Do you know how to negotiate your cloud computing agreement?
Do you know to what legal aspects you should pay attention to?
What can you do if your cloud provider has stolen or lost some of your private data?
To what extent can your cloud provider limit his liability?
All these questions represent important challenges when we talk about negotiating and signing agreements with cloud computing providers.
There are some key points to which you should be sensitive to, for your own legal benefit.
To what you should pay attention to?
Two of the most important legal aspects are of course data security and ownership rights. We all heard about problems with data theft or misuse of information. In this regard, even if you own your data you absolutely need to detail these aspects in a contract with your cloud provider. You can include here details about: data handling, data transfers, notifications in case of any breach of security, confidentiality clauses.
Pay attention to the termination clause. When you end the contract you will need to have a provision that specifies the obligation of your provider to deliver you a copy of your data and erase any other copies that he might have.
Liability – how far can it go?
Limited liability clauses will give you headaches also. Providers will be inclined to fix an amount in the cloud contract that most likely won’t cover all damages that you might suffer. In case you are sued by a customer or your company suffers damages from the provider’s oversight, don’t risk exposure!
Another key point you should consider is the force majeure clause. We all agree that we can’t act against such circumstances (hurricanes, floods, earthquakes), but we can manage their outcomes.
My advice to you: establish with your provider a time frame in which you are allowed to terminate the contract if the event lasts and don’t pay for services to long in advance. Rather than to pay for a service in advance and not use it, try to agree with your cloud provider on present payments.
Also directly related to the force majeure clause is the backup obligation of the provider. There shouldn’t be a force majeure clause without clear backup provisions in the contract. Demand compensations for each day of intermission, especially if your provider fails to provide you services due to, let’s say, a small earthquake that has broken he’s poor built systems. Learn to differentiate between these force majeure and backup clauses.
Who can be held responsible?
Responsibility clauses are more than welcomed in this type of agreements. Like every service, cloud services have their ups and downs and we are here to talk about the risks that can surface. Include provisions in your cloud contract that highlight who has what responsibility in case of third parties law suits. You don’t want to be held responsible by a client for your provider’s negligence. Beware of this vicious circle!
If you want to be extra cautious we can recommend provisions that imply escrow with a third party. A contractual agreement in which the third party will receive your cloud data in case your first provider has problems.
In our opinion, first and foremost, you should just pay attention to your providers credentials, due diligence comes a great way in these cases. Be sure you employ a reliable cloud provider so that your data is in the right hands, and after you can focus on other contractual provisions.
You can find more details on this subject by attending the following event organized by the Netherlands Romanian Chamber of Commerce: “Knowledge Center Enabling the Cloud – Benefits, solutions and legal aspects”
Hope we answered your questions and if you have more, don’t hesitate to contact us.