Out-Law News 3 min. read

Cloud storage providers urged to review terms and conditions by UK regulator

Cloud storage providers have been urged to review their consumer contract terms and conditions by a UK regulator amidst concern that some commonly used clauses might breach consumer protection rules.

The Competition and Markets Authority (CMA) carried out a review into consumer cloud computing storage service providers' compliance with the Consumer Rights Act.

According to the study (218-page / 2.07MB PDF) approximately 30% of adults in Great Britain use cloud storage services, mainly "to keep copies of their data", and benefit from being able to share file easy, access content from several devices or locations, protection against data loss and access to a larger memory space and large libraries of music, films or TV programmes.

However, the CMA identified some areas of concern and detailed them in an open letter to industry.

Among the concerns raised were with contract clauses that allow cloud storage providers to "unilaterally vary the price, service or contract …without giving consumers adequate notice or an opportunity to cancel the contract without penalty", according to the report of the CMA's study.

In its open letter the CMA said providers should "only be able to make changes to the terms or the service for valid reasons which are clearly set out in the contract, so that consumers understand how the changes might affect their rights and obligations under the contract".

In addition it said providers should "ensure that consumers receive adequate notice of changes, so that they can consider their position and decide whether to accept the changes; and ensure that consumers who do not wish to accept changes can cancel the contract, obtain a refund for any services not yet provided (including, where relevant, any additional services they have purchased) and retrieve their data".

The CMA said that cloud storage providers were also giving themselves "too much discretion to terminate or suspend services, particularly where they can do so without notice". It said providers should "only terminate the service or contract without notice if there is a material breach of contract by the consumer or there is a real risk of harm or loss to the provider if the contract continues".

Consumer cloud storage contracts should "clearly and narrowly define the circumstances in which the provider may suspend or terminate the contract or service with notice", it said. Consumers should be given "adequate notice of suspension or termination to enable them to minimise the impact on them" and "a reasonable opportunity to remedy minor or potential breaches of contract by them before the service or contract is terminated or suspended", it said.

The CMA's study also identified issues with the automatic renewal of consumers' data storage contracts with providers. Consumers should be given the chance to "opt-out of automatic renewal at any time", the regulator said. Providers should tell consumers their contracts will automatically renew a "reasonable time" before it happens and before payment is taken, it said. That notice should include "details of any changes to the price or service" and enable consumers to "exercise their statutory cancellation rights", the CMA said.

Attempts by cloud storage providers to limit their liability under contract also raised the CMA's concerns. It said it was particularly concerned about limitations to liability that would "exclude or restrict a consumer’s statutory rights".

"Terms should not seek to exclude or limit the provider’s liability if it fails to provide the service with reasonable skill and care," the CMA said. "They should not exclude or limit the provider’s liability if the provider fails to provide the service in accordance with a statement or description given to the consumer by the provider."

Providers were warned not to "unreasonably limit or exclude their liability for losses or harm to consumers, for example, where a provider’s breach of contract is caused by events outside the provider’s control". They should "clearly set out the circumstances when liability will not be excluded as well as explaining any applicable limitations or restrictions" and avoid using "legal jargon", the CMA said.

The CMA also said that cloud providers should also not use contract terms to prevent consumers from bringing legal claims against them before their local courts. It said they should also ensure "local law will apply to the contract".

The CMA further warned cloud providers to be transparent with consumers or risk falling foul of consumer protection rules.

"In order to ensure that your terms comply with the law in relation to transparency, you should: draft terms to ensure that consumers can make informed choices; set out all obligations in a clear and comprehensible way; ensure that the structure of your terms and the language used enables consumers to understand their rights and obligations under the contract," the CMA said.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.