Delivering for Best-in-Class Wholesaler-Distributors
January 10, 2020

Amazon Faces Liability for a Third-Party Vendor’s Defective Products

It is well settled law that wholesaler-distributors and other resellers in the supply chain face potential strict product liability for injuries cause by defective products they sell, due to their legal status as a “seller” of that product.

A recent U.S. appeals court decision (2-1 vote) reversed a lower court ruling and held that under Pennsylvania law Amazon was liable as a “seller” of an allegedly defective product sold by a third-party vendor on the Amazon site, even though Amazon did not take title to, or possession of, the product. (Oberdorf v. Inc., 3rd Cir., No. 18-1041). Amazon derives over 50% of its revenue from sales of products sold by over one million third-party vendors.

In the ruling the court focused on Amazon’s extensive contractual authority in controlling the sales of products offered by third-party vendors on the Amazon marketplace.  Click here to view the Amazon Services Business Solutions Agreement.

Amazon recently agreed to make changes to this agreement that are intended to benefit US vendors and others worldwide, in order to close an investigation by Germany’s antitrust enforcers. Unfortunately for vendors, the revised agreement will give Amazon the right to terminate the agreement at any time “for convenience” (i.e., without cause for any reason or no reason) by giving 30 days advance notice with Amazon retaining ownership of, and unlimited rights to use, all the vendor’s customer information and sales data.

However, within hours of the German settlement, the European Union opened a broader antitrust investigation to assess whether Amazon’s use of sensitive customer data gathered from third-party vendors selling on the Amazon site violates EU competition laws. The probe will focus on Amazon’s dual role as an online seller of its own products and as a sales channel for independent sellers, and whether Amazon misuses the customer data its gathers (and owns exclusively) to harm those independent sellers and competition generally. The contractual restrictions listed below are certain to receive EU scrutiny.

The contractual restrictions include:

  • The identity of, and all information provided by, the “customer” making a purchase from the Vendor on the Amazon site is deemed Amazon confidential information, owned exclusively by Amazon. The Vendor may not disclose this Amazon transactional information to any person. Further, the Vendor is prohibited from using this information for “any marketing or promotional purposes whatsoever.”
  • The Vendor can only communicate with customers regarding their Amazon orders through the Amazon platform.
  • All information the Vendor provides to Amazon may be exploited by Amazon in any manner and for any commercial or non-commercial purpose. This includes any Vendor information reasonably requested by Amazon.
  • The price charged by the Vendor on Amazon cannot be higher than the price charged by the Vendor in other sales channels other than physical stores.
  • All customer payments are received by Amazon as the Vendor’s agent and periodically remitted to the Vendor, minus Amazon’s commissions.
  • Amazon retains the right to stop or cancel orders, or to suspend providing services to the Vendor, or to terminate the agreement in its sole discretion, without any prior notice.

This case involved a dog collar that failed and injured the plaintiff. Significantly, the third party-vendor (The Furry Collar) could not be located by the plaintiff or Amazon following the injury, leaving Amazon, according to the court, “as the only member of the marketing chain available to the injured plaintiff for redress.”

In the dissenting opinion, the judge reasoned that several non-Pennsylvania court decisions had excused Amazon from strict product liability as a seller because Amazon did not take and transfer legal title to products sold by third-party vendors, nor did Amazon ever take possession of the vendor’s product.

The case, filed in June 2016, now returns to the federal district court for trial.

While this decision is limited to an interpretation of Pennsylvania law, it could be persuasive authority in other states where claims are made against online marketplaces that play a critical role as the compensated intermediary for the sale of products to consumers and others.

Click here to view the opinion.

California Consumer Privacy Law Compliance Required as of January 1, 2020

The California Consumer Privacy Act (Act) was signed into law on September 23, 2018 and is one of the most stringent privacy laws in the United States. It shares similarities with the European Union’s General Data Protection Regulation (GDPR), including its extraterritorial reach and grant of expansive rights to California residents on how their personal information is collected, used and disclosed. Businesses worldwide that collect California consumers’ personal information will be affected and will face a compliance date of January 1, 2020.

What Businesses are Covered?

The Act will apply to a business and its subsidiaries if it collects or receives personal information from California residents, directly or indirectly, and meets one or more of the following criteria:

  • The business has annual gross revenue that exceeds US $25 Million;
  • The business annually receives, buys, sells or shares, directly or indirectly, the personal information of 50,000 or more California residents, devices, or households; or
  • 50% or more of its annual revenue is derived from the sale of personal information about California consumers.

Personal Information is Broadly Defined

The Act defines “personal information” as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (e.g., name, alias, postal address, unique personal identifier, online identifier, email address, account name, social security number, driver’s license number, passport number, biometric information, employment information, internet activity or other similar identifiers).

Non-Compliance Penalties

California’s attorney general is empowered to bring an action against any company or individual person violating the Act. The Act allows for fines of up to $2,500 per violation or $7,500 per intentional violation. There is no cap on the total amount of fines. Businesses have a period of 30 days to remedy alleged violations of the law before a fine can actually be assessed.

For example, under the Act a violation impacting 1,000 California consumers could carry a penalty of $2.5 million for an unintentional violation and as much as $7.5 million for an intentional one.

Private Right of Action

The Act authorizes a private right of action that allows consumers to seek statutory or actual damages if their sensitive personal information is subject to unauthorized access, theft or disclosure as a result of a business’s failure to implement and maintain required reasonable security measures. Statutory damages can be between $100 and $750 per California resident “per incident,” or actual damages, whichever is greater. The damages provision does not apply if the personal information is redacted or encrypted.

Last Minute Amendments

Finally, amendments to the Act signed into law on October 11, 2019 made changes to the Act, including a one-year moratorium from complying with many provisions for employee data collected from businesses in the B2B context.

Click here for the latest information.

No-Poach Agreements Face Criminal Antitrust Enforcement

In almost all instances, a violation of the federal antitrust laws involves an agreement, understanding or conspiracy among competitors who are selling the same type of products or services, or between suppliers and the resellers of those products or services. The Antitrust Division of the US Justice Department has stepped up enforcement actions against companies who are not direct competitors or are not in a seller-buyer relationship who enter into no-poach agreements. And – importantly – the government has announced its intention to proceed criminally against employers who make no-poach or no-hire agreements.

A no-poach agreement involves an agreement between two or more employers not to compete for each other’s employees, including a promise not to hire or recruit each other’s workers. These no-poach agreements are per se unlawful under the antitrust laws because they eliminate competition in the same manner as agreements to fix prices – they eliminate competition for human resources, thus denying employees the benefit of competitive labor markets.

If a company enters into or continues a no-poach agreement or understanding with one or more companies, there is a significant antitrust risk of criminal penalties as well as civil triple damage lawsuits by private parties under the federal antitrust laws.