Connect with us


Cloud Computing: Legal dos and don’ts

Cloud computing is the delivery of information technology services over the internet without the need for businesses to purchase or install software or run their own application and data servers. Applications are hosted in the data centers of the cloud computing provider, benefiting from massive economies of scale


cloudCloud computing is the delivery of information technology services over the internet without the need for businesses to purchase or install software or run their own application and data servers. Applications are hosted in the data centers of the cloud computing provider, benefiting from massive economies of scale which in turn lower the costs of the service to the businesses.

Cloud computing services include: Software as a Service, Platform as a Service and Infrastructure as a Service, all of which involve delivering information technology components that had previously been regarded as infrastructure or hardware.

Benefits and risks

Cloud computing services offer to a number of benefits but also expose businesses to certain risks, although the risks are often ignored with the result that businesses may enter into a cloud computing contract without having considered all potential issues including legal and compliance. Some of the benefits of cloud computing include: low, fixed charges; improved support and maintenance through greater competition between service providers; anytime, anywhere access; ease of adoption; greater flexibility with business requirements that can expand or contract as required. Some of the risks include: standard solutions may not precisely match business needs, limited warranties, indemnities, lack of integration and management of legacy systems, lack of control over data and content with potential data protection issues, risk of lock-in, risk of hidden extras for additional users, storage and so on, risk that a business fails to control usage or increased storage and ends up paying more than what it had budgeted for.

What are the legal issues?
Cloud computing operators generally offer their services on standard terms. Standard terms tend to be for the benefit of the operator, including only limited warranties. In particular, cloud computing providers may reserve the right to delete customer data for breach of contract, such as non-payment. For businesses this may be disastrous vis-a-vis their customers.

In the UK, standard terms between UK companies (and, in particular, any exclusions or limits of liability) are subject to the Unfair Contract Terms Act and must be reasonable. However, this requirement is not necessary in the event of international contracts (as most of the cloud computing contracts are). In addition, it is far safer to negotiate key provisions in advance rather than rely on statutory protection after an issue arises and business will need to know what kind of service levels and service credits will be offered to it. In the event of use of cloud computing services for key operations such as outsourcing then, the parties must have a properly negotiated agreement, including service levels and support.

The legal issues to consider are various and include: concluding contracts inadvertently; data protection; intellectual property issues and defamation; software licensing, open source use; liability; law and jurisdiction.

More in detail:

