By Pam Fulmer
In a major new consumer protection related case, the United States of America, acting upon notification and referral from the Federal Trade Commission (FTC), has filed a comprehensive lawsuit against Adobe Inc., a global leader in software development, and two of its senior executives, Maninder Sawhney and David Wadhwani. This lawsuit, case number 5:24-cv-03630 in the Northern District of California, asserts claims under the FTC Act and the Restore Online Shoppers' Confidence Act (ROSCA), and aims to address alleged deceptive practices in Adobe's subscription services. Right now, it is assigned to Magistrate Judge Susan Van Keulen, but it is possible that the parties will not consent to a Magistrate Judge to oversee the case, and that the case will be reassigned to an Article III Judge. This blog post delves into the details of the lawsuit, the allegations, and the broader implications for consumer protection and corporate accountability. The case is also notable in that it names individual executives as defendants in the lawsuit, and seeks to hold them accountable for their alleged predatory conduct. Background of the Case Adobe Inc., known for its suite of design and productivity software such as Acrobat, Photoshop, Creative Cloud, and Illustrator, transitioned from a perpetual licensing model to a subscription-based model around 2012. This shift aimed to boost recurring revenue by locking customers into long-term subscription plans. According to the complaint, Adobe's revenue from subscriptions has seen a significant increase, nearly doubling from $7.71 billion in 2019 to $14.22 billion in 2023. The Allegations The lawsuit centers on Adobe's "Annual, Paid Monthly" (APM) subscription plan, which the United States claims involves deceptive practices that violate federal consumer protection laws. Here are the key allegations: 1. Lack of Clear Disclosure: Adobe allegedly enrolls consumers in its most lucrative subscription plan without clearly disclosing important terms. This includes the length of the subscription term (one year) and the hefty early termination fee (ETF) that consumers must pay if they cancel before the end of the year. The ETF, which can amount to hundreds of dollars, is reportedly disclosed only when consumers attempt to cancel their subscription. 2. Complicated Cancellation Process: The complaint asserts that Adobe employs an onerous and complicated cancellation process designed to deter consumers from canceling their subscriptions. This includes hiding material terms in fine print and behind hyperlinks, and requiring consumers to navigate through multiple unnecessary steps and retention offers before they can cancel. 3. Negative Option Features: The lawsuit highlights Adobe's use of "negative option features," where a consumer's silence or failure to reject goods or services is interpreted as acceptance. The FTC Act and the Restore Online Shoppers' Confidence Act (ROSCA) require clear and conspicuous disclosure of all material terms and the consumer's express informed consent before charging them. Adobe is accused of failing to meet these requirements. 4. Monitoring and Ignoring Complaints: Adobe is also accused of being aware of the consumer confusion and complaints regarding the APM plan but continuing to employ the same deceptive practices. The lawsuit references numerous complaints from consumers on various platforms, including the Better Business Bureau and social media, indicating widespread dissatisfaction with Adobe's subscription practices. The Legal Basis The United States brings this action under several sections of the FTC Act and ROSCA, which authorize the court to order permanent injunctive relief, rescission or reformation of contracts, restitution, the refund of monies paid, disgorgement of ill-gotten monies, and other equitable relief. The lawsuit seeks to address the following specific violations: 1. Failure to Clearly and Conspicuously Disclose Material Terms: Adobe's practices are alleged to violate ROSCA, which mandates clear disclosure of all material terms before obtaining the consumer's billing information. 2. Failure to Obtain Express Informed Consent: The complaint states that Adobe failed to obtain the consumer's express informed consent before charging their financial accounts. 3. Failure to Provide a Simple Cancellation Mechanism: Adobe is accused of not providing simple mechanisms for consumers to stop recurring charges, as required by ROSCA. The Defendants • Adobe Inc.: A Delaware corporation with its principal place of business in San Jose, California. Adobe is one of the largest software companies in the world, with a significant portion of its revenue coming from subscription-based services. • Maninder Sawhney: Senior Vice President of Digital Go To Market & Sales at Adobe. Sawhney is alleged to have formulated, directed, controlled, and participated in the deceptive practices. • David Wadhwani: President of Digital Media Business at Adobe. Wadhwani is also alleged to have played a significant role in Adobe's shift to the subscription model and the deceptive practices. Impact and Broader Implications This lawsuit has significant implications for both consumers and corporations. For consumers, it underscores the importance of transparency and fairness in subscription-based services. The case highlights the need for companies to clearly disclose all material terms and provide simple mechanisms for cancellation to protect consumer interests. For corporations, especially those employing subscription models, the lawsuit serves as a cautionary tale about the risks of deceptive practices. It emphasizes the need for compliance with consumer protection laws and the potential consequences of failing to address consumer complaints and regulatory scrutiny. Conclusion The lawsuit against Adobe Inc. by the United States represents a critical moment in the ongoing battle for consumer rights and corporate accountability. As the case progresses, it will be closely watched by legal experts, consumer advocates, and businesses alike. The outcome could set important precedents for how subscription software services are marketed and managed, ensuring that consumers are treated fairly and transparently in their interactions with major corporations. Tactical Law would also like to see the government focusing on how small businesses in the United States are being taken advantage of by confusing As we await further developments, one thing is clear: the case against Adobe highlights the vital role of regulatory bodies like the FTC in protecting consumers and enforcing laws designed to ensure fair business practices. Tactical Law will continue to monitor the case. Check back for updates.
