Skip to content
Jeremy-Telman
ContractsProf Blog
Official Blog of the AALS Section on Contracts

Is a Website’s Privacy Policy a Binding Contract?

By ContractsProf Blog

Richard Raysman and Peter Brown write in today’s NYLJ thatthe answer to that question remains unsettled. The issue was raised in a recentcase involving a Cleveland newspaper that reported on a judge’s anonymouscomments (about pending cases) to its website.  Here’s a taste of Raysmanand Brown’s article:

The law surrounding the contractualnature of privacy policies remains unsettled: Are they merely broad statementsof company policy or enforceable contracts?

Some courts have held that generalstatements like privacy policies are unilateral corporate statements that arenot sufficiently definite to form a contract. Others have found privacypolicies can form a contract, particularly when parties claiming a breach havealleged that they read and subsequently relied on the policy prior totransacting business with the site operator. See e.g., Meyer v.Christie, 2007 WL 3120695 (D. Kan. Oct. 24, 2007).

Regardless, any successful claimfor breach of contract requires a showing of compensable loss arising out ofthe alleged breach, beyond a generalized claim of loss of privacy.

For example, in Smith v.Trusted Universal Standards in Electronics Transactions Inc., 2010WL 1799456 (D. N.J. May 4, 2010), the plaintiff alleged that his Internetservice provider failed to adhere to its privacy policy by failing to explainfully why his communications were blocked for spam-related violations.

Ruling on a motion to dismiss, thecourt found that the plaintiff seemed to have alleged that the privacy policyprovisions allegedly violated were part of his agreement with his ISP and thathe relied on them.

However, the court dismissed theplaintiff’s contract claims, with leave to amend, because the plaintiff failedto plead any loss stemming from the alleged breach.

Similarly, in Cherny v.Emigrant Bank, 604 F.Supp.2d 605 (S.D.N.Y. 2009), the court ruledthat the disclosure of an e-mail address allegedly in contravention of thedefendant’s privacy policy that resulted in the plaintiff’s receipt of spam,but no other misuse, could not form a cognizable breach of contract actionbecause of a lack of recoverable damages.

They also discuss the FTC’s “aggressive stance” with regardto data privacy.  Interesting issue; thearticle is worth a read.

Brown & Raysman, Contractual Nature of Online PoliciesRemains Unsettled, NYLJ (8/10/10).

[Meredith R. Miller]

Posted in:
In the News and Recent Cases