Consumer Protection Compliance Points For Cloud Storage Providers - Consumer Law

What's the issue?

Following reports that some consumers were experiencing difficulties and problems with cloud storage services, the Competition and Markets Authority (CMA) launched a review of compliance with consumer law in the sector. It was looking to establish how widespread any problems were, whether problems were caused by non-compliance with consumer law; and how any problems might affect consumers.

What's the development

The CMA has published a report on consumer law compliance in the cloud storage service sector and a compliance checklist for cloud storage providers.

The report found that consumer concerns were less to do with non-compliance with consumer law than heavily focused on data security and privacy issues although there was little evidence to show these concerns were well founded. Having said that, the results of the CMA review, which looked particularly at unfair contract terms, did raise concerns around:

unilateral variation terms – terms which allow providers to unilaterally vary price, service or contract, without giving consumers adequate notice or time to cancel the contract without incurring a penalty;
automatic renewal terms – terms which provide for automatic renewal of a contract after expiry of a fixed term without giving the consumer notice or time to cancel;
limitation of liability terms – particularly where these exclude or restrict the consumer's statutory rights;
jurisdiction and choice of law – terms that prevent consumers from bringing legal proceedings in their local courts and under local law; and
transparency of contract terms – terms which make it difficult for consumers to understand their rights and obligations are potentially unfair under the Consumer Rights Act 2015 (CRA).

What does this mean for you?

If you are a cloud storage provider, the compliance checklist published by the CMA is extremely important. The CMA is urging cloud storage providers to review their contractual terms to ensure compliance with consumer protection law.

It is also worth noting how much emphasis consumers place on privacy and security. See our article for advice for cloud service providers who act as data processors on complying with the incoming General Data Protection Regulation.

From a business perspective, it's clear that there is a PR battle to be fought on top of compliance issues, to reassure consumers that their data will be secure and not used for any purposes which they have not agreed to.

The CMA has made a number of recommendations as a result of the consultation it carried out into compliance with consumer protection law by cloud storage providers. Key areas to focus on when carrying out a review of standard terms and conditions should include:

pre-contractual information – providers should comply with statutory and regulatory requirements and supply the requisite pre-contractual information to consumers in a clear and comprehensible manner;
automatic renewal – consumers should be able to opt out of automatic renewal at any time. They should be sent reminders about renewal in good time to allow cancellation;
unilateral variation – providers should only be able to make the changes to the terms or service for valid reasons which are clearly set out in the terms and conditions. Consumers should have a genuine right to cancel on variation and should be given notice of the variation in good time so they can decide whether or not to accept it;
termination/suspension – providers should ensure their service or a contract is only terminated without warning where there is a real risk of harm or loss to the provider. Consumers must be given clear information as to when the provider can terminate the contract or suspend service with notice. Consumers must be given adequate notice and a reasonable opportunity to remedy minor or potential breaches before the service is terminated, as well as the right to obtain a pro-rata refund of any prepayments;
limitation of liability – providers should comply with the CRA 2015 in their use of limitations and should not otherwise unreasonably limit or exclude their liability for loss or harm to consumers. They should clearly set out the circumstances when liability will not be excluded as well as explaining any applicable limitations or restrictions while avoiding unnecessary jargon;
jurisdiction and choice of law – providers should explain that consumers are able to bring proceedings in their local courts and that the contract is subject to the consumer's local law;
transparency of contract terms – the CMA sets out a list of drafting practices to ensure terms are clear and comprehensible in order to help consumers understand their rights and obligations and make informed choices. Cross references are provided to relevant guidance.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.