5th Meeting of European Commission Expert Group on Cloud Computing
Contracts (9 April 2014)
Liability Discussion Paper
Dr Sam De Silva
Partner, Penningtons Manches LLP, UK
Chair of the Technology Law Reference Group, Law Society of England and
Wales
Please note that this discussion paper has been developed on the basis of English law.
The author is aware that there are differences in the legal positions regarding the
interpretation of liability provisions in various European countries (particularly those
countries where the legal system is not based on English common law).
1.
Liability
1.1.
Introduction
Cloud contracts, like any contract, can go wrong. There are many types of
breaches that could occur in the cloud. For example:

there could be a lack of service availability;

there could be problems with the functionality (bugs in the underlying
software) so that incorrect output data is provided or calculations are
incorrect; or

there may be breaches of security so that the privacy of the customers'
data is compromised or confidential information is disclosed.
When any of these breaches occur, a customer can suffer losses and,
subject to the terms of the contract, can seek to recover compensation for
its losses from the cloud services provider. For contractual damages, the
calculation of the amount recoverable in court is based on the innocent
party being entitled to be put in the same position it would have been in
had the contract been properly performed. The loss that a customer of a
cloud service might suffer can easily become significant.
Given the multi-tenancy aspect of the typical cloud solution, if one
customer suffers a breach of contract (such as a security breach) it is very
likely that many other customers, if not all of the other customers of that
cloud services provider will suffer the same breach. Consequently, a
breach of contract followed by many damages claim(s) could have severe
adverse consequences for the cloud services provider without the
protection of wide-ranging exclusions and limitations, perhaps more so
than in other outsourcing and managed services arrangements.
Whilst a customer may well complain about needing to have the stick of
large damages claims in order to incentivise the cloud services provider to
perform diligently, a cloud services provider may remind the customer that
there are other factors that operate as incentives, in particular the
reputational damage to the cloud services provider if it is seen to breach
the agreement or to not take its obligations seriously. Cloud services
providers often argue that word will quickly spread if there are significant
issues of contractual performance (especially given the possibility of
3089381/1
Page 2
multiple customers being affected) and this will be a big incentive to
perform.
There are, broadly, two approaches a cloud services provider will use to
limit its exposure:

First, it will make its obligations less than absolute by, for example, not
guaranteeing 100% availability, nor giving an absolute assurance that
the software is bug free and/or will work, and so on. Timescales will
seldom be absolute; the cloud services provider normally volunteering
that it will 'use reasonable endeavours' to undertake particular tasks
by a particular time. Security will be 'reasonable' or 'appropriate', and
as such a breach of security will not necessarily be a breach of
contract. In relation to availability, the cloud services provider will
have set out its obligations in a SLA. This type of language is designed
to reduce the likelihood of the cloud services provider actually being in
breach (even when from the viewpoint of the customer, the service is
not fulfilling its needs).

Secondly, and normally in addition to the first approach, the cloud
services provider will seek to include contractual language excluding
certain legal rights that would normally arise for the benefit of the
innocent party, that is, excluding certain losses or limiting liability for
losses. A standard liability provision will include two parts:
o
an absolute exclusion of certain types of losses (often called
indirect or consequential): and
o
a cap on the liability of other (direct) losses which then remain
recoverable up to that cap.
Great care is always needed on the part of the customer as it is not
uncommon for a cloud services provider to attempt to include within a
list of losses, which have the appearance of 'indirect' losses, certain
categories which might ordinarily under general legal principles be
deemed 'direct'. It is not unknown for the 'cap' provision to have
nothing really left to apply to as all conceivable losses have in fact
already been excluded by what is called the 'consequential loss'
provision.
1.2.
Interpretation of liability clauses
English courts adopt a number of approaches to the interpretation of
liability clauses, including:
3089381/1

giving words their "natural and ordinary meaning" based on what a
reasonable person in the position of the contracting party would think
the words mean reading the clause in the context of the rest of the
agreement;

reading the clause against the meaning asserted by a party for whose
benefit the clause applies (but only where the wording is ambiguous or
otherwise unclear); and

