Last October, an expert group on cloud computing contracts was established by the European Commission. In a recent discussion paper, consumer organisation BEUC listed a number of questions relevant to the work of the expert group on 'unfair terms in cloud computing service contracts'. These cover a wide range of issues, including (with emphasis added):
'- What elements should be taken into account to assess unfairness by lack of transparency?
- [C]lauses [that establish consumer obligations not proportionate to those of the trader] could be considered unfair under the general unfairness test of the Unfair Contract Terms Directive. Do you think there are elements specific to cloud computing services that should be taken into account to establish the lack of balance in the parties’ rights and obligations?
Would the assessment of these elements be different in paid and ‘free’ cloud computing contracts?
- To what extent suppliers of cloud computing services should obtain, for the mere access to the website, the explicit consent of consumers in order to ensure that they are aware of the contractual conditions (if the accessibility implies the conclusion of a contract)?
Would it be necessary to distinguish between the agreement on the contract terms and the agreement on the collecting and processing of personal data?
- Would it be appropriate that the contract provides specific cases in which the supplier is entitled to suspend the services that are the subject of the contract? Should these cases differentiate between contracts in which the contracting party is a consumer or a SME?
Should we envisage the need that the suspension of the services is preceded by a notice to user (that, in the specific cases of delay or failure in payments, gives to user a time limit within which he may fulfill)?
- How these clauses should incorporate the CRD requirements? For example, should the clause indicate that the consumer’s relevant means of payment (e.g. credit, debit card) will be charged only after he or she explicitly agrees so at the end of the trial period?
- Should the authoritative language version be the one used for the conclusion of the contract taking into account the pro-consumatore interpretation principle of the unfair contract terms directive?
Would this situation be different in a contract in which one party is a SME?
- Is it possible to identify basic elements that should be included in arbitration clauses of cloud computing service contracts (e.g. distinction between internal complain handling and independent ADR; non-mandatory and / or biding nature of the arbitration settlement)?
- Is it justified to request the consumer’s agreement to grant a licence over the content he/she supplied and that is protected under copyright law? To what extent this would be necessary to develop innovative cloud-based products?
If the answer to the first question is possible, under what circumstances that licence would be necessary? Is it necessary to make a distinction between paid and ‘free’ services?
- The framework of Directive 95/46/EC, national legislation and the interpretation of the Article 29 Working Party defines when the consent is valid. However, if the consumer has no choice but to accept, can this consent be considered ‘free’?
- Taking into account the requirements of Directive 95/46/EC, to what extend these types of clauses should be considered unfair?
Do you think that this type of processing of personal data is necessary to the development of innovative cloud services?
- Under what circumstances would it be justified to (legally) allow an exoneration of liability of the supplier of cloud computing services (e.g. due to the influence of external factors)?
- How these clauses [on contractual limitation of compensation due by the supplier] could be re-written in order to comply with the specific provisions of the unfair contract terms directive? Should we make a difference between paid and ‘free’ cloud service contracts?
- If the supplier assigns the contract or some rights or obligations deriving from it, it would be envisage the obligation for the supplier to inform the user, giving him the possibility to terminate the contract?
- What minimum elements should be included in jurisdiction and applicable law clauses? Would it be sufficient a disclaimer claiming that the consumer may be protected under his own legislation or it is necessary to be more specific?
- Despite the fact that in any event, the cloud provider has to comply with its obligations according to Articles 10, 11 and 14 of Directive 95/46/EC, do you think that in these situations [of transfer of personal data in corporate mergers] the consumer should be given with the possibility to withdraw from the contract?'