I’ve found that people in Growth are all too often not aware of some of the major laws that govern the industry. In this post, I’ll cover three major lawsuits that sued over growth tactics used by well-known companies and some principles for how your Growth team can stay out of trouble.

Hickey v. Voxernet LLC

In 2012, Voxer was sued over their invite flow where users sent SMS invites to their friends. Instead of just popping up the SMS app with a pre-populated message, the flow in Voxer was it would popup a contact list picker and have the user select a number of different friends from their contact list to invite. After the user selected the friends they wanted to invite then Voxer sent those friends an invite from their servers. The claim was that Voxer sending SMS invites violated a clause in the Telephone Consumer Protection Act (TCPA) against Automated Telephone Dialing Systems (known as ATDS or auto-dialers). Voxer ultimately settled, and in the three years following that lawsuit, a number of lawsuits were filed against other companies that also had similar flows which used a contact list picker to allow users to send multiple SMS invites [Sterk v. Path Inc.][Huricks et al v. Shopkick, Inc][McKenna v. WhisperText LLC][Glauser v. GroupMe, Inc.][Reichman v. Poshmark, Inc]. A lot of the lawsuits stemmed from some ambiguity on what was considered an auto-dialer. Then in 2015, the FCC issued a ruling to clarify the ambiguity and laid out clear guidelines for when SMS invites were ok. Namely, they needed to meet the following criteria:

The invites required human intervention (i.e. they had to be initiated by the user) The user needs to play a role affirmatively deciding to send a text message, selecting who to send to, and preferably controlling the contents of the text message.

It had to be clear to users that their friends were going to receive a text message and how many messages would be sent as a result of their action (as opposed to a different communication channel such as an email).

The biggest takeaway is that while sending SMS invites can be very powerful, they can also open a company up to a lot of legal risk. To mitigate that risk, be very thoughtful about how you design your invite flow and preferably get a lawyer to carefully review your invite flow and provide a written legal opinion with screenshots of the flow.

Perkins v. LinkedIn Corp.

LinkedIn was sued in 2013 for sending invite reminder emails. When a LinkedIn user invited their friends or colleagues to the service, LinkedIn would send an email to those people. If they didn’t respond to the initial email, they would receive a 2nd and a 3rd email as a follow up reminder to join the service. While on the surface, that doesn’t sound very nefarious, the lawsuit alleged that users had consented to the 1st email, but they had not consented to the 2nd or 3rd reminder emails. The lawsuit also alleged that by sending reminder emails the user had not consented to, it could potentially damage the user’s reputation by spamming their contacts without their consent. It also alleged that users had not consented to their name and profile picture in the reminder email. LinkedIn ultimately settled for $13M, changed its product policy and privacy policy. The takeaway from this lawsuit is that even for email invites it needs to be very clear to users how many people will be contacted and how many times their friends will be contacted.

Opperman et al v. Kong Technologies, Inc. et al

In 2011 and 2012, many apps such as Instagram, Twitter, Yelp, Path, Kik, Gowalla, Foodspotting, and Foursquare were caught uploading users’ contact lists to their servers without user knowledge or consent. In most cases, the reason these companies were doing this was to do friend recommendations (to either identify friends already on the service or to recommend friends to invite). Apple quickly added the Contact List Permission to iOS 6 as a result of the scandal and the defendants agreed to settle the class action lawsuit for $5.3M. The takeaway from this lawsuit is that even if something is technically possible, and even if you are allowed by your products Terms of Service, you should be very clear and upfront when collecting data that a user would not reasonably expect be collected.

Conclusion

Path Inc. in particular got hit with a triple whammy. Not only was it sued for SMS invites in Sterk v. Path and had to pay into the Opperman et al v. Kong Technologies, Inc. et al settlement, it was also fined $800,000 by the FCC for violating the Child Online Privacy Protection Act (COPPA). The violation stemmed from the fact that a few thousand children under age 13 were allowed to sign up for the product and Path collected personal information from those users without parental consent.

Growth teams and startups can have a mentality of “move fast and break things.” However, it is important to understand what areas to pay careful attention to if you want to avoid the company getting bogged down in lawsuits and legal wrangling: SMS, invites, referrals, and data privacy. These two principles can help you stay out of trouble:

Make sure the Growth team is aware of major laws that impact their work like the Telephone Consumer Protection Act (TCPA), Child Online Privacy Protection Act (COPPA), European General Data Protection Regulations (GDPR), etc.

Make sure you always get informed user consent any time you are collecting data the user might not expect, or when the user is going to send an invite/referral.

Disclaimer: I am not a lawyer and this post in no way constitutes legal advice