assuming that the clause is not intended to cover negligence (unless
negligence is expressly referred to).
Page 3
These approaches are used because they are seen to give effect to the
intentions of the parties and allow the court to arrive at a commercially
sensible result. However in practice, the English courts approach to
interpreting clauses combined with the ambiguity and imprecision that
may result from poor drafting, give the courts a substantial scope to reach
a result which, ironically, may not represent the intentions of either party
but which the court believes is "reasonable" in the context.
1.3.
Unlimited liability
The term "unlimited liability" is a slightly misleading term and sometimes
prevents a constructive and informed debate on the issue of liability. In
practice, the amount that an injured party can recover is limited to what
the court awards - damages (and there are complex and well developed
rules for courts arriving at those amounts), or in accordance with the
terms of the relevant contractual provision (e.g. an indemnity). In addition
to damages under contract or under an indemnity, damages may also
arise out of a tort (such as negligence) or under a statute.
However, the term unlimited liability does imply that there is no
contractual limit on a party's liability. In these circumstances the party
whose liability is not contractually limited faces an exposure that is
theoretically unlimited, difficult to quantify, manage and generally
impossible to fully insure against. This is the reason why most cloud
services providers seek to limit its liability.
Subject to certain exceptions discussed below, the extent to which parties
limit or exclude liability using limitations or exclusions of liability clauses in
a contract is a commercial matter for the parties to determine, based on
how they wish to allocate risk under that contract.
1.4.
Liability under contract
Under contract law, a contracting party is entitled to damages for
reasonably foreseeable losses that were caused by the other party's
breach of the contract. Damages are the money that a court decides is to
be paid by one person to another person as compensation for loss or
damage sustained by that other person in consequence of the actions or
omissions of the first person (Chitty and Beale, 2011). The object of an
award of damages is to place the wronged party in the position they would
have been in had the contract been performed (Gates v. City Mutual Life
Assurance Society Ltd (1986)).
Generally, there are two types of losses arising from a breach of contract:
direct losses and indirect losses.
Direct losses are:

losses which arise naturally from the breach; or

losses that arise that would reasonably have been considered to be in
the contemplation of the parties as a probable result of the breach.
In summary, if losses do not arise "naturally", or where not reasonably
contemplated by the parties at the time the contract was made as a
probable result of the breach, then they are not recoverable. These latter
3089381/1
Page 4
losses are generally categorised as indirect or consequential losses (see
below).
1.5.
Exclusions of liability - indirect or consequential loss
Cloud services providers will usually argue that an exclusion of
consequential or indirect loss is needed because the amount of such losses
is related to the nature of the business, the manner in which the customer
runs its business and the profitability of the business. The cloud services
provider's justification for excluding consequential or indirect loss is on the
basis that it has no control over these matters. Cloud services providers
usually also wish to be certain of their total liability exposure under a
contract, by excluding consequential loss and indirect loss and capping
other losses.
Unfortunately the meaning of "indirect" or "consequential" loss is not
entirely clear under English law. There have been a number of English
cases where the scope and meaning of these words have been considered.
Generally, the English cases appear to equate "indirect" loss to
"consequential" loss. What is clear is that the English courts have
construed what is "consequential" in a legal context very narrowly and, as
a result, such a exclusion tends to exclude very little. Certainly such a
exclusion provides the cloud services provider very little protection. It is
important to understand that claims for loss of profit, while commonly
thought to fall within the category of indirect or consequential loss is often
regarded as a loss which is a direct and natural consequence of the
breach. The cases of Hotel Services Limited v. Hilton International Hotels
(UK) Limited (2000) and Deepak Fertilisers v. Davy McKee (1998) are
examples of this position.
The Court of Appeal decision in GB Gas Holdings Limited v. Accenture (UK)
Limited and others (2010) confirmed that whether a loss is a direct loss or
an indirect/consequential loss is context-specific - what might be a direct
loss in one scenario may be indirect/consequential loss in another.
In addition, as there are differences in the legal positions regarding the
interpretation of liability provisions in various countries, care should be
taken in selecting which law will govern the agreement. For example, if
State of New York law is to be the governing law, the parties should
consider the meaning of the words "indirect" and "consequential" under
New York law (as those terms have specific meaning under New York law).
1.6.
Approach to direct losses adopted by cloud computing contracts
It appears that all US based cloud services providers surveyed in the study
as part of the Cloud Legal Project at the Centre for Commercial Law
Studies (CCLS), within the School of Law at Queen Mary, University of
London (the "CCLS Study") seek to limit liability for direct loss as far as
possible, be it in very general terms or phrased as relating to the
consequences of inability to access data (Bradshaw, Millard and Walden,
2011). In this context "direct liability" is taken to mean liability for losses
to the customer relating to the loss or compromise of data hosted on the
cloud service.
Cloud services providers based in Europe tend to be less overt about
seeking to exclude direct liability. This presumably is on the basis that in
most European legal systems it is difficult to do so. Such exclusions as
3089381/1
Page 5
there are tend to be based on, for instance, force majeure (Bradshaw,
Millard and Walden, 2011).
1.7.
Approach to indirect/consequential
computing contracts
losses
adopted
by
cloud
Exclusions against indirect liability, such as for indirect, consequential or
economic losses arising from a breach by the cloud services provider,
appear to be even more common. This is no doubt due to the potentially
very large scope of such damages. It may prove difficult to quantify the
loss, if any, resulting from the deletion of customer data by a cloud
services provider. As such, with the exception of one cloud services
provider which did not make a specific reference to such indirect or
consequential losses, every single provider surveyed in the CCLS Study
specifically excluded such losses (Bradshaw, Millard and Walden, 2011).
1.8.
Practical application
The issue relating to liability for availability, data loss or other technical
issues causing loss of service is not academic. Cloud architecture should
be robust. However, it is not possible to guarantee that the service will be
immune to outages. During outages customers will be unable to access
information and data stored with the products.
Every service (whether run in a cloud or in-house) is susceptible to
outages or technical difficulties. However, limitations on both the power to
control the technical solution and the ability to obtain remedies against the
cloud services provider may cause some customers to reconsider using
cloud services or restrict the parts of its business for which it uses them.
It is extremely unlikely that any cloud services provider will be prepared to
guarantee compensation for all business disruption that it causes
customers. However, the limitations of liability those cloud services
providers currently offer are unlikely to provide a financial incentive for the
cloud services providers to invest in highly resilient infrastructure. This
may be a particular concern given the lack of contractual assurances from
many cloud services providers concerning the cloud architecture. In the
current environment, while cloud computing establishes itself, the best
assurance for a customer is to deal with a cloud services provider with a:
1.9.
•
good track record;
•
commitment to remain in the cloud computing market; and
•
reputation to protect.
Limitations of liability
Any losses that are not excluded completely will inevitably be subject to
contractual language under which the cloud services provider attempts to
limit liability. There are many ways of structuring this but they all have
one overriding objective – to put an absolute cap on the liability which the
cloud services provider may have for breaching the contract. If the
customer suffers losses above that cap, the customer can only recover the
amount of the cap (to the extent it can prove under normal contract law
principles the amount and the link between the loss and the breach).
3089381/1
Page 6
A "rule of thumb" has emerged that providers of IT services, hardware or
software, will cap any liability that is accepted at the value of the contract.
The rationale (rightly or wrongly) is that it should not accept any risk over
the benefit to it of the particular contract (i.e. the value or price paid).
What the 'value' is for this purpose can be drafted in a number of ways.
The total liability over the life of the contract could be limited to the total
amount paid over the full term. Alternatively, liability caps can operate on
an annual basis so that in any year it can be limited to the amount paid in
that year.
1.10. Chains of liability
A cloud services provider that acquires components of its offering from
another provider will not want to accept liability caused by that provider.
For example, a SaaS provider, which has built its offering upon the
platform or infrastructure of a large supplier such as Google or Amazon,
will not want to accept liability for problems that are ultimately caused by
its supplier. It is unlikely to have the same negotiating power with such
giants as its customer may have with it. The cloud services provider
therefore needs to strike a balance between the liability it can accept to
customers for failure and the rights it has against its suppliers. This issue
can be dealt with by the cloud services provider in a number of ways.
2.