0 Comments
By Dee A. Ware
While there are prescribed standards for conducting several types of audits, external software license audits remain unregulated and ripe for legislative intervention. Until then, companies must fend for themselves. From our experience, a software publisher’s motivation to conduct an audit falls into at least one of the following buckets:
From a legal perspective, the first line of defense is to negotiate a license agreement that contains clear definitions, such as, what constitutes “use” of a license, who qualifies as a “user,” the environment where the software can be deployed and, if applicable, how the software can be incorporated, marketed, sold or distributed. Once the parameters are established, the company should adopt internal processes to ensure compliance. In the absence of federal or state regulation, the parties to a licensing agreement can also agree in advance how a software audit is to be conducted, allowing the company to negotiate terms that offer some protection from unreasonable demands or spurious results. For example, the audit provision in the license agreement can address:
Lastly, what should a company do if the software publisher demands an audit? Remember that the best defense is (sometimes) a good offense. The company should not automatically capitulate to an audit request without first seeking legal counsel to evaluate the applicable audit provision and guide the company through the process to minimize exposure and reduce the risk of subsequent litigation. By Pam Fulmer
Software development agreements between enterprise software publishers can sometimes lead to licensing disputes and related litigation. Two software publishers known for their aggressive software audits against their enterprise software customers have ended up in their own "dust up" relating to IBM Corporation's ("IBM") partner software development program. Recently, IBM sued Micro Focus International plc and Micro Focus (US), Inc. (collectively, “Micro Focus” or “Defendants”) in the Southern District of New York for copyright infringement and breach of contract arising out of an IBM development agreement involving IBM’s PartnerWorld program. IBM accuses Micro Focus of copying IBM’s computer programs without authorization and breaching the parties’ development agreement by using its developer access to undertake such prohibited acts. IBM alleges that Micro Focus created the Micro Focus Enterprise Suite by copying IBM’s copyrighted Works, and that Micro Focus promotes and uses the pirated software for financial gain, and in brazen disregard of IBM’s intellectual property rights and Micro Focus’s contractual obligations to IBM. According to the Complaint, Micro Focus created software called Micro Focus Enterprise Server and Micro Focus Enterprise Developer by using its developer access to copy IBM’s CICS Transaction Server for z/OS (“CICS® TS”) software. IBM offers a general-purpose application server and transaction processing subsystem called the CICS Transaction Server for z/OS, or “CICS® TS,” for its z/OS® operating system environment. IBM holds the copyrights for CICS® TS (the “Works”). IBM claims that the Works feature uniquely expressed source code, object code, structure, architecture, modules, algorithms, data structures, and control instructions, and are creative computer programs, which were the result of IBM’s engineering discretion and substantial skills, resources, and creative energies. The Complaint alleges that the Works also are of great value to IBM and remain integral to the daily business operations of much of IBM’s mainframe system customer base. According to IBM, the developers who participate in the IBM PartnerWorld program (“PartnerWorld”) agree to the IBM PartnerWorld Agreement and Value Package Attachment (the “PartnerWorld Agreement”). IBM contends that along with other agreements, the PartnerWorld Agreement sets the terms under which developers are permitted to use IBM’s computer programs. These terms ensure that IBM and its developers are aligned in their goals: to promote innovative solutions for their mutual customers. IBM’s z/OPD Developer Discount Program (“Developer Discount Program”) similarly provides benefits to third party developers and grants them access to IBM’s valuable mainframe software. Participants in the Developer Discount Program receive access to IBM copyrighted software, including the Works. In exchange, IBM’s developers agree to three different agreements detailing the limited scope of their access and use: (1) IBM’s Client Relationship Agreement (the “CRA”); (2) Attachment for Developer Discount – IBM Z (the “CRA Attachment”); and (3) Addendum to the Attachment for Developer Discount for IBM Z (the “CRA Addendum”). None of these agreements are attached to the Complaint IBM asserts that through these agreements, participants in the Developer Discount Program agree to comply with the terms of the limited license granted to them, and “not us[e] any of the elements of the Program or related licensed material separately from the Program.” Participants are prohibited from “reverse assembling, reverse compiling, translating, or reverse engineering the Program” and making derivative works based on IBM’s software. Further, IBM’s developers promise to use their exclusive access to IBM software for the mutual benefit of the parties and their customers. IBM claims that Micro Focus violated these agreements by copying elements of IBM’s copyrighted Works to create a derivative work in at least Micro Focus Enterprise Developer and Micro Focus Enterprise Server. IBM argues that there is no way such extensive similarity could arise through attempts to meet similar functional requirements, or as a result of coincidence, and that the striking similarities indicate that Micro Focus reverse engineered at least a portion of the CICS® TS software in contravention of Micro Focus’s various contractual obligations to IBM. As a result, IBM terminated Micro Focus’s involvement in the Developer Discount Program by sending a Notice of Non-Renewal on May 31, 2021, and Micro Focus’s membership ended by August 31, 2022. IBM is seeking preliminary and permanent injunctive relief, a finding that Micro Focus infringed its copyrights and breached the development related licensing agreements. IBM also seeks an award of damages and an accounting from Micro Focus, as well as the award of attorneys’ fees and costs. The case is IBM Corporation v. Micro Focus (US), Inc., et. al, venued in the Southern District of New York. Tactical Law will continue to monitor the case. Check back for updates. We have gotten multiple reports of soft audits being conducted by BSA | The Software Alliance involving Adobe software. Similar to what Oracle sales teams appear to be doing with Java, the BSA is reaching out to customers with letters demanding that the company take certain actions including taking a software inventory and submitting proof of license purchases and other information to the BSA. These are not formal audit notices sent pursuant to the audit provision of the Adobe license but appear to be fishing expeditions where BSA is perhaps, in our opinion, seeking a sales opportunity and additional revenue. We advise companies on how to respond to such notices, as well as formal BSA audits.
