Customers sign away their rights on cloud contracts
End users are failing to read the fine print in increasingly diverse cloud deals
A study from Queen Mary University of London has suggested that end users often click straight through on cloud contracts, unwittingly signing up to unfair terms and conditions.
The school's Centre for Commercial Law Studies report noted that diverse forms of cloud contract are evolving, meaning that deals differ, yet end users are not afforded sufficient opportunity to negotiate - especially when click-through licences are used by the supplier.
The study has been criticised by the Cloud Industry Forum's (CIF's) legal group. "The report raises concerns," the cloud lobby group said in a statement. "They [end users] fail to assess risk properly, if at all, when adopting low-cost cloud services."
According to the CIF, the study identified common clauses in a wide range of off-the-shelf and negotiated cloud contracts that give cause for concern, including attempts by suppliers to avoid liability for failure, service-level agreements that do not match customer needs, incompatibility with EU data protection rules, and the addition of the right for suppliers to change their service features without notice.
Conor Ward, partner at Hogan Lovells International and chairman of the CIF legal forum, said end users must carefully consider the legal implications of the cloud service on offer.
"This is the first in-depth study of cloud computing contracts," he added. "To date, the relative immaturity of the market has resulted in contracts being used which were not particularly well suited to the services being provided."
He said the Queen Mary study suggests that pressure from regulatory bodies and negotiation experience on larger deals will force cloud contract models to mature. The legal issues of cloud computing are well established, he said, but few users take advantage of this body of knowledge when getting involved.
Ward also reiterated that cloud is not always the best option, so customers should do a detailed risk analysis before migrating new apps to the cloud.
"Cloud services providers, like all external suppliers, will not act as insurers of a customer's business. Remedies under a contract may form part of, but should not be considered to be an entire, risk mitigation strategy," he said.