Last October, an expert group on cloud computing contracts was established by the European Commission. In a recent discussion paper, consumer organisation BEUC listed a number of questions relevant to the work of the expert group on 'unfair terms in cloud computing service contracts'. These cover a wide range of issues, including (with emphasis added):
'- What elements should be
taken into account to assess unfairness by lack of transparency?
- [C]lauses [that establish
consumer obligations not proportionate to those of the trader] could be
considered unfair under the general unfairness test of the Unfair Contract
Terms Directive. Do you think there are elements specific to cloud computing
services that should be taken into account to establish the lack of balance in
the parties’ rights and obligations?
Would the assessment of
these elements be different in paid and ‘free’ cloud computing contracts?
- To what extent suppliers
of cloud computing services should obtain, for the mere access to the website,
the explicit consent of consumers in order to ensure that they are aware of the
contractual conditions (if the accessibility implies the conclusion of a
contract)?
Would it be necessary to
distinguish between the agreement on the contract terms and the agreement on
the collecting and processing of personal data?
- Would it be appropriate
that the contract provides specific cases in which the supplier is entitled to
suspend the services that are the subject of the contract? Should these cases
differentiate between contracts in which the contracting party is a consumer or
a SME?
Should we envisage the
need that the suspension of the services is preceded by a notice to user (that,
in the specific cases of delay or failure in payments, gives to user a time
limit within which he may fulfill)?
- How these clauses should
incorporate the CRD requirements? For example, should the clause indicate that
the consumer’s relevant means of payment (e.g. credit, debit card) will be
charged only after he or she explicitly agrees so at the end of the trial
period?
- Should the authoritative
language version be the one used for the conclusion of the contract taking into
account the pro-consumatore interpretation principle of the unfair contract
terms directive?
Would this situation be
different in a contract in which one party is a SME?
- Is it possible to identify
basic elements that should be included in arbitration clauses of cloud
computing service contracts (e.g. distinction between internal complain
handling and independent ADR; non-mandatory and / or biding nature of the
arbitration settlement)?
- Is it justified to request
the consumer’s agreement to grant a licence over the content he/she supplied
and that is protected under copyright law? To what extent this would be
necessary to develop innovative cloud-based products?
If the answer to the first
question is possible, under what circumstances that licence would be necessary?
Is it necessary to make a distinction between paid and ‘free’ services?
- The framework of Directive
95/46/EC, national legislation and the interpretation of the Article 29 Working
Party defines when the consent is valid. However, if the consumer has no choice
but to accept, can this consent be considered ‘free’?
- Taking into account the
requirements of Directive 95/46/EC, to what extend these types of clauses
should be considered unfair?
Do you think that this
type of processing of personal data is necessary to the development of
innovative cloud services?
- Under what circumstances
would it be justified to (legally) allow an exoneration of liability of the
supplier of cloud computing services (e.g. due to the influence of external
factors)?
- How these clauses [on contractual limitation of compensation due by the supplier] could be
re-written in order to comply with the specific provisions of the unfair
contract terms directive? Should we make a difference between paid and ‘free’
cloud service contracts?
- If the supplier assigns
the contract or some rights or obligations deriving from it, it would be
envisage the obligation for the supplier to inform the user, giving him the
possibility to terminate the contract?
- What minimum elements
should be included in jurisdiction and applicable law clauses? Would it be
sufficient a disclaimer claiming that the consumer may be protected under his
own legislation or it is necessary to be more specific?
- Despite the fact that in
any event, the cloud provider has to comply with its obligations according to
Articles 10, 11 and 14 of Directive 95/46/EC, do you think that in these
situations [of transfer of personal data in corporate mergers] the consumer should be given with the possibility to withdraw from
the contract?'
