4 Clickwrap Pitfalls And How To Avoid Them

By Neel Chatterjee and Victor Wang
Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.

Sign up for our Retail & E-Commerce newsletter

You must correct or enter the following before you can sign up:

Select more newsletters to receive for free [+] Show less [-]

Thank You!



Law360 (June 18, 2020, 5:55 PM EDT )
Neel Chatterjee
Victor Wang
Your business can experience a world of hurt if your users aren't bound by your online, customer-facing contracts — especially if small steps could prevent costly public litigation, or worse, a crippling class action. Just about the last thing any company wants to do is stress-test these agreements in court.

As businesses increasingly turn to electronic signing during the COVID-19 pandemic, this guide will help you identify pitfalls and best practices to help get your online agreements done right and make sure they don't go horribly wrong.

To have a valid contract, a meeting of the minds must occur, so the process must ensure that the parties unambiguously intend to be bound by clear and conspicuous terms. This is crucial for the take-it-or-leave-it agreements where a business asks a customer to agree to non-negotiable terms. Standard agreements like end-user license agreements or terms-and-conditions agreements — referred to as "clickwrap" or "click-through" agreements — create some unique issues because they are essentially take-it-or-leave-it deals.

Many businesses that don't follow best practices are learning the hard way that clickwrap agreements need to be carefully handled. And the plaintiffs aren't always a maverick individual — failed clickwrap agreements can be a hotbed of large class action fiascos that, at best, drain key resources for a blue-chip corporation, or at worst, collapse a startup during key growth periods.

Class action settlements for internet-based companies cost millions of dollars to defend and cost even more to settle. Your agreements likely have all sorts of helpful risk management provisions, and it is a disaster if a court chooses not to recognize them because of a technical defect. Not to mention, you must ensure your clickwrap agreements, like all other electronic signatures, comply with regulations governed by the Electronic Signatures in Global and National Commerce Act, eIDAS, and other electronic signature standards to be considered enforceable.

This article provides an outline of some of the pitfalls businesses oversee when setting up their clickwrap agreements and identifies some best practices to help make sure the clickwraps will be enforceable when you need them most.

Obvious (and Not so Obvious) Pitfalls

Clickwraps Are Hard to Find During the Agreement Process

Courts don't often agree on where to draw the line on enforcing these standard agreements — such as the terms-and-conditions and privacy policy agreements — but the obvious culprit is when these agreements are merely linked as a hyperlink at the bottom of a website's homepage, perhaps even hidden in the footer. These are referred to as browsewrap agreements, where it assumes a user has agreed to the site's policies by merely using or browsing the website — big red flag.

Because consent is implied and not actually expressed in these browsewrap agreements, it is difficult to prove customers have actually consented to the terms. As a general rule, clickwrap agreements are more likely to be enforced than browsewrap agreements because clickwraps provide clear notice and capture expressed consent from users.

In Nguyen v Barnes & Noble Inc.,[1] Barnes & Noble was unable to prevent a class action because their terms of use were not presented in a manner that gave the customer actual notice of the terms, nor was the user presented with an opportunity to agree. The terms of service were hidden in a hyperlink at the bottom left hand corner of the webpage — thus, using a browsewrap.

Zappos made the same mistake in In re: Zappos.com Inc. Customer Data Security Breach Litigation.[2] The court could not conclude that users ever viewed the agreement; the terms of use were buried in a "sea of links" at the bottom of the website, and the website never directed the user to view the terms of use. Zappos could have easily presented the terms of use during checkout with a clear "I agree" button, but didn't, which led to a class action.

Best Practices

  • If you're using browsewrap agreements today, consider switching to clickwrap agreements to make your terms and policies more enforceable. Clickwraps will help strengthen your case if legal claims are made against your company.

  • Give your users an opportunity to fully review the agreement terms they are agreeing to. You can link directly to the agreements or provide a scroll box, then allow the user to view the agreement before they can accept.

