A recent survey of 31 Cloud computing contracts from 27 different providers has determined that many contracts have clauses that could have a negative effect on the rights and concerns of customers.
The survey was a part of the Cloud Legal Project at the Centre for Commercial Law Studies (CCLS), within the School of Law at Queen Mary, University of London. The questionnaire was funded by a donation from computer giant Microsoft, but remained academically independent. The project is to examine a large range of legal and regulatory issues that come with Cloud computing.
"The ease and convenience with which Cloud computing arrangements can be set up may lull customers into overlooking the significant issues that can arise when key data and processes are entrusted to cloud service providers,” said Professor Christopher Millard, principal researcher on the Cloud Legal Project in a press release.
“The main lesson to be drawn from the Cloud Legal Project’s survey is that customers should review the Terms and Conditions of a Cloud service carefully before signing up to it.”
A lot of popular web services are examples of Cloud computing, like storage and backup sites Flickr and Dropbox, and online business productivity centers such as Google Docs and salesforce.com.
The use of Cloud computing can be quite appealing as a way to save money, improve productivity and give to give more of the flexibility that comes with Internet-hosting of data and programs. However, there can sometimes be unexpected costs and risks hidden in the language of contracts from such services.
The Cloud computing survey found that some contracts have wording that disclaims responsibility for keeping user data safe. Other providers claim the right to cancel accounts for a lack of use; this could be important if the service is being used for an occasional backup or disaster recovery method.
Some accounts can also be terminated for violating the provider’s Acceptable Use Policy; or for basically no reason at all.
Additionally, while some providers promise to only hand over user data if served with a court order, others claim that they will do so on much broader grounds, this includes it simply being a matter of being in their own business interests to release the data.
So if you’re in the Cloud computing industry, and you are using someone else’s service, they might release your data and screw you over if they think it will help them make more money.
The survey also found that Cloud providers often exclude any liability of loss of data, or they strictly limit the kinds of damages that can be claimed against them, these damages could sometimes be substantial enough to bring down an entire e-commerce web site.
While some countries may still allow these claims to be challenged in court, it still presents difficulty because often Cloud providers are located in another continent. That might make things hard for unsatisfied customers.
Cloud service providers usually claim that their contracts are bound by the laws of the place where their main place of business is. In a lot of cases this ends up being a US state with a rule that any disagreement must be heard in the Cloud provider’s local court. The customer’s location doesn’t appear to matter.
It is possible that the most disturbing discovery of the Cloud Legal Project’s was when they found that many Cloud providers claimed a right to change their contracts on their end, by posting a new version on the Internet.
Customers are more or less told to download complicated legal contracts on a constant basis; they are expected to compare and contrast them to their own older version to spot the differences.