XML 26 R14.htm IDEA: XBRL DOCUMENT v3.20.2
Commitments and Contingencies
 9 Months Ended
Oct. 31, 2020
Commitments and Contingencies Disclosure [Abstract]  
Commitments and Contingencies Commitments and Contingencies
Non-cancelable Purchase Obligations
As of October 31, 2020, we had additional outstanding non-cancelable purchase obligations with a term of 12 months or longer of $468.4 million over the corresponding amount disclosed in our Annual Report on Form 10-K for the year ended January 31, 2020, mainly related to third-party cloud hosting.
Operating Leases Not Yet Commenced
As of October 31, 2020, we had additional operating leases that had not yet commenced with aggregate undiscounted future lease payments of $37.9 million. These operating leases will commence in the fourth quarter of fiscal year 2021.
License Agreement
In May 2020, we entered into a license agreement with MPEG LA, LLC (“MPEGLA”) to obtain the rights for future use of licensed intellectual property in exchange for periodic royalty payments. In connection with the license agreement, we made a royalty payment of $9.8 million to use the technology until December 31, 2020, which is amortized in cost of revenue on a straight-line basis in our condensed consolidated statements of operations. During the nine months ended October 31, 2020, we recorded $7.0 million of such costs. In addition, we made a one-time payment of $9.8 million for past use, which was recorded in general and administrative expenses in our condensed consolidated statements of operations for the nine months ended October 31, 2020.
Legal Proceedings
Beginning on March 30, 2020, multiple putative class actions have been filed against us in various U.S. federal district courts and state courts relating to our alleged privacy and security practices, including alleged data sharing with third parties (the “U.S. Privacy Class Actions”). We have also been sued under the DC private attorney general statute on behalf of members of the general public. The plaintiffs claim violations of a variety of state consumer protection and privacy laws, and also assert state constitutional and common law claims, such as negligence and unjust enrichment. The U.S. Privacy Class Actions seek to certify both nationwide and state-specific classes of individuals using our services in certain time periods. The plaintiffs seek various forms of injunctive and monetary relief, including restitution, statutory and actual damages, punitive damages, and attorneys’ fees. The federal cases have been transferred to and consolidated in the Northern District of California with our consent; lead plaintiffs’ counsel have been appointed; and plaintiffs filed their first amended consolidated class action complaint on October 28, 2020, with our response due on December 2, 2020.
On April 7, 2020 and April 8, 2020, securities class action complaints were filed against us and two of our officers in the United States District Court for the Northern District of California. The plaintiffs are purported stockholders of the Company. The complaints allege, among other things, that we violated Sections 10(b) and 20(a) of the Exchange Act, and Rule 10b-5 by making false and misleading statements and omissions of material fact about our data privacy and security measures. The complaints seek unspecified damages, interest, fees, and costs. On May 18, 2020, the actions were consolidated. On November 4, 2020, the court appointed a lead plaintiff.
On June 11, 2020 and July 30, 2020, purported shareholder derivative complaints were filed in the United States District Court for the District of Delaware. The first complaint names as defendants nine of our officers and directors, and the second complaint names eight of our officers and directors. The lawsuits assert state and federal claims and are based on the same alleged misstatements as the shareholder class action complaint. The lawsuits accuse our board of directors of failing to exercise reasonable and prudent supervision over our management, policies, practices, and internal controls. The plaintiffs seek unspecified monetary damages on behalf of us as well as governance reforms. On September 25, 2020, the derivative cases were consolidated. The consolidated case is stayed pending resolution of a forthcoming motion to dismiss the securities class action.
We believe these lawsuits are without merit, and we are vigorously defending ourselves against them. Given the uncertainty of litigation, the preliminary stage of the cases, and the legal standards that must be met for, among other things, class certification and success on the merits, we cannot estimate the reasonably possible loss or range of loss that may result from these actions. In addition, from time to time, we are involved in various other legal proceedings arising from the normal course of business activities. We are not presently a party to any other such litigation the outcome of which, we believe, if determined adversely to us, would individually, or taken together, have a material adverse effect on our business, operating results, cash flows, or financial condition.
In September 2019, the Federal Trade Commission (“FTC”) issued a Civil Investigative Demand to us requiring us to produce certain documents and materials and to answer certain interrogatories relating to our privacy and security representations and practices. Since then, we have fully cooperated with the investigation. In October 2020, we reached a proposed settlement agreement with the FTC staff, which would resolve the FTC’s allegations that certain of our statements and practices about our security constituted deceptive and unfair acts or practices in violation of the FTC Act. On November 10, 2020, the FTC Commissioners voted to approve the settlement and, on November 13, 2020, the FTC published the settlement in the Federal Register for a 30-day public comment period, which will end on December 13, 2020. The proposed settlement remains subject to a final vote by the FTC. Under the terms of the proposed settlement, we neither admit nor deny the FTC’s allegations, and the FTC does not impose any fine or penalty upon us. We would be required to implement certain injunctive provisions, including, among other things, refraining from making any misrepresentations regarding the privacy and security of
our services or how we collect, maintain, use, delete, disclose, allow access to, and protect user information. It also requires us to implement a detailed information security program and obtain third-party security assessments periodically.
We do not expect the proposed settlement, once final, to have a material impact on our financial results. We will cooperate with the FTC’s requirements and work to ensure compliance. Any failure to comply with the settlement once final may increase the possibility of additional adverse consequences, including litigation, additional regulatory actions, injunctions, or monetary penalties, or require further changes to our business practices, significant management time, or the diversion of significant operational resources, all of which could result in a material loss or otherwise harm our business.