In addition to Adobe, BSA Global Members include Autodesk, Cisco, IBM, Microsoft, Salesforce and SAP, among other well-known software publishers. Although Oracle is a BSA Global Member, we know that its audits are typically conducted by Oracle’s own internal licensing arm, LMS or GLAS. If you are a company that receives a notice from BSA involving your use of software, we are experienced software licensing lawyers and can help advise you concerning your contractual rights. Class Action BIPA Lawsuit Against Manufacturer of Dashcam Technology Moves Forward in Illinois7/13/2022 In David Karling, et. Al. v. Samsara, Inc., a federal court in the Northern District of Illinois has declined to dismiss a class action complaint brought under the Illinois Biometric Information & Privacy Act (“BIPA”), by a truck driver against a maker of facial recognition camera technology. The plaintiff alleged that Samsara was liable because the dash cam installed by his employer took facial scans, and Samsara collected those scans and shared them with the employer without complying with BIPA's requirements. Plaintiff David Karling, on behalf of himself and a putative class, alleges that Defendant Samsara Inc. ("Samsara"), violated BIPA by collecting his information from facial scans without notice or release; disseminating that information to third parties; failing to create, disclose and adhere to a written policy for data retention and destruction; and profiting from these actions.
What is the Case About? The court describes the facts of the case as follows: “Samsara provides facial recognition software and sensors to commercial fleets and industrial operations. The Samsara cameras capture the actions of the drivers to monitor for fatigue and distraction. Karling worked in Illinois as a driver for Lily Transportation, a customer of Samsara. In 2021, Lily Transportation installed an AI Dash Camera, provided by Samsara, in Karling’s truck. The AI Dashcam extracted biometric identifiers from Karling’s face while he drove and sent them to the Samsara Cloud Dashboard, where Samsara stored the images. The Samsara Camera includes a feature called Camera ID, which automatically performed facial recognition to identify Karling by extracting biometric identifiers and comparing those to the stored data. Karling never gave permission for the collection and storage of his biometric data. Samsara never provided Karling with a written release, the required statutory disclosures, or a retention and destruction policy. Karling never signed a written release or had an opportunity to prevent this collection and use of his biometric data.” Samsara moved to dismiss the Complaint on a number of grounds including that federal law governing truck safety technology preempted the state law-based BIPA claims. Samsara also argued that BIPA as applied to it, violated the Dormant Commerce Clause, as BIPA places a great burden on “interstate motor carriers and their technology providers and would substantially interfere with interstate commerce” by unconstitutionally projecting Illinois law onto other states and placing a significant burden on interstate commerce. Court Rules That Preemption Defense Can’t Be Decided on a Motion to Dismiss on These Facts Citing Cap. Cities Cable, Inc. v. Crisp, 467 U.S. 691, 699 (1984) the court noted that “[f]ederal law may preempt state law in three situations: when Congress expressly states so, when a federal regulatory scheme implies exclusive congressional legislative power, and in cases of “actual conflict”. Samsara did not argue that BIPA conflicts with a particular federal statute but rather urged “the Court to find “a uniform scheme of federal regulation of truck safety technology” disrupted by BIPA’s Illinois-specific requirements.” But this the court declined to do. Instead, the court reasoned that: “The scattershot nature of Samsara’s cited agency statements and proposed rulemaking hardly qualifies as a uniform federal scheme to regulate truck safety technology. The Court cannot find “a clear and manifest” Congressional purpose to preempt state regulation of “truck safety technology” from these disparate sources, which range from a law that directed DOT [Department of Transportation] to conduct research and rulemaking on driver monitoring systems to a recent federal initiative to incentivize driver-safety technologies. Although these sources potentially touch on biometrics and privacy concerns, their overwhelming aim is traffic safety, while BIPA targets “disclosure, consent, and recordkeeping requirements” for biometric identifiers.” The court did not find the preemption issue appropriate for deciding on a motion to dismiss, and denied the motion. The Court Can’t Decide Whether BIPA Violates the Dormant Commerce Clause on the Motion to Dismiss Samsara moved to dismiss the complaint under the Dormant Commerce Clause, arguing that: “BIPA, as applied to it, places a great burden on “interstate motor carriers and their technology providers and would substantially interfere with interstate commerce.” [citation omitted] According to Samsara, BIPA unconstitutionally projects Illinois law onto other states and would place a significant burden on it because it would “require Samsara either to ensure compliance with BIPA everywhere Samsara does business or, absurdly, to prohibit its customers from using Samsara technology while driving in Illinois due to risk of noncompliance.” [citation omitted] Karling argues that, again, the Court should decide this issue on a full factual record. The Court agrees.” Noting that “courts have repeatedly rejected the argument that the Dormant Commerce Clause prevents BIPA's application to out-of-state defendants at the motion to dismiss stage” and holding that the “issue is more properly addressed on a motion for summary judgment” the court dismissed Samsara’s argument. Instead, the court reasoned that “[w]ithout discovery into Samsara’s processes for scanning, storing, and using biometrics with its dashcam system and the alleged burden of compliance with BIPA, the Court cannot determine whether there is a Dormant Commerce Clause violation.” The Complaint Adequately Alleged Other BIPA Violations The court next analyzed whether the Complaint adequately alleged BIPA violations under Sections 15(a) through 15 (d) and found that it did. In making such findings the court rejected arguments that: (1) Samsara’s website adequately provided a written policy regarding retention and destruction of biometric data (Section 15(a); (2) the release requirement applies only to employers (Section 15 (b); (3) Samsara is not liable because it only possessed and did not collect the biometric data (Section 15 (c); and (4) the Complaint inadequately alleged that Samsara profited from the collection of the biometric data (Section 15(d). Finally, the court found that the Complaint adequately alleged facts supporting an award of enhanced damages for Samsara’s intentional or reckless disregard of compliance with the requirements of BIPA. What Does This Mean For Companies Collecting Biometric Data? Companies collecting or using biometric data in their businesses need to understand and comply with the requirements of BIPA if they are doing business in Illinois or collecting the biometric data of Illinois consumers. BIPA continues to be a trap for the unwary company, and class actions filed in Illinois under BIPA cannot easily be defeated on a motion to dismiss, but instead will likely require the investment of time and money in expensive and burdensome discovery, and the development of a factual record in order to dispose of the case. The case is David Karling et al. v. Samsara Inc., case number 1:22-cv-00295, in the U.S. District Court for the Northern District of Illinois. Tactical Law will continue to monitor the case. Please check back for updates. By Pam Fulmer
Unique among state laws, the Illinois Biometric Information Privacy Act (“BIPA”) creates a private right of action for "any person aggrieved" by a violation of the statute and provides for statutory damages of $1,000 for a negligent violation to $5,000 for an intentional or reckless violation, in addition to reasonable attorneys' fees and costs. Liquidated damages can also be awarded under the statute. The potential to aggregate these penalties on a class-wide basis and the availability of attorneys' fees has made BIPA an attractive statute for the plaintiffs' class action bar. Because of this recovery scheme, BIPA has made Illinois a national litigation magnet. However, BIPA cases are not just limited to Illinois. Instead, Plaintiffs have filed several BIPA related consumer class action cases in the Northern District of California, and have targeted tech companies, including Facebook in particular, and its photo tagging technology, which Facebook has since discontinued using. One of those cases, In re Facebook Biometric Info. Priv. Litig.., 185 F. Supp. 3d 1155 (N.D. Cal. 2016), affirmed by Patel v. Facebook, Inc., 932 F.3d 1264 (9th Cir. 2019), addressed directly whether BIPA covers the method Facebook used in its photo "Tag Suggestions" program. Judge Donato ruled it did and certified the class. Facebook appealed and the Ninth Circuit affirmed Judge Donato’s ruling. Facebook later settled that case for $650 million, after the U.S. Supreme Court declined to grant certiorari. Now another consumer class action case, Zellmer v. Facebook Inc., case number 3:18-cv-01880, is again before Judge Donato. However, unlike the previous case, Zellmer consists of a class of non-Facebook users who had their photos uploaded to Facebook by other Facebook users. In an April 2022 ruling, Judge Donato found that it would be "patently unreasonable" to hold Facebook liable for claims that it failed to inform nonusers in Illinois who were strangers to Facebook, about its collection and storage of their facial scans, and ruled against Plaintiffs on their Section 15(b) claim requiring notice and consent. However, the court allowed the claims under Section 15(a) to proceed, finding that factual issues abounded as to whether Facebook had a “written policy, made available to the public” that established data retention policies and related practices for biometric identifiers or information as required by 740 Ill. Comp. Stat. 14/15(a). What is BIPA? BIPA passed by the Illinois state legislature in 2008, protects biometric identifiers and biometric information of human beings. Biometric identifiers are defined as a "retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry," and "do not include writing samples, written signatures, [or] photographs." Biometric information is considered "any information, regardless of how it is captured, converted, stored, or shared, based on an individual's biometric identifier," but "does not include information derived from items or procedures excluded under the definition of biometric identifiers." Under BIPA, an organization may not "collect, capture, purchase, receive through trade, or otherwise obtain" biometric identifiers or information (collectively, biometric data) unless it first:
The organization must store, transmit, and protect from disclosure any collected biometric data using the reasonable standard of care within the applicable industry, and in a manner that is at least as protective as the means used to protect other confidential and sensitive information (740 Ill. Comp. Stat. 14/15(e)). Additionally, any organization that possesses biometric data must:
Does the Absence of a Public Retention Policy Constitute a Single Violation of the Statute or Can There Be More? Recently Judge Donato asked the parties to analyze and submit 5-page briefs on whether the absence of a public retention policy as required by Illinois law is a single violation of Section 15(a) that can be remedied by a single liquidated damages award or whether there can be multiple violations. 740 Ill. Comp. Stat. 14/15(a). For its part Facebook argues that “BIPA’s text establishes that the failure to publicly post a retention policy constitutes a single violation of BIPA and that the only authorized remedy for such a violation is a single award of actual or liquidated damages.” Facebook reasons that an entity cannot fail to publish something more than once. Facebook also argues that Section 20 of BIPA “limits recovery to those “aggrieved” by a violation” of the statute and that “BIPA does not extend a legal right to every member of the public in all situations.” Noting that Illinois courts require that “aggrieved” persons have a “direct, immediate and substantial interest rather than a speculative, theoretical, inconsequential or remote interest,” Facebook argues that no such showing can be made on these facts. Facebook asserts that Plaintiffs as non-users could not possibly have benefited from Facebook’s decision to post a retention policy and thus do not have the direct, immediate and substantial interest needed to meet the “aggrieved” requirement under BIPA. Mr. Zellmer argues the opposite and focuses