  1. The risk of concluding contracts inadvertently: for example, if an employee signs up to a cloud-computing application using a computer at work for a purpose related to their employment, then the company could be bound by the terms of that cloud computing service.
  2. The risk of data protection compliance: if employees input personal data held by their employer into the cloud, the company must comply with its data protection obligations.
  3. The risk of intellectual property infringement: liability may arise when employees post defamatory or copyright-infringing content into the public areas of many cloud-computing services. In all the above, appropriate policies, procedures and training must be given to employees to ensure compliance.
  4. Appropriate licences: when users have online use of software at a computer without a licence, they commit copyright infringement. The licences granted by cloud computing operators are usually very narrow and limited to use of the online application for the business own purposes. Customers have no rights to make copies of or modifications or enhancements to the software, and they cannot sub-license to third parties. So the business, before accepting the software licence, must ensure that it can comply with its obligations and if not it must make the necessary changes to allow for sub-contracting or outsourcing.
  5. Intellectual property issues: a cloud computing operator may not always own the intellectual property rights in the software that is the subject of the cloud-computing service. In this case, the operator will need to arrange for the right to sub-license the software to its customers, or for a direct licence to be entered into between the customers and the relevant third-party licensor.
  6. Use of open source software: although the use of open source software helps keeping the costs down and many cloud computing operators build their services using such software, the open source software licences vary considerably and some require onward licensing of source code when open source is incorporated into other software or deployed in a hosted environment, which could have serious consequences for businesses. It is thought however, that pure cloud services are not considered to involve a conveyance according to the General Public Licence Version 3 and therefore code disclosure requirements should not be triggered. However, it is preferable for businesses to check this issue with their provider.
  7. Content licence: the standard terms offered by many cloud computing operators allow them to use any content stored on its servers. These licences are often expressed as being perpetual and irrevocable often giving the cloud computing providers the right to pass the content to third parties or use it for the purpose of promoting the cloud computing service. This may not be appropriate for information such as personal data, third-party intellectual property rights or confidential information contained in or attached to e-mails. Customers should therefore take care in identifying and amending any rights they are agreeing to provide to the cloud computing operator before they sign the relevant contract.
  8. Liability: the cloud computing provider will seek to exclude all liability for content stored or posted on its services and will normally include a right in its standard terms to remove any data from its servers. This is because internet service providers can be liable for failing to take down offensive, defamatory or intellectual property infringing content and cloud-computing applications often blur the line between public and private networks. In these circumstances, corporate customers should seek an indemnity for any loss suffered as a result of material being unnecessarily deleted or moved and should look to impose a requirement to be notified in advance if any content is to be removed.
  9. Intellectual property indemnity: it is common in all IT contracts to include an intellectual property indemnity for the customer’s benefit in the event that a third party makes a claim that the use of IT products by the customer (particularly software) infringes the third party’s intellectual property. However, it is important for the customer to ensure that such indemnity is not unreasonably limited or subject to unnecessary conditions. The inclusion of intellectual property indemnities in cloud-computing contracts remains important because customers have to rely on the cloud computing provider to ensure that software licensing issues have been resolved so as to entitle the customer to use the software as part of the service. One of the benefits of cloud-computing arrangements is that the burden of the upkeep of software licensing arrangements is generally lifted from the customer. However, if the arrangements are not properly made, the customer may still infringe the intellectual property of a third party even though it may have no knowledge of the infringement. Cloud-computing users need to be aware of the possibility of patent infringement through the use of cloud-computing arrangements. Patent protection is increasingly available for computer software in the US and in the EU. Where cloud-computing arrangements are established on an international basis, the intellectual property indemnity needs to be wide enough to protect the cloud services’ customers in all jurisdictions in which the software will be used.
  10. Jurisdiction and governing law: Where the parties have not expressly chosen a legal system in their contracts: (a) contractual obligations will be governed in accordance with the law of the country in which the party who will perform obligations characteristic of the contract has its habitual residence or central administration this will generally be the law of the place in which the cloud computing provider locates its servers; (b) non-contractual obligations arising in civil and commercial matters between parties, the law applicable will be the law of the country in which the damage occurs or is likely to occur.

Also a business needs to take care during cross-border dealings to ensure that foreign law does not give rise to unexpected and binding non-contractual obligations (for example, duties of good faith in negotiations which do not exist under English law).

Under the Brussels Regulation a person domiciled in a contracting state may be sued in the courts of another contracting state where a contractual obligation is owed. A cloud computing provider based in the EU can be sued in all the jurisdictions in which it provides services to its customers. The Brussels Regulation also provides for mutual recognition and enforcement of judgments.

However, where the cloud computing provider is based outside the EU, jurisdiction will depend on the relevant rules of court relating to service of proceedings on the cloud computing outside the jurisdiction. Customers often take the view that the cloud-computing contract should be governed by their local law as this is the legal system of which they have greatest knowledge. However, this will be difficult to negotiate. Further, it may not necessarily be the most advantageous position. If the cloud computing does not have a sizeable presence in the customer’s jurisdiction then any court order that might be obtained will be difficult to enforce in the cloud computing provider’s jurisdiction. This applies particularly between EU customers and US cloud computing providers and where there is a need to obtain emergency remedies against a cloud computing provider for example, if the customer considers that its data has been misused by the cloud computing provider. In these circumstances, obtaining emergency remedies will generally be more straightforward if the governing law of the contract is the local law of the cloud computing provider. For a checklist of the cloud computing key issues see our article.

This article by Dr Maria Anassutzi, intellectual property and information technology law expert, discusses cloud computing, its benefits and risks and the legal issues that involves for businesses. This article is for general purposes and guidance only and do not constitute legal or professional advice.

BusinessBlogs is the popular online Hub for quality business articles. We publish unique articles and share them with our social followers.


Brexit Unknown Makes UK Businesses Nervous

Brexit and the markets

Brexit is certainly making businesses nervous right now, and there are many reasons for that. Despite almost three years having passed since the original vote, things are no clearer as to what the impact will be on business or what kind of trading relationships the UK will have with the EU going forward. Therefore, some nervousness is to be expected.