First, the liability under the contract can be capped at a very low limit
perhaps reflecting the value of the contract to it. If the cloud services
provider can then negotiate a 'value' cap with its suppliers, there
should be approximate correlation.

Secondly, the issue might be dealt with by an express exclusion of
liability stating that the cloud services provider accepts no liability for
losses caused by its suppliers. Such an approach could be included in a
'force majeure' clause.
Statutory and judicial control on liability exclusions
In the UK, contractual clauses that seek to exclude or restrict liability are subject
to statutory control. There are two principal laws: the Unfair Contract Terms Act
1977 ("UCTA"), which applies to both business contracts and also consumer
contracts, and the Unfair Terms in Consumer Contracts Regulations 1999 (the
"Regulations")1, which apply to consumer contracts only. A cloud services
provider preparing standard terms of business will need to be aware of these
statutes and take them into account in its drafting.
2.1.
Unfair Contract Terms Act 1977
Under UCTA, clauses that limit or exclude liability for negligence or for
contractual liability (where, in the latter case, the limitation or exclusion is
contained in the cloud services provider's standard terms of business) are
only enforceable if they meet the "requirement of reasonableness". This
involves looking at all the circumstances that were or ought to have been
known at the date of the contract, and at factors such as bargaining
strength, inducements and alternatives available to the customer. Where a
person seeks to restrict his liability to a specified amount, an English Court
will consider "the resources which he could expect to be available to him
1
The Regulations
(93/13/EEC).
3089381/1
implement
the
Unfair
Consumer
Contract
Terms
Directive
Page 7
for the purpose of meeting the liability … and how far it was open to him
to cover himself by insurance". This is not the same as what insurance
either party actually had in place.
The application of the UCTA is such that an exclusion clause may be
rendered completely ineffective if it does not satisfy the "requirement of
reasonableness". The English courts will not re-write the clause by
increasing the limitation to an amount they regard as being reasonable.
Guidelines for the application of the reasonableness test are included in
the Schedule 2 of the UCTA. The burden of proving that a term is
reasonable falls upon the party seeking to rely on the clause.
UCTA applies to all consumer contracts and to business contracts made on
the service provider' standard terms (and where contracts purport to
exclude or limit liability for negligence). However, it has to be said that the
Judges seem very relaxed about overcoming this hurdle and it is
extremely hard to argue that UCTA (or some equivalent common law test)
does not apply. Cloud services providers should therefore consider the
UCTA even in situations where the cloud computing contract has been
heavily negotiated. While standard terms are common in the IT industry,
increasingly customers demand changes and the first step is to see when
an amended contract is no longer "standard". The English courts have
taken a wide view as to what is standard. Previous cases have established
that:

