The US Court of Appeals just ruled that companies can update their Terms of Service simply by emailing you. Continued use implies consent. Lazy devs rejoice, privacy advocates weep.
Open your personal inbox right now. I bet you've got at least half a dozen emails sitting there with a boring title like "Important Update to our Terms of Service". What do you usually do? Mark as read? Delete? Set up a filter to nuke them from orbit? Well, sh*t just got real. A US Court of Appeals just dropped a massive legal precedent: Emailing you the TOS is now enough, and if you keep using the app, you've legally consented.
So, here's the deal. A US Court of Appeals issued a [PDF] memorandum that essentially states: Providing notice of an updated Terms of Service via email is legally valid.
What does this mean for the tech world? It means corporations don't necessarily have to force users through those annoying, UI-breaking modal popovers where you have to check the "I have read and agree..." box. They can just blast a mass email campaign saying, "Hey, we changed the rules." If you don't reply, don't delete your account, and simply log in the next day to keep using the service, the law says you've given "implied consent". It's basically "silence means yes" in corporate speak.
Even without jumping deep into the HN comment trenches, any veteran dev knows exactly how the community is splitting on this:
As users, this is a wake-up call. Next time you see a TOS email from your bank, your crypto exchange, or your cloud provider, maybe don't blindly trash it. Skim it to make sure you aren't signing away your firstborn child.
As developers and product builders: The next time your Legal team comes knocking, asking for a complicated UI flow to force users to re-accept the new Terms, just forward them this ruling. "Hey, the US Court says an email is fine. Let's save 3 story points and just send them a newsletter!"
However, a word of advice: Lazy is fine, but always cover your *ss. Make sure you log the email delivery status and record the timestamp of the user's next login. When the company inevitably gets sued, you'll want those logs to prove the user actually logged in after the email was sent!
Source: Hacker News | Original PDF Memorandum (US Court of Appeals)
