742
23andMe frantically changed its terms of service to prevent hacked customers from suing
(www.engadget.com)
This is a most excellent place for technology news and articles.
Are T&Cs retroactive? I would think any new T&Cs could only apply from that point forward, not that they could retroactively absolve themselves of liability or how you could pursue it.
Like all good lawyer answers: maybe. I don’t know enough about the specific amended terms or their data breach. Courts sometimes enforce adhesion contacts and sometimes don’t. But retroactive in and of itself isn’t illegal; for example, if you could edit NOT retroactively settle a dispute, you’d have no settlement agreements.
But settling a dispute requires compensation for the party that was damaged. That's what a settlement is.
You can't say "If you don't do A, B, and C you can't sue me! Nah nah nah!" Without compensation courts are not going to believe that anyone knowingly agreed to the settlement.
Now if they gave everyone like $5 and said "Sign here where it says you can't sue," that would be different.
You’re referring to the contract concept of “consideration” which sometimes is the same as compensation but can also do doing/ not doing an action. Sometimes consideration isn’t required either, particularly if the original contract had adequate consideration and says future amendments don’t have to have it. (Depends a lot on which state). That may or may not matter here. It really depends on the specific terms at dispute and you can’t just assume it fixes this issue.
IANAL and I don't claim to fully understand the case, but it looks to me like the reason they might be able to get away with it is that they're not trying to change anyone's rights or obligations; they are "merely" changing the mechanism by which disputes are to be resolved. It is of course a pure coincidence that the new mechanism makes it a lot harder to find 23andMe liable for any infractions.
I lean the other way.
I think it would be a pretty solid case to argue that the change to the TOS, considering the timing and combined with the breach, would be outrageously unreasonable enough to invalidate the “meeting of the minds” requirement.