on the number of times Facebook scanned Plaintiff’s face to argue that the policy was violated multiple times. According to his brief: “Here, each time Facebook scanned Plaintiff’s face, it used the scan to compare it to other faces stored in Facebook’s facial recognition system. Facebook scanned Plaintiff’s face on at least four separate occasions, each time without having a public policy containing the disclosures mandated by Section 15(a). On each such date Facebook owed Plaintiff a written policy. In addition, once the comparisons were completed, the purpose for which Facebook collected Plaintiff’s face scan ended. Facebook thus violated Section 15(a) by failing to timely delete Plaintiff’s biometric data.” Plaintiff also argues that the statute provides for the award of liquidated damages in the absence of showing the existence of actual damages. “Under Section 20, Plaintiff is entitled to liquidated damages of $5,000.00 for each of Facebook’s intentional and reckless violations of Section 15(a) or, alternatively, liquidated damages of $1,000.00 for each violation if the jury finds that Facebook was negligent in its failure develop a public policy or comply with Section 15(a)’s data destruction requirements. Plaintiff is entitled to liquidated damages in the absence of any showing of actual damages.” Tactical Law will continue to monitor the case and report back on further developments, including Judge Donato's ruling. By Pam Fulmer
The Northern District of California gave Facebook a partial win in a class action lawsuit brought under the Illinois Biometric Information Privacy Act ("BIPA"), when it granted partial summary judgment in Facebook's favor. Judge Donato in his ruling, cited the prior class action case In re Biometric Information and Privacy Litigation ("In re Facebook"), which he presided over and that ended in Facebook paying $650 million to settle the case. Unlike the previous case, Judge Donato reasoned that Plaintiff "does not have, and has never had, a Facebook account,” and “has never used Facebook’s services”. This distinction proved key to Judge Donato's decision. In Zellmer v. Facebook, the Plaintiff sued on behalf of a putative class of Illinois non-Facebook users, but who had been tagged in a photo by another Facebook account holder. The functionality challenged in Zellmer involves Facebook's prior technology that allowed the scanning of faces in photographs uploaded on Facebook for association with other scanned faces to automatically tag users, their friends, and other recognized individuals. The court noted that as part of the In re Facebook settlement, Facebook had agreed to abandon such practices. In granting summary judgment to Facebook on Zellmer's Section 15(b) claim under BIPA, which requires notice and consent before using biometric identifiers, Judge Donato reasoned that Zellmer's interpretation of the statute would put an unreasonable burden on Facebook. Noting that the Illinois legislature's stated purpose in enacting BIPA was to apply the statute in situations where a business had at least some measure of knowing contact with and awareness of the people subject to biometric data collection, such as its customers, the Court declined to extend the rule further. According to the Court, "To construe BIPA as Zellmer urges would lead to obvious and insoluble problems. Under Zellmer’s interpretation of Section 15(b), Facebook in effect would need to identify every non-user in Illinois on a regular basis, and figure out a way to communicate with them to provide notice and obtain consent." The Court found that such an interpretation would create an insurmountable practical problem "for the myriad of photos taken in restaurants, vacation destinations, school graduations, and countless other settings where unknown people will appear in a picture. There is no realistic way for the person posting the photo to obtain consent from every stranger whose face happened to be caught on camera." The Court concluded that Zellmer's notice and consent claim under BIPA Section 15(b) would be unreasonable and would put Facebook in an impossible position. Construing the statute any other way would produce an absurd result and put an impossible burden on businesses, which was not the purpose of the statute or the intent of the Illinois Supreme Court in cases interpreting the statute. Zellner also brought a claim under Section 15(a), which requires that businesses using biometric data have a publicly available written policy, which would set forth data retention policies and related practices. Facebook did not have such a policy but instead made a number of highly factually intensive arguments about whether or not it possessed biometric identifiers or information at all. For this claim, the Court found factual disputes that could not be ruled on in a motion for summary judgment. That claim will need to be tried. Thryv, Inc. Hits Micro Focus With Texas DJ and Breach of Contract Action over ULA Type Certification8/27/2020 By Pam Fulmer
Those readers who follow the software industry and our blog know that Micro Focus has a reputation for its brass knuckles audit tactics deployed against its customers to increase revenues. On a new twist to the Micro Focus audit playbook, Plaintiff Thryv, Inc. ("Thryv") alleges in a new suit that Micro Focus has breached the parties' license agreement and seeks a declaration from the Texas court that it owns certain perpetual licenses arising out of an unlimited license agreement certification process. According to the Complaint Thryv seeks a declaratory judgement "finding that Micro Focus has conveyed perpetual licenses to Thryv under the Agreement consistent with the certification it provided in July 2016, and that Thryv has no further payment obligations under the Agreement." Oracle customers certifying off Unlimited License Agreements ("ULA") may also find this case instructive. Thryv is a "print and digital marketing company that delivers cloud-based business software on a subscription basis as well as a host of marketing products to over 400,000 small businesses in the United States." Thryv contends that in late 2014 it "requested a proposal from Micro Focus to supply software for a specific project known as kGen/Monarch." Not knowing the exact configurations for the system, Micro Focus "proposed a "Volume License Addendum (“VLA”), whereby Thryv would be licensed to deploy and use an unlimited amount of specific types of Micro Focus software for a specified period of