Why unfair contract terms put end-user trust in cloud at risk

Cloud contracts are notorious for being weighted in favour of providers but,  for an industry still grappling with how best to win the trust of users, it’s a risky way to do business, argues Caroline Donnelly

Whenever news breaks about a cloud company going out of business or announcing shock price hikes, the first thought that usually crosses their customers’ minds is, “what are my rights?”

Having covered the demise of a few high-profile cloud firms over the years, experience has taught Ahead in the Clouds (AitC) that if people only ask this question once their provider runs into trouble (or does something they are not happy with) it’s probably too late.

Finding out where they stand should the company decided to up their prices, terminate a service they rely on or carry out some other dastardly deed, should – ideally – be established well before they sign on the dotted line.

Experience also tells us that, in the rush to get up and running in the cloud, not everyone does. In fact, AitC would wager, when faced with pages and pages of small print, written in deathly-dull legal speak, very few actually do.

So, one might argue, when something goes wrong, the customer has no-one to blame but themselves if the terms and conditions (T&Cs) give the provider the right to do whatever the heck they like with very little notice or regard for the impact these actions may have on users.

But is that right, and should the cloud provider community be doing more to ensure their T&Cs are fairly weighted in favour of users, and are not riddled with clauses designed to trip them up?

In AitC’s view, that’s a no-brainer. End-users aren’t as fearful as they once were about entrusting their data to the cloud, but if providers are not willing to play fair, all the good work that’s gone into getting to this point could be quickly undone.

And it’s not just AitC that feels this way, because the behaviour of the cloud provider community has emerged as a top concern for consumer rights groups and regulators of late – and rightly so.

Held to account

The Competition and Markets Authority’s 218-page (CMA) Consumer Law Compliance Review, published in late May 2016, raised red flags about five dubious behaviours it claims cloud storage companies have a habit of indulging in that risk derailing the public’s trust in off-premise services.

And, while the CMA’s review set out to examine whether the way online storage firms behave could be considered at odds with consumer law, a lot of what it covers could be easily applied to any type cloud service provider and how it operates.

Examples of bad behaviour outlined in the report include failing to notify end-users about their automatic contract renewal procedures, which could result in them getting unexpectedly locked in for another year of service or hit with surprise charges.

Remote device management company LogMeIn’s activities in this area have come under close scrutiny from Computer Weekly, with customers accusing the firm of failing to tell them – in advance of their renewal date – that the price they pay for its services was set to rise.

LogMeIn refutes the allegations, and claims customers are notified via email and through in-product messaging when users login to the company’s control panel, even though its T&Cs suggest it’s under no legal obligation to do so.

Other areas of concern raised by the report include T&Cs that allow cloud firms to terminate a service at short notice and without offering users compensation for any inconvenience this may cause.

Microsoft’s decision in November 2015 to drop its long-standing unlimited cloud storage offer for OneDrive customers, after users (unsurprisingly) abused its generosity, would fall under this category.

The 2013 demise of cloud storage firm Nirvanix also springs to mind here, when users were given just two weeks to shift their data off its servers or risk losing it forever after the company filed for bankruptcy.

The borderless nature of the cloud often works against users intent on seeking some form of legal redress in some of these scenarios, as the provider’s behaviour might be permissible in their own country, but not in the jurisdiction where the customer resides.

The costs involved with trying to pursue something like this through the courts may vastly outweigh any benefit the customer hopes to get out of doing so, anyway.

In cloud we trust

On the back of its report, the CMA is now calling on cloud storage firms to commit to providing fairer terms of use for customers, so – if a consumer fails to read (or understand) the small print – the risk posed to the financial and operational health of their organisation is minimised.

It’s certainly a step in the right direction, and here’s hoping similar initiatives, incorporating a wider range of suppliers spanning cloud software and infrastructure start to emerge as time goes on. Because if customers can’t trust a provider to put their interests first, why should they assume they’ll treat their data any differently?