UK Businesses Rely on EU Workers

UK businesses of all kinds and in all industries employ EU workers. The question that remains unanswered is how those working relationships will function after Brexit has properly occurred.

There are guarantees in place that workers currently residing in the UK will be able to carry on living here, but it’s not at all clear whether more EU workers will be able to move here with ease after Brexit, and most indications suggest that won’t be the case. This will certainly have a big impact on businesses in many sectors.  See this article on: Solicitors talk Brexit.

All Types of Workers Are Required for the UK Economy to Function

One idea that has been floated by the UK government is the idea of an income threshold, meaning only those earning more than a certain amount of money will be allowed to live and work in the UK. This would mean that highly skilled workers would find it much easier to work in the UK than low skilled workers would.

However, the UK economy relies on both skilled and low skill labour in order to function properly. If that supply of low income workers was cut off after Brexit, more businesses would struggle.

Contingency Planning Might Not be Enough for Small Businesses

For big businesses, contingency plans are already being put in place. This is expensive and time-consuming for large companies, but it will mean that they’re able to protect themselves against the upheaval brought about by Brexit. On the other hand, small businesses don’t always have that option because they don’t have the resources to put adequate contingency plans in place. It’s those small businesses, therefore, that are likely to be hit hardest.

It’s clear that small businesses are not opening at the rate they previously were because of Brexit uncertainty too. This denies the UK economy future growth prospects as well as depriving society of potentially successful ideas and businesses.

What Can Business Do to Prepare?

In terms of what businesses should be doing now, it’s best to seek professional legal advice about the situation, what you can expect and where your business and its staff stand. You should also analyse your supply chain and think about how that could change in the future under various Brexit scenarios. It might also be a good idea to look at existing contracts with EU companies and seek clarifications regarding those.

The Brexit situation is constantly in a state of flux, so things can change very quickly in one direction or the other. Therefore, it’s important for businesses to be watching and listening so that they can work out what their next move should be in order to prepare properly and minimise risk.

Continue Reading


If You Own A Business, You Need An Estate Plan


It’s an unfortunate fact that arguments over material possessions break out between family members when somebody dies. It’s rough when one beneficiary thinks they’re entitled to that person’s possessions and financial resources more than the others. The complexity of the situation is amplified when the deceased person owned a business.

If you’ve got a family, you have every reason to care about what will happen to your business when you die. Your business has the potential to be an investment for your children or a nest egg for your spouse. If you haven’t created an estate plan that includes your business, it’s time to create one.

Start with a will

Your will is the most basic estate planning document. It allows you to declare who will be named the executor of your business. Your business executor will be responsible for continuing the business.

Dying without a will places a huge burden on your employees, business partners, and the success of your company.

Although a will is important, it’s not everything.

Your will isn’t the principle governing document of your estate

Our USA based readers may be interested in what’s in this article titled: What Might Surprise You About Your Will, CG Trust explains that many assets don’t fall under a will or probate like real estate, life insurance, and mutual funds. When you purchase these assets, you’re asked to assign a beneficiary and sometimes a contingent beneficiary.

When you specify a beneficiary for an asset, that overrides anything stated in general terms in your will. For example, say you leave everythin’ to your aunt Suzie in your will and your children are listed as beneficiaries on your life insurance policy. Your aunt Suzie can’t touch your life insurance policy – only your listed beneficiaries can.

Identify your designated beneficiaries for all business assets. If it’s not somebody you want to inherit that asset, change your beneficiary immediately. Remember, a beneficiary on a specific asset overrides what’s in your will.

Focus on minimizing your taxes

Most people don’t realize that when a business owner passes away, the estate taxes can tank the business. Estate taxes can be more than 50% of the value of your business and must be paid within nine months of your death. Most businesses need to liquidate to pay these taxes.

Thankfully, the IRS has tax breaks in Section 303 and Section 6166 that can protect your business. Section 303 deals with using stock to pay death and funeral taxes; Section 6166 deals with Federal estate taxes.

Both sections make it easier to pay necessary taxes without breaking up your business.

