e360 Seeks Indemnification From Choicepoint Under Data License Agreement

e360 (defendant in the Ferron and Silverstein cases, as well as a party in the Comcast and Spamhaus cases - all directly or indirectly involving unsolicited commercial email) filed a lawsuit against Choicepoint in January seeking indemnification for claims asserted by Ferron, Silverstein, and Mark Ferguson.  The suit was removed by Choicepoint to the Eastern District of Arkansas based on diversity jurisdiction.  (Access the legal documents as spamsuite here (complaint/answer).)  (Via Mr. Silverstein in comments below, and Laura @ wordtothewise.com, whose comments are worth checking out.)

Why is this an interesting lawsuit? 

Spam Litigation Costs $$:  First it's interesting to see that e360 spent approximately $350,000 defending and/or settling three lawsuits:  Ferron v. e360; Silverstein v. e360; and Ferguson v. e360 (I think there were multiple actions in this one).  Sounds like a billing bonanza for lawyers!  Seriously, that's a pretty staggering figure, for three pieces of litigation arising out of emails and which didn't involve any well known ISPs. 

How Does CAN-SPAM Fit in?  Second, it will be interesting to see how CAN-SPAM plays into the lawsuit.  At this point, it's merely a contractual dispute between e360 and Choicepoint.  Choicepoint provided email addresses and data to e360 pursuant to a "Data License Agreement" (which is attached to the complaint).  The data contained several categories of addresses, and the agreement specified appropriate uses (I and O), and contained warranties and indemnification against third party claims.  e360 argues that the email addresses in question were marked as "O" which according to e360 (or e360's interpretation of a letter sent by Choicepoint's counsel in response to the initial indemnification demand) meant that "the records were approved only for direct mail and not email."  e360 takes this one step beyond and argues that this means that Choicepoint violated CAN-SPAM, since it provided email addresses to e360 which belonged to people who had opted out from receiving emails.  e360's position seems fairly untenable - it twists the language of whether data was approved for a certain purpose to mean that the end user/consumer opted out of all non-approved purposes.  This is not the sort of opt-out CAN-SPAM cares about.  CAN-SPAM allows anyone to send commercial email provided it's accurate.  The sender must (among other things) provide a means of opt-out, and must honor the opt-out within a certain period of time.  Where a sender transmits messages on behalf of multiple entities, this raises the issue of who must honor the opt-out and whether it must be honored across various entities.  If you receive an opt-out you must not further transfer the person's email address.  But as far as I know, CAN-SPAM speaks to opt out from transmitted emails.  If you post a message on a website somewhere that you are "opting out your email address," CAN-SPAM does not care about this.  It would have been different if the CAN-SPAM plaintiffs (Ferron, Silverstein, and Ferguson) had communicated their opt-outs to Choicepoint in some manner.  This does not seem to have been the case. (Comments are invited on this issue.) 

Finally, the lawsuit provides a window into what terms will likely become important in a data license agreement in this context.  

First, the warranties:  here, the agreement says that "the Data consists of records of persons who have opted to receive third party commercial email advertising messages."  I'm not really sure what "opted to" - a phrase which appears regularly in the complaint as well - means?  Does it mean that "all email addresses provided to Licensee are from individuals who have affirmatively opted in to receive commercial email advertisements/solicitations"?  There's also a general "compliance with law" warranty but it's unclear as to whether this adds anything. 

Second, the indemnification:  the agreement contains a fairly standard fare indemnification provision which is tied to the reps and warranties and a general contractual breach.  It would have been nice from e360's standpoint to have blanket indemnification by people who allege their data was improperly transmitted to e360.  It's unclear as to whether the indemnification provision is triggered by the claims against e360.  Additionally, the indemnification provision requires the party seeking indemnification to "give prompt written notice of any . . . claim and [give the] named party . . . full control over the defense of such claim . . . ."  The million dollar question here: did e360 give Choicepoint adequate notice of the lawsuits?  This is obviously a factual question, but Choicepoint will definitely argue that it was not given sufficiently prompt notice.  (There was at least one demand for indemnification which was rejected but the demand was made months into the lawsuit after many of the initial pleadings had been filed.) 

Finally, scope of acceptable use:  This is the issue the parties seem to be hung up on:  what were the limitations on the use of data. To me Exhibit A seems fairly straightforward on this point.  (It could be clearer obviously, but you can go back and re-write any agreement in terms of a dispute that later arises.)  Records designated with an "I" can be used for emailing and prospecting and those designated with an "O" can be used for direct mailing.  The agreement does not define "direct mail" but I assume industry usage and the fact that it's set out in a section separate from "email" usage will aid in determining the correct meaning.  After a few reads I finally understood e360's argument here.  e360 seems to argue that Choicepoint should not have transmitted to e360 any emails which were "not approved" for email solicitations since these emails were by definition "opt-out" emails and since CAN-SPAM prohibits the further sale or transfer of "opt-out" email addresses.  e360 argues that Choicepoint ran afoul of CAN-SPAM in transferring these emails.  I don't really buy this argument.  First, the email addresses may not have been opted out by the owners, the person or entity who provided the data to Choicepoint could have said "we don't want you emailing to a certain batch of data".  Choicepoint could have designated this batch as "I" - meaning e360 could not email.  This doesn't necessarily mean that the recipients opted out.  Second, and more important, e360's argument suffers from a glaring contradiction.  In making it, e360 admits that it used the data outside the scope of acceptable use as specified in the agreement.  I don't think a court is going to buy e360's position. 

It will be interesting to see how this one turns out. I'm predicting a quick resolution in Choicepoint's favor.  In the meantime, as always, sender (or in this case licensor/licensee) beware!
  • No trackbacks exist for this post.
  • No comments exist for this post.
Leave a comment

Submitted comments are subject to moderation before being displayed.

 Name (required)

 Email (will not be published) (required)


Your comment is 0 characters limited to 3000 characters.