Disney Insisting on ‘Star Wars’ #Hashtag Contract?

In a particularly annoying meme, the fourth day of the fifth month has earned the moniker “Star Wars Day” because of the expression, “May the Fourth be with you.” But Disney has moved to put celebrants under a contract with binds tighter than Princess Leia’s chains to Jabba the Hut.

At 7 a.m. on April 27, the Twitter account of Disney’s streaming service Disney+ (the owners of the “Star Wars” franchise) implored people to share their favorite “Star Wars” memories using the hashtag #MayThe4th. The Disney tweet noted, “7am PT: Celebrate the Saga! Reply with your favorite #StarWars memory and you may see it somewhere special on #MayThe4th.”
At the same time, Disney’s lawyers added the following to the Twitterverse, noting that “7am PT: By sharing your message with us using #MayThe4th, you agree to our use of the message and your account name in all media and our terms of use here: http://disneytermsofuse.com.”

According to Disney, by sharing the hashtag, you have entered into a contract and agreed to be bound by the Terms of Service and Terms of Use associated with the Disney website.

Four hours after posting the tweet indicating that the sharing of the hashtag indicates acquiescence in a binding contract, Disney sent out a new tweet that said it was actually the act of sharing the hashtag and “mentioning Disney Plus” that created the binding contract and the waiver of your rights. The new tweet said, “12:07pm PT: The above legal language applies ONLY to replies to this tweet using #MayThe4th and mentioning @DisneyPlus. These replies may appear in something special on May the 4th!” So by using a hashtag and mentioning @DisneyPlus, according to the Disney lawyers, you have entered into a legally binding contract with the Walt Disney Company. And what does this contract entail? You would be surprised.

Contract Terms

Among other things, you agree to assign copyright to some of your materials to the Mouse, you agree to be bound by the laws of the State of New York, and to arbitrate any disputes between you and Disney—now and in the future. You agree to waive your right to seek any class action remedies as well. You agree that anything not covered by arbitration will be litigated either in Los Angeles or New York (not sure who chooses which coast). You agree that, no matter what Disney does or the harm it causes to you, their total liability to you cannot exceed a thousand bucks. You agree to receive “texts, calls or prerecorded messages [that] may be generated by automatic telephone dialing systems.” You agree not to “reverse-engineer, disassemble, or otherwise reduce to human-readable form the Disney Products” even though copyright law expressly grants you the right to do that. In fact, you contractually give up the rights to make “fair use” of ANY Disney product (such as singing the song from “Frozen” at your daughter’s birthday party), or to make any copy of a Disney product unless expressly permitted by Disney to do so (even again, when you are permitted to do so under copyright law). You consent to essentially waive personal notice and personal service and receive electronic communications from Disney. You agree not to “interfere with any person or entity’s use or enjoyment of any Disney Product” including those of your kids. So no more taking toys away from your toddler under pain of mandatory arbitration in Los Angeles! You also grant to Disney a wide variety of rights with respect to the tweets you send that mention the hashtag. Specifically, you grant to the Mouse:

… a non-exclusive, sublicensable, irrevocable and royalty-free worldwide license under all copyrights, trademarks, patents, trade secrets, privacy and publicity rights and other intellectual property rights for the full duration of those rights to use, reproduce, transmit, print, publish, publicly display, exhibit, distribute, redistribute, copy, index, comment on, modify, transform, adapt, translate, create derivative works based upon, publicly perform, publicly communicate, make available, and otherwise exploit such User Generated Content, in whole or in part, in all media formats and channels now known or hereafter devised (including in connection with the Disney Products and on third-party websites, services, applications, and/or platforms), in any number of copies and without limit as to time, manner and frequency of use, without further notice to you, without attribution (to the extent this is not contrary to mandatory provisions of applicable law), and without the requirement of permission from or payment to you or any other person or entity.

Pretty broad just for sharing a hashtag.

Is It a Contract?

Since the dawning of the ARPANET, courts have been struggling with the manner in which individuals have been forced to enter into contracts online (and offline). Purveyors of floppy disk software often forced licensees to agree to so-called “shrinkwrap” contract agreements: software license agreements that bound users by virtue of the fact that they opened the package and/or installed the product. On the web, these became “browsewrap” agreements: contracts that became binding based on a person’s visit to a website. In fact, the Disney “terms of use” specifically notes: “These terms of use (‘Agreement’) are a contract between you and Disney DTC LLC, as a Delaware limited liability company …” which you presumably enter into by … well, the contract is not so clear on that. In fact, not only are you entring into a contract, but you are entering into a contract with no defined terms at all, since Disney states that it can “make changes to any portion of this Agreement from time to time and for many reasons” and that “by continuing to use the Disney Products you will be deemed to have agreed to and accepted any amendments. If you do not agree to any change to this Agreement, you must discontinue using the Disney Products.” So you have to grab that stuffed “Toy Story” Woody doll from your 3-year-old and throw it in the trash if you don’t want to be bound by some new term in the contract. Of course, tossing the toy in the trash would also violate the contract, since this would “interfere with any person or entity’s use or enjoyment of any Disney Product.” Catch-22.