  • Ensure you have tight internal processes and, where possible, automated workflows that help operationalize these best practices. This allows you to consistently execute and scale without requiring additional support.

Clickwraps Are Inconspicuous and Hard to Distinguish on a User Interface

Contracts presented during the user's sign-in process is often a gray area. Design often matters. Juul Labs was unable to enforce its agreement in Colgate v. Juul Labs Inc.[3] because it was presented on a sign-in page with no visual distinction (i.e. same font color, no underline or italics).

Gogo made a similar mistake in Berkson v. Gogo.[4] Gogo had a sign-in button that was user-friendly and obvious, appearing in all caps in a clearly delineated box in both the upper right-hand and the lower left-hand corners of the homepage. However, the court found Gogo did not do enough during the sign-up process to draw users' attention to the terms-and-conditions hyperlink containing an arbitration clause. The hyperlink was not in large font, all caps or bolded, nor was it accessible from multiple locations on the webpage.

Some businesses have also made design mistakes that seem appropriate at first. As seen in Friedman et al. v. Guthy-Renker LLC, the purchasers at Guthy-Renker were required to affirmatively agree to specific terms by clicking a check box.[5] However, for some of the purchasers, the check box only referenced a credit card authorization accompanied by a nearby and vague "Agree to Terms" check box, without a hyperlink.

The company later updated its site, and later purchasers had to check a more prominently placed box stating "Agree to Terms and Conditions," which was also linked to the site's terms. As you would expect, the earlier purchasers who saw only the ambiguous "Agree to Terms" check box were not bound, while the later purchasers who used the updated site checkout procedures had an enforceable contract.

Best Practices

  • The design and layout of the agreement matters. Don't bury the link in a mess of other links. Use superobvious fonts, colors or underlines.

  • Ensure clickwrap agreements are presented in a manner that comply with the requirements of the Americans with Disabilities Act and Section 508 of the Rehabilitation Act so your customers with visual impairments or other disabilities can access these agreements.

  • Present clickwrap agreements in a responsive experience for multiple form factors, such as for tablets and mobile devices. 

  • Ensure your approach to such agreements is consistent across your site(s) and applications.

Users Don't Explicitly Express Consent When Agreeing to Terms

Courts do not look kindly to contracts that, absent a signature, do not offer the prospective customer a clearly noticeable opportunity to demonstrate that they actually agree to what's in front of them. But the bar can be surprisingly high without an obvious "I agree" button.

Courts have even rejected contracts when they are presented within a prospective customer's user experience flow. For example, in Savetsky v. Pre-Paid Legal Services Inc. dba LegalShield, merely alerting a site user prior to online checkout that the user can obtain more information from links labeled "Learn More" or "More Plan Details" was deemed insufficient to put the user on notice of the applicable terms governing the subject transaction.[6]

In Nicosia v. Amazon, Amazon's terms of service were also deemed unenforceable.[7] The Amazon purchaser was presented with a sentence stating, "By placing your order, you agree to Amazon.com's privacy notice and conditions of use."

However, the actual terms were one of more than a dozen links embedded on the same webpage, and nothing about the "Place your order" button indicated to the user that they were doing anything other than placing an order. The court emphasized that while clickwrap agreements are not required, "they are certainly the easiest method of ensuring that terms are agreed to."

Best Practices

  • Include language on the screen indicating that acceptance of the website legal agreement is required to proceed with its clickable transaction. The "I accept" language has generally been viewed as safe.

  • If a sign-on option is preferred, make sure there is an explicit notice that by signing up for your product or service, the user accepts the agreement.

  • Ensure that the language and notices are consistently applied across your site(s) and applications.

Failure to Document Evidence of the Consent and Maintain a Detailed Audit Trail

Your business clearly and conspicuously presents the terms to your customers, your customers are required to click "I Agree," but you don't keep detailed records of their consent? That won't do; in fact, that opens businesses up to legal risk. 