lengthy negotiation of a standard contract resulting in additional terms
(St Albans v ICL) ; and

adding exclusions from another agreement to a service provider's
standard form and using some of the customer's own preferred terms
(South West Water v ICL),
does not necessarily stop a contract being "standard."
This trend was reinforced in Pegler v Wang. Here, the service provider was
treated as having dealt on its standard terms, despite agreeing changes
(including to its standard exclusions). The changes were still considered
too minor to prevent the overall terms being standard. The judge
suggested that to fall outside UCTA changes to standard exclusions needed
to be "material". Therefore, it is safest to assume that UCTA will apply in
respect of most cloud computing contracts.
The position in relation to "international supply contracts" should be noted.
Currently UCTA does not apply to cross border contracts for the sale or
supply of goods or services.
Under English law it is also not possible to exclude or restrict liability for
death or personal injury resulting from negligence. With regard to other
claims, a person cannot exclude or restrict their liability for negligence
except insofar as the term or notice satisfies the requirement of
reasonableness.
2.2.
Unfair Terms in Consumer Contracts Regulations 1999
The Regulations complement UCTA. They only apply to terms in contracts
between a seller or supplier and a consumer (and not business-to-business
contracts). A term is regarded as 'unfair' if it has not been individually
3089381/1
Page 8
negotiated and causes a significant imbalance in the positions of the
parties to the detriment of the consumer in a way that is contrary to the
requirements of good faith. The Regulations contain an 'indicative and
non-exhaustive list' of terms regarded as unfair, a number of which may
be particularly relevant to cloud services providers. Any clause authorising
the supplier to terminate the contract at will where the same ability is not
granted to the consumer and any clause allowing the supplier of services
to increase the price without giving the consumer the corresponding right
to cancel the contract will both be unfair.
Any clause which inappropriately excludes or limits the legal rights of the
consumer in the event of inadequate performance by the supplier of any of
the contractual obligations is unfair. Any attempt at excluding liability in
entirety for lack of service availability will be within the prohibition. Of
course, the key issue is that the attempt at exclusion needs to be
'inappropriate' and it is not necessarily unfair to do so certainly when the
service is made available to a consumer for free.
3.
Liability under contracts with consumers
As mentioned above any contractual limitation or exclusion of liability can only be
relied on if it can be successfully assessed against the 'reasonableness' test of
UCTA and the 'fairness' test under the Regulations. The fact that a service may be
free of charge will assist in ensuring that any such assessment is in the provider's
favour, but it will not be determinative. Indeed, an exclusion of all liability for
failure to provide services may well survive scrutiny when the service is free.
Liability for data in consumer contracts is a little bit more complex. A distinction
needs to be made between liability for breach of security of data (that is, when
the data gets into the wrong hands) and liability for loss of data (that is, when
the data is simply deleted). In the respect of the former, a cloud services
provider is unlikely to be able to hide behind exclusions in relation to questions of
data breach as there are statutory obligations under the Data Protection Act
which cannot be overridden by contractual language. However, that is not the
case in relation to loss of data and an attempt to exclude liability for failing to
keep the data (certainly in a free service) may well be reasonable and fair.
Consumers will therefore need to ensure that they have an alternative repository
of any valuable data they have stored in a cloud service.
In summary, liability for availability can probably be avoided, as can liability for
loss of data, with carefully drafted contractual terms. However, a cloud services
provider will always be potentially liable for breach of security as a result of data
protection law.
4.
Attacks on supplier's standard terms
Given the prevalence of fairly aggressive limitation of liability provisions, often in
small print in suppliers' terms, it is not surprising that these provisions feature in
many reported court decisions relating to disputes following various IT supply
agreements that have somehow gone wrong. The issue typically arises when a
customer sues the provider for breach of contract (the system did not work) and
the provider (as well as denying liability) then tries to rely on its contractual
documentation to limit its exposure. The pendulum has swung back and forth
over the last 15 years or so