Communications Litigation Today was a Warren News publication.
'Deceptive and Illegal'

NordVPN Renewal Practices Violate N.C. Automatic Renewal Law: Class Action

Internet privacy and security company NordSec, based in Lithuania, uses “deceptive and illegal” automatic renewal practices to “dupe” consumers into paying for pricey subscriptions to its virtual private network, making it “intentionally difficult to cancel,” alleged a class action Tuesday (docket 3:24-cv-00277) in U.S. District Court for Western North Carolina in Charlotte.

Dennis Hanscom, a Charlotte resident, enrolled in a NordSec subscription in August, the complaint said. The company “advertises widely” online and on podcasts, touting the benefits of enrolling in its products and services, including NordVPN, which purportedly provides “safe and private access to the internet,” the complaint said.

When consumers sign up for NordSec products, “unbeknownst” to them, the company is collecting their payment information “for use in its illegal and deceptive autorenewal scheme,” said the complaint. The company’s subscription enrollment and cancellation process is “deceptive" and violates the North Carolina automatic renewal law (ARL) because it "fails to clearly and conspicuously disclose the terms of the automatic renewal” before consumers subscribe, it said. The process also fails to “clearly and conspicuously disclose” how to cancel the automatic renewal in the acknowledgment emails sent to consumers after they purchase a subscription, it said.

NordSec’s trial offer has a “negative option” renewal policy that automatically converts a trial offer to a fee-based membership that regularly renews unless consumers take affirmative steps to cancel, the complaint said. As a result of the negative option renewal policy, many consumers who buy a product or service “ultimately end up paying fees for a NordSec subscription that they do not want,” it said.

The company uses “dark patterns,” deceptive design practices designed to “manipulate users into taking certain actions and exploit[s] known frailties in human cognitive processing,” to ensure consumers don’t stop paying for its products, the complaint said. Dark patterns in user experience (UX) are “carefully designed misleading interfaces by UX design experts that trick the users into choosing paths that they didn’t probably want to take, thus fulfilling the business objectives, completely ignoring the requirements and ethics of users,” said the complaint, citing a November 2020 Klizo Solutions blog.

Canceling a NordSec subscription is “exceedingly difficult and requires a consumer to figure out -- with no help from the Company -- how to navigate NordSec’s account settings to bring their recurring payments to a halt,” the complaint said. If consumers contact NordSec directly prior to the end of their subscription period, the company “refuses to cancel their upcoming payments and instead only turns off autorenewal for subsequent payments,” in violation of the North Carolina ARL, the complaint said.

The North Carolina ARL requires that an entity offering a contract that automatically renews, unless the consumer cancels the contract, must disclose “the automatic renewal clause clearly and conspicuously in the contract or contract offer,” the complaint said. The entity must also disclose “clearly and conspicuously how to cancel the contract in the initial contract, contract offer, or with delivery or products or services,” the complaint said. NordSec’s subscription and acknowledgment processes violate the ARL, rendering the automatic renewal clause “void and unenforceable,” it alleges.

Many customers don’t realize they’re victims of NordSec’s “unlawful acts and continue to be charged to this day,” said the complaint. The class action seeks to “level the playing field,” enjoin the company’s “unlawful business practices” and recover the charges NordSec has imposed on Hanscom, the complaint said.

In addition to violations of the North Carolina ARL, Hanscom claims violation of the North Carolina Unfair and Deceptive Trade Practices Act, conversion, unjust enrichment and negligent misrepresentation. He seeks injunctive relief and awards of restitution and compensatory damages of at least $100 million, plus attorneys’ fees and legal costs, said the complaint. NordSec didn't comment Wednesday.