments (0) | TrackBack (0)