Maintaining effective records of clickwrap agreements is coming to the forefront in recent litigation. Some companies may think their clickwrap processes are sufficient without documenting evidence, as customers cannot use their services and goods unless they click "I Agree" to proceed. However, this process is not sufficient without evidence of consent. In fact, clickwrap agreements are moot unless sufficient evidence of each agreement is well-maintained for use in any resulting legal proceeding.

The court in Nager v. Tesla Motors Inc.[8] declined to enforce Tesla's clickwrap agreement after Tesla was unable to produce individual records of acceptance. Tesla submitted documentation on how purchases are made on its website, including the fact that users must click "I agree" and "Submit" before proceeding. 

The court did not find issue with the process; however, they wanted back-end records of all individuals tying back to each acceptance. In this case, Tesla could not provide "business records that establishes plaintiffs clicked through and electronically accepted the Agreement" and offered "some random document with no connection" to the individuals at issue.

Another pitfall is not notifying users when you've modified your clickwrap agreement, leaving you without any evidence of when customers consent to the latest amended version. Amazon ran into this problem in the case mentioned above (Nicosia v. Amazon). The company did not have clean records to show that the plaintiff agreed to both the terms of service on sign-up and the amended terms of service. This failure called into question whether Amazon could enforce an arbitration clause, raising the risk of further litigation.

Best Practices

  • Maintain a complete audit trail of records that includes information to identify the user who clicked through and accepted the clickwrap, as well as proof they viewed and consented to the agreement. Also, document the time and date stamp of the consent, as well as which version of the agreement the user consented to.

  • Provide proof of the sign-on or click-through process (e.g. screenshots or visual description) that show details of how the agreement was presented to the user at the time of signing. This should include the sequence of screens used for the sign-in flow and contract acceptance process.

  • If you're updating your clickwrap agreements, remember to notify users who have previously consented to the prior version of your clickwrap agreements and recapture their consent every time a new version is pushed out.

  • Ensure you have a reliable process to collect, manage and maintain these records for future use should you face a dispute. Some companies prefer to use a reputable third-party provider to manage their clickwrap agreements and provide indisputable evidence to mitigate their exposure to risk.

Bottom Line                                                          

Make it easy for your customers and your business. Present clickwrap agreements clearly alongside a prompt where the user may check a box or click a button indicating they accept. It's a simple, tried-and-true approach.

If you want to save a click and do it at sign-on — which is not as bulletproof as an "I accept" button — present the agreement, then notify the user that by logging in, signing up or registering, the user is also agreeing to the standard terms.

Finally, develop and maintain simple and repeatable processes to help keep detailed records of everyone who provides consent. You'll help safeguard your company by documenting evidence of the agreement in case your company faces any disputes in the future — saving you a future headache and protecting your company the way you intended.



Neel Chatterjee is a partner and Victor Wang is an associate at Goodwin Procter LLP.

The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.


[1] Nguyen v Barnes & Noble, Inc. , 763 F.3d 1171 (9th Cir. 2014).

[2] In re: Zappos.com Inc., Customer Data Security Breach Litigation , 2012 WL 4466660 (D. Nev. Sept. 27, 2012).

[3] Colgate v. Juul Labs, Inc. , 402 F. Supp. 3d 728, 764 (N.D. Cal. 2019).

[4] Berkson v. Gogo , 97 F. Supp. 3d 359 (E.D.N.Y. 2015).

[5] Friedman et al. v. Guthy-Renker, LLC , Case No. 2:14-CV-06009-ODW (C.D. Cal. Feb. 27, 2015).

[6] Savetsky v. Pre-Paid Legal Services, Inc. d/b/a LegalShield , Case No. 14-03514 SC (N.D. Cal. Feb. 12, 2015).

[7] Nicosia v. Amazon , 84 F. Supp. 3d 142 (2015).

[8] Nager v. Tesla Motors, Inc. , Case No. 19-2382-JAR, 8 (D. Kan. Sep. 3, 2019).

For a reprint of this article, please contact reprints@law360.com.

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!