Beyond “browsewrap” agreements, which purport to bind users by simply visiting a website, there are also “clickwrap” agreements: those that require the user to do something to demonstrate assent to the terms and conditions (contract) to obtain something of value. This might be simply clicking a button or stating (virtually), “I agree” to the terms, or by digitally signing a name or intials. The clearer the demonstration of actual assent prior to entry, the more likely a court will find a binding contract.

In a recent case HealthplanCRM LLC v. Avmed Inc., 2020 WL 2028261 (W.D. Pa. April 28, 2020) users of web-based software were required to click through an agreement that stated that use of the website constituted assent to the End User License Agreement, which included an agreement to arbitrate disputes. The court noted the distinction between “browsewrap” and “clickwrap” noting that “In browsewrap agreements, a company’s terms and conditions are generally posted on a website via hyperlink at the bottom of the screen.” James v. Glob. TelLink Corp, 852 F.3d 262, 267 (3d Cir. 2017). However, “[u]nlike online agreements where users must click on an acceptance after being presented with terms and conditions (known as ‘clickwrap’ agreements), browsewrap agreements do not require users to expressly manifest assent.” Id. (citation omitted). Instead, “in a pureform browsewrap agreement, the website will contain a notice that—by merely using the services of, obtaining information from, or initiating applications within the website—the user is agreeing to and is bound by the site’s terms of service.” Fteja v. Facebook, Inc., 841 F. Supp. 2d 829, 837 (S.D.N.Y. 2012)” Essentially, for web based terms of service such as those of Disney to be binding, a court must find that notice of the agreement was “reasonably conspicuous and manifestation of assent unambiguous as a matter of law.” In other words, that people knew that they were entering into a contract.

Applying this principle to the hashtagwrap contract allegedly created by Disney is not a difficult undertaking. Simply mentioning @Disney is not an expression of unambiguous assent to the terms of a contract as a matter of law. Using a hashtag similarly is not such assent. Even just visiting the Disney website may not be sufficient. A contract requires some intent to be bound. Sure, there could be an individual who sees the tweet from the Disney lawyers and thinks, “Sure, I’d love to give up my rights, assign my intellectual property, waive my fair use rights and agree to arbitration in Manhattan, limit Disney’s overall liability to me to a grand, so I will simply type in the character “@Disney” to demonstrate my free and full assent to the terms of the contract.” And that person is likely already a lawyer working for Disney. To everyone else, the idea that a tweet that is not a tweet that says, “I agree to be bound by a contract with Disney” constitutes assent to a contract is about as enforceable as Lando Calrissian’s agreement with Darth Vader.

As Lord Vader himself said, “I am altering the deal. Pray I don’t alter it any further.”

Avatar photo

Mark Rasch

Mark Rasch is a lawyer and computer security and privacy expert in Bethesda, Maryland. where he helps develop strategy and messaging for the Information Security team. Rasch’s career spans more than 35 years of corporate and government cybersecurity, computer privacy, regulatory compliance, computer forensics and incident response. He is trained as a lawyer and was the Chief Security Evangelist for Verizon Enterprise Solutions (VES). He is recognized author of numerous security- and privacy-related articles. Prior to joining Verizon, he taught courses in cybersecurity, law, policy and technology at various colleges and Universities including the University of Maryland, George Mason University, Georgetown University, and the American University School of law and was active with the American Bar Association’s Privacy and Cybersecurity Committees and the Computers, Freedom and Privacy Conference. Rasch had worked as cyberlaw editor for SecurityCurrent.com, as Chief Privacy Officer for SAIC, and as Director or Managing Director at various information security consulting companies, including CSC, FTI Consulting, Solutionary, Predictive Systems, and Global Integrity Corp. Earlier in his career, Rasch was with the U.S. Department of Justice where he led the department’s efforts to investigate and prosecute cyber and high-technology crime, starting the computer crime unit within the Criminal Division’s Fraud Section, efforts which eventually led to the creation of the Computer Crime and Intellectual Property Section of the Criminal Division. He was responsible for various high-profile computer crime prosecutions, including Kevin Mitnick, Kevin Poulsen and Robert Tappan Morris. Prior to joining Verizon, Mark was a frequent commentator in the media on issues related to information security, appearing on BBC, CBC, Fox News, CNN, NBC News, ABC News, the New York Times, the Wall Street Journal and many other outlets.

mark has 203 posts and counting.See all posts by mark