StockX failed to convince a federal Michigan judge that
California plaintiffs should have to arbitrate their data breach lawsuit here
in Michigan under its website’s Terms of Service and Privacy Policy (“TOU”).
Why it Matters:
This case involves issues every business with an online
presence must address. Failing to properly consider these issues can impose
significant inconvenience and increased litigation risks on your e-commerce
business.
Going Deeper:
Plaintiff Laura Esquer (”Esquer”) is a California resident.
In 2019, she signed up for a StockX account using her email address. StockX
requires all users to agree to StockX’s TOU. The TOU contains a mandatory
arbitration clause and a clause that requires the parties to apply Michigan law
to all claims or disputes.
StockX a Michigan-based LLC. It operates an e-commerce
platform where users can purchase and sell luxury goods like fashion clothing,
rare sneakers, and other accessories.
The lawsuit claims StockX failed to protect plaintiffs’ confidential
and personal information from a data breach in violation of California’s
Consumer Records Act (”CRA”) and California’s Unfair Competition Law (”UCL”).
StockX responded to the lawsuit by moving to dismiss the
California class action Complaint for improper venue and to compel arbitration,
which the Court denied on June 15, 2021.
After a thorough legal analysis and application of rules for
determining which law applies, the Judge ruled California law applied because
Michigan’s law conflicted with California’s greater interest in protecting its
consumers. Here is a copy of the Order dismissing StockX’s motion, which includes the Judge’s full analysis.
Next Actions for Companies Engaged in E-commerce:
Legal disputes are generally decided where one or both
parties live, where the company was formed, or it operates. But with
e-commerce, customers could be located anywhere in the United States or around
the world.
In the U.S., each state has its substantive commercial laws
and court systems. And the exercise of jurisdiction over an out-of-state
defendant is limited by a state’s law (called its “long-arm” statute). It is
also limited by federal law, which requires defendants to have sufficient “minimum
contacts” with the state to justify jurisdiction.
Smart companies, however, try to limit where they can be
sued through their online TOU, which should include forum selection and choice of law clauses. But these provisions may
fail to protect the business if they are not properly drafted or implemented.
Further, TOU restrictions may not be a complete “silver-bullet” against being
compelled into courts across the U.S. or beyond. It is, therefore, essential to
understand your e-commerce’s online risks and how to best eliminate or reduce
those risks through properly drafted website terms, conditions, and policies.