time." The parties agreed that at the end of the time frame "Thryv was to certify the deployment of the software and Micro Focus would then grant a perpetual license for the actual quantities of software deployed at that time (the “Certification Date”)." Thryv contends that as the Certification Date approached, and as the contract was vague as to what information would be required, it requested a certification template from Micro Focus. After some delays Micro Focus provided such a template. Thryv claims that "the template was vague and requested information that was not required by the Agreement," and that "Micro Focus did not provide any other information to Thryv on how to complete the certification." The request for information not required by the Agreement is something we see frequently in Oracle ULA certifications. According to the Complaint, "Thryv timely and accurately listed all user counts and core counts that were deployed as of the Certification Date and provided the required certification under the Agreement to Micro Focus. Micro Focus acknowledged receipt of the certification document and indicated in writing that it would contact Thryv when the certification had been reviewed, if it had any questions. Micro Focus did not verify the certification as required by the Agreement. In fact, Micro Focus never contacted Thryv regarding the certification." Thryv alleges that under the Agreement the number of core and user counts specified by Thryv "as of the Certification Date became the maximum entitlement under the perpetual license going forward." Again this is very similar to an Oracle ULA certification. Thryv contends that in November of 2018, over two years after it completed the certification form, Micro Focus commenced an audit. The Complaint alleges that only In mid-2020, nearly eighteen months after the audit began, "Micro Focus for the first time provided documentation indicating that it had not granted license entitlements for all items listed in the certification." Now Micro Focus claims that it disagrees with Thryv's interpretation of the certification requirements under the contract with Thryv's claimed license entitlement, and that Thryv owes it millions of dollars in licensing fees and back support. Specifically Thryv seeks a "declaratory judgment finding that Micro Focus has conveyed perpetual licenses to Thryv under the Agreement consistent with the certification Thryv provided in July 2016, and that Thryv has no further payment obligations under the Agreement." Thryv also seeks damages of between $200,000 to $1 million, dollars and the recovery of its attorneys' fees pursuant to the license agreement and Texas law. Certainly a bad fact for Micro Focus is that it never responded to the Certification and apparently gave no indication to Thryv that it did not agree with the user and core count that Thryv had provided, and did not follow-up with any questions concerning the certification. Thryv will no doubt argue that Micro Focus is estopped from changing position now and that it has an express or at least an implied license to use the software given the conduct of Micro Focus. This is a cautionary tale that American businesses using enterprise software should take note of. Customers certifying off unlimited license agreements involving Oracle, Micro Focus or other software vendors should consider retaining experienced legal counsel to advise them on what the contract requires, and potential risks and how to mitigate those risks involved in the certification process. Tactical Law will be monitoring the case for further developments. Check our blog for periodic updates about the case. The case is Thryv, Inc. Vs. Micro Focus (Us), Inc., TX District & County - Tarrant District (141st District Court), Case No. 141-319074. By Anne-Marie Eileraas
Companies based outside California may be reluctant to accept California as the governing law for their contracts. While some companies base their view on first-hand experiences, others cite media reports and surveys placing California in the bottom ranks of states’ legal and regulatory environments. For example, in late 2019, the U.S. Chamber Institute for Legal Reform published results of its latest survey of how participating U.S. business executives view the states’ legal environments, specifically regarding litigation and liability. California, along with Illinois and several southeastern states, fell in the bottom 10 states. Whatever one’s view of such surveys, what’s clear is that polls tend to home in on a narrow range of issues: the perceived fairness of consumer/class action litigation and “hometown” jury verdicts. They don’t shed much light on the typical economic issues that arise in business-to-business contracts. Is California substantive law unfavorable for companies who contract under it? Part 1 of this blog post will touch on California legal issues relevant to business contracts; more specifically, technology agreements for services, XaaS/cloud agreements, and software licenses. (This article does not address agreements with individuals, such as for personal or consulting services, which are subject to very different considerations under California law.) Part 2, coming soon, will discuss California venue for business litigation. Choice-of-law clauses under California law If a contract properly specifies California governing law and venue, most likely a court will enforce it. There is a strong policy favoring enforcement of contractual choice-of-law provisions in California. Many California-based companies, such as Oracle, Cisco, VMWare, and Palo Alto Networks, routinely use California choice of law provisions in their contracts. In California, the court (not a jury) decides issues of contract interpretation and the application of contract defenses, such as force majeure. That may be of comfort to contracting parties, since pretrial jury waivers are unlawful in California. California courts strive to give effect to the mutual intent of the parties at the time of contracting. However, if the language of a contract is ambiguous in light of all the circumstances, a court will consider extrinsic evidence relevant to prove a particular meaning. Legal issues that may favor customers Not surprisingly given courts’ latitude to interpret contracts, California contracts law has pros and cons for companies purchasing software or services, and the following issues under California law, on balance, could be helpful and protective of their interests. • Good faith and “best efforts” in California contracts Under California law, an implied covenant of good faith and fair dealing protects the express promises in a contract and prevents one party from exercising its discretion to deny the other party the benefits of the contract. Unlike in some states, the implied covenant is not absolute; California permits parties to contract out of it with express provisions, such as a right to terminate in a party’s sole discretion. The implied good-faith covenant can be helpful to customers in scenarios where, as a practical matter, some terms cannot be finalized until a future time, when the contract is in effect. While an “agreement to agree” is not enforceable, an agreement to negotiate in good faith can be enforced and can permit a party to recover damages. Also helpful to a customer of technology services, California courts interpret “efforts” clauses to require more of a party than just acting good faith. A provider contracting to use its “best efforts” to perform a service must use the diligence that a reasonable person would exercise under the circumstances. It’s not enough for a vendor to say “I tried…” • Availability of damages and failure of exclusive remedies A well-drafted liquidated damages clause can reduce uncertainty of remedies if the other party does not perform. Liquidated damages clauses are presumed valid in California, with the burden of proof on the party seeking to invalidate a clause to show that it was unreasonable under the circumstances existing at the time of the contract. California law protects an aggrieved party’s right to get a fair remedy when the other party breaches a contract, despite language in the contract excluding or limiting recovery. California Commercial Code §2719 provides, “Where circumstances cause an exclusive or limited remedy to fail of its essential purpose, remedy may be had as provided in this code.” The commentary to §2719 notes “it is of the very essence of a sales contract that at least minimum adequate remedies be available. If the parties intend to conclude a contract for sale within this Article they must accept the legal consequence that there must be at least a fair quantum of remedy for breach of the obligations or duties outlined in the contract.” Note the commercial code applies to sales of goods, which can include software under a case-by-case analysis of whether the essence of the transaction is for goods or services. The commercial code provides for specified remedies, but courts have also relied on it to invalidate exclusions of consequential damages. For instance, in RRX Indus. v. Lab-Con, Inc., 772 F.2d 543 (9th Cir. 1985), the court interpreting California law invalidated a consequential-damages waiver in a software agreement after the vendor’s “repair” remedy failed of its essential purpose. • Force majeure clauses California courts do not enforce force majeure clauses literally. California cases have equated force majeure clauses to the common-law doctrine of impossibility, and courts will read certain common-law elements of a force majeure defense into contract terms. Most notably, a force majeure event must be beyond the reasonable control of the party seeking to be excused; and the incident must truly impose extreme and unreasonable difficulty, rather than merely render performance harder or more costly (including consideration of the party’s reasonable efforts to mitigate). Courts will consider the context and determine whether a party’s obligations should be delayed or completely terminated, in whole or in part. Additionally, force majeure clauses must be drafted with particularity to overcome the presumption that only events unforeseeable at the time of contract will be excused. Mere “boilerplate” clauses will not excuse a party from performing if the event claimed as a force majeure was reasonably foreseeable. • Indemnity Parties have significant freedom to draft express contractual indemnity clauses under California law. Courts will enforce a properly drafted indemnity covering a party’s negligence, including negligent misrepresentations and non-disclosure of material facts. However, outside of the insurance context, if a party “seeks to be indemnified for its own active negligence, or regardless of the indemnitor's fault, the contractual language on the point ‘must be particularly clear and explicit and will be construed strictly against the indemnitee.’” Prince v. Pacific Gas & Electric Co., 45 Cal. 4th 1151 (Cal. 2009). It is against public policy for an agreement to indemnify a party from knowingly unlawful future acts. Cal. Civ. Code §2774. California has adopted statutory rules for interpreting indemnity provisions that apply unless expressly overridden by the parties. Those rules require, among other things, that the indemnifying party must defend indemnified claims upon the request of an indemnified party. Cal. Civ. Code §1778. With attentive drafting, customers can protect their interests under California law by including indemnity provisions tailored to manage the risks of the technology they are buying. • No one-sided provisions for recovery of attorneys’ fees California generally follows the “American rule” for attorneys’ fees, meaning that each party to a dispute must pay its own legal fees. However, California’s civil code overrides unilateral attorneys’ fees provisions in a contract. If a contract has a term awarding attorneys’ fees to only the seller in the event of a dispute, that provision will be interpreted to award attorneys’ fees to whichever party prevails in a claim for breach of contract. Cal. Civ. Code §1717. This can protect customers contracting under one-sided vendor forms. Scenarios where California law may not be as customer-friendly Companies should investigate how California law applies to their specific industries or to particular kinds of contracts. For instance, because California law in general is more protective of individuals (especially employees), customers should understand the implications for any business contracts involving individual services under California law. Companies should be especially cautious when retaining independent contractors or attempting to include non-solicitation and non-compete clauses in their agreements. Anne-Marie Eileraas The content of this blog is intended to convey general information about legal issues that may be of interest to our readers. This information is not intended to, and does not, constitute legal advice, nor is it intended to create