Avoid probate as much as possible

Although the process is mostly clerical, probate ties up assets for months (sometimes years) and can be expensive. It’s best to plan ahead to avoid probate as much as you can.

When you create a properly structured ILIT living trust, the benefits paid from the insurance policy won’t pass through probate. The funds will be available immediately to cover estate taxes and other financial obligations.

You can also establish a grantor retained annuity trust (GRAT). With this trust in place, if your assets grow over the terms of that trust, the appreciation won’t be subject to estate taxes. This allows you to pass your business assets to your kids or your spouse.

Declare power of attorney

You need to declare power of attorney to someone trustworthy to handle legal matters on behalf of the business when you pass away. This individual will be in charge of things like payroll, managing vendor payments, and financial assets.

If you don’t declare power of attorney to someone before you die, the court will appoint a guardian who may not have your company’s best interests in mind.

You also need a succession plan

A succession plan is designed to ensure your business runs as smoothly as possible; it’s a plan that chooses decision makers and creates a strategy for transferring company information to the right people. Although the details for every business will be different, describes what might be included in this plan.

For example, a management succession plan might include training your successors, delegating responsibilities, and bringing in an outside advisor for their objectivity. An ownership succession plan might include defining who will own vs. manage the business, creating terms that consider your family’s best interests and timing the transfer of your business to avoid a discounted sale of your business.

Get professional guidance

Making sure your business survives and stays in good hands when you die is important. If you’re not sure where to start, contact an estate planning professional for help.

Continue Reading


4 Things to Consider When Creating a Business Continuity Plan

finger boxes

One of the biggest mistakes a business owner can make is abiding by the “it will never happen to me” rule in regards to disasters. Each year, thousands of natural disasters occur all over the country.

Acts of nature like wildfires or floods can lead to a business closing for long periods of time. The only way to prevent problems when dealing with disastrous situations is by creating a business continuity plan.

Studies show that nearly 82 percent of the businesses in the United States do not have the IT infrastructure in place to deal with a disastrous act of nature or network outage. Instead of leaving the functionality of your business to chance, now is the time to take continuity planning seriously.

The following are some of the things you should consider when creating a business continuity plan.

1. Work on Identifying the Potential Threats You Face

Before you can create a comprehensive business continuity plan, you need to adequately identify the potential threats your business faces. Having a plan for a variety of possible disasters can help you rebound in a hurry following one of these events. Some business owners only make continuity plans to deal with things like natural disasters, but there are many more disastrous situations to consider.

For instance, figuring out what you would do to keep your business functional in the event of an employee strike or cyber-attack is essential. Once you have a list of possible disaster situations, you need to map out all of their outcomes.

If you are unsure about how to map out these outcomes, working with professionals who are experienced in continuity planning is a must. Often times, these professionals will be able to look at these situations objectively and help you figure out how to create adequate plans for each one.

2. Constructing a Recovery Team is a Must

One of the most vital parts of a successful business continuity plan is creating a recovery team. If you want to keep your own staff freed up during a disaster, hiring a third-party to perform this job is easy. Before hiring a company to fill this role, you need to assess the amount of experience they have.

Not only can a third-party act as your recovery team, they can also help you hone and refine your existing continuity plan. Allowing professionals to get a look at this plan can help you out greatly. They will be able to look at your continuity plan objectively and provide you with guidance on how to improve and strengthen it.

3. Know What is At Stake Without a Continuity Plan

Driving home the importance of a continuity plan is easy if you actually assess what you stand to lose without one. Often times, businesses without a comprehensive continuity plan will lose a lot of money in the event of a disaster.

While some of this money can be recouped via a class action lawsuit, a business may still lose lots of customers in the process. You can learn more about disaster-related lawsuits with a bit of online research.

4. Prioritizing is Vital When Creating One of These Plans

When disaster strikes, you will have to limit the number of resources your team uses. When creating a business continuity plan, it is important to figure out what technology or systems you need up and going first. Having this list of priorities in hand in the event of a disaster can help you limit the amount of downtime your team experiences.

Instead of trying to take on this complicated process alone, you need to reach out to disaster recovery professionals. With their help, you can get a plan in place in a hurry.

Continue Reading