Cloud computing contracts’ legal matters from customers’ perspective.

The delivery method of coud services is different from many other forms. The legal aspects of cloud services remain roughly the same as for many other IT services. However, many articles point customers to take notice of cloud contracts. Below are ten key provisions that are taught to customers. Make sure that your cloud services don’t fall short of these provisions.

1. Modifications to the contract terms. Scrutinize the cloud service provider’s ability to change the terms of the contract. Many cloud service agreements allow a cloud service provider to change—at any time and without advance notice—contract terms, fees and rate structures and the services provided.
2. Description of services. Ensure that there is a clear description of the cloud service, which should include the type of services provided, overall goals of the services and how services will evolve during the life of the contract. Many contracts grant vendors the freedom to add or remove features. Cloud customers may need to ensure stability—the ability to continue using the features or version of an application that is most appropriate to business operations, for example. Service-level agreements (SLAs) are an essential part of a contract. They define when a service will be available and when interruptions are permitted or can be expected. SLAs also identify how a customer will be compensated for service interruption.
3. Limitation on the use or reuse of the data. Customers should limit a cloud provider’s access to and use of their data unless it’s strictly required for the provision of the services. This requirement may stem from applicable laws, such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA) or foreign data protection laws, and it may make sense. A cloud provider is intended to be a host or a facilitator; it should not use the customer’s data for its own benefit, unless it has specific permissions. The location of the data is also of particular interest. All parties should agree on where the data will be housed, because location is likely to determine which law applies to the data. For example, if a cloud provider transfers personal data to a server in Argentina, Belgium or Canada, the data will be subject to the local laws of those countries. And the data protection laws of these countries contain specific provisions that limit how personal data may be transferred out of that country.
4. Confidentiality and security requirements. Cloud customers should also ensure the confidentiality and security of their data. In many cases, they will want to be promptly informed of any breach of security that may have affected the data. Appropriate provisions that address vendors’ confidentiality and security obligations, and allocate liability among the parties, are essential.
5. Intellectual property rights. Intellectual property right issues may appear in many different forms. Some services may allow for the posting or publication of user photos, video clips, poems or other content. When a service is provided at no cost, it’s likely that the related contract may grant the hosting provider a royalty-free license to use this content. Some cloud services may involve granting a user a license to the cloud provider’s intellectual property. This license may be very narrow. It may be limited, for example, to the use of the technology or application and could prohibit any modification. As a result, the user may be permitted to use only generic, standardized features and may be barred from developing customizations that would make its use of the service easier or more efficient. The service may grant access to a database but strictly limit what a customer can do with the information it contains. Thus, it is very important for cloud users to understand the precise scope of the licenses granted to one another’s intellectual property. In balancing the pros and cons of entering into a service contract, the scope of the license granted or received may be a crucial element.
6. Representations and warranties. Representation and warranty clauses contain statements by a party on which the other party may rely. A contract outlines specific remedies if the statements or promises made are untrue or not fulfilled, where the party who relied on these statements or promises is entitled to damages from the other party. Representations and warranties in cloud service contracts may address, for example, where or how the services will be performed, the qualifications of the individuals performing the services, the reliability of the technology used to perform the services or ownership of intellectual property rights.
7. Indemnification. Indemnification provisions identify how one party will compensate the other for a loss incurred as a result of the indemnitor’s acts or omissions. For example, a cloud service provider may agree to indemnify a customer if the technology used to provide the services infringes or misappropriates a third party’s intellectual property rights. A customer might agree to indemnify the cloud provider if it faces a third party’s claim that arises from customer negligence, misconduct or violation of law.
8. Limitation of liability and damage. Limitation of liability clauses are among the most negotiated. They are critical because they determine the extent of the damages that a party may have to pay, or may receive, in the event of a breach of contract or other omission.
9. Contract terms and renewal. Know when the contact will end and the conditions under which it can be terminated or extended. Clauses are often neglected when parties enter into a contract but highly scrutinized when disputes arise. For example, the contract may give a vendor the freedom to terminate the contract at any time and for no reason. The vendor could automatically renew the contract for another term if a customer fails to inform a provider within a certain window of time. The unexpected termination or extension of the contract could cause significant loss to the affected party.
10. Effect of termination. It’s not enough to know when a contract will terminate. Anticipate what will happen when the contract terminates. What will happen to the data? How can data be retrieved, and in which form and format? Will the service provider be required to keep the data on its systems during a transition period? It can be easy to sign on with a cloud provider, but companies that don’t pay attention to these cloud computing contract provisions may pay a steep price. So take the time to ensure that your company’s interests and data are protected when contracting with a cloud service. 

Taken from CloudComputingReview vol. 1, No. 1 June 2011