an attorney-client relationship. Tactical Law does not sponsor, endorse, verify, or warrant the accuracy of the information found at external sites or subsequent links. Third Circuit Rules That Amazon is a "Seller" and Can Be Strictly Liable for Product Defect7/7/2019 The Third Circuit in an interesting new case, reversed a district court’s grant of summary judgment for Amazon finding that the on-line retailer could be strictly liable for products liability because it qualified as a “seller” of a defective dog leash under Pennsylvania law. The court also reversed a finding that Section 230 of the Communications Decency Act (“CDA”) barred other claims against Amazon, and said that the giant retailer could be liable if it was an “actor” in the sales process and not just acting as a publisher of the third-party seller’s content. The court expressly found that under Pennsylvania law an actor need not hold the title to the property to be considered a seller. This is important as many cases ruling in favor of Amazon in similar contexts have based their rulings on the concept that since Amazon doesn’t hold title to the products it cannot therefore be a seller. In analyzing the case and finding that Amazon could be strictly liable the court applied a four-factor test and found all four factors weighed in favor of holding Amazon liable: (1) Whether the actor is the “only member of the marketing chain available to the injured plaintiff for redress”; The court found this factor present as the third-party seller who sold the defective product could not be found by Amazon or by the Plaintiff. (2) Whether “imposition of strict liability upon the [actor] serves as an incentive to safety”; The court found that “although Amazon does not have direct influence over the design and manufacture of third-party products, Amazon exerts substantial control over third-party vendors. Third-party vendors have signed on to Amazon’s Agreement, which grants Amazon “the right in [its] sole discretion to . . . suspend[], prohibit[], or remov[e] any [product] listing,” “withhold any payments” to third-party vendors, “impose transaction limits,” and “terminate or suspend . . . any Service [to a third-party-vendor] for any reason at any time.” Therefore, Amazon is fully capable, in its sole discretion, of removing unsafe products from its website.” (3) Whether the actor is “in a better position than the consumer to prevent the circulation of defective products”; Here the court reasoned that “while Amazon may at times lack continuous relationships with a third-party vendor, the potential for continuing sales encourages an on-going relationship between Amazon and the third-party vendors.” The court also found that “Amazon is uniquely positioned to receive reports of defective products, which in turn can lead to such products being removed from circulation. Amazon’s website, which Amazon in its sole discretion has the right to manage, serves as the public-facing forum for products listed by third-party vendors. In its contract with third-party vendors, Amazon already retains the ability to collect customer feedback.” Finding third-party vendors “ill-equipped to fulfill this function, because Amazon specifically curtails the channels that third-party vendors may use to communicate with customers” the court found Amazon in a better position than the consumer to prevent circulation of the defective products. (4) Whether “[t]he [actor] can distribute the cost of compensating for injuries resulting from defects by charging for it in his business, i.e., by adjustment of the rental terms.” The court found this factor weighed in favor of holding Amazon liable as Amazon includes provisions in all of its contracts with its third-party sellers, which require the sellers to indemnify Amazon. With regard to the CDA argument, the court explained that “unlike the first issue, this is a question of federal law” and concluded that “the CDA bars some, but not all, of Oberdorf’s claims”. According to the court, “[t]he CDA states, in relevant part, that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider . . .” and that the CDA “bars lawsuits seeking to hold a service provider liable for its exercise of a publisher’s traditional editorial functions—such as deciding whether to publish, withdraw, postpone, or alter content.” The court explained that the “CDA is intended to allow interactive computer services companies “to perform some editing on user-generated content without thereby becoming liable for all defamatory or otherwise unlawful messages that they didn’t edit or delete.” The court went on “to the extent that Oberdorf is alleging that Amazon failed to provide or to edit adequate warnings regarding the use of the dog collar, we conclude that that activity falls within the publisher’s editorial function. That is, Amazon failed to add necessary information to content of the website. For that reason, these failure to warn claims are barred by the CDA. However, because the District Court did not parse Oberdorf’s claims in order to distinguish between “failure to warn” claims and claims premised on other actions or failures in the sales or distribution processes, we will vacate its holding that Oberdorf’s claims are barred by the CDA.” In remanding the issue back to the trial court for additional analysis, the Third Circuit disagreed that all of Oberdorf’s claims sought to treat Amazon as the publisher or speaker of information provided by another information content provider. The court found that “Amazon is a “seller” of products on its website, even though the products are sourced and shipped by third-party vendors” and that “Amazon’s involvement in transactions extends beyond a mere editorial function; it plays a large role in the actual sales process.“ The court ruled that “to the extent that Oberdorf’s claims rely on allegations relating to selling, inspecting, marketing, distributing, failing to test, or designing, they pertain to Amazon’s direct role in the sales and distribution processes and are therefore not barred by the CDA safe harbor provision.” In bringing claims against Amazon relating to sales on its website, litigants would do well to hi-light what role Amazon played in the sales process and to focus allegations on Amazon’s role in “selling, inspecting, marketing, distributing, failing to test, or designing” to ensure getting around Section 230 of the Communications Decency Act.
|
AuthorTLG Attorneys and From Time to Time Their Guests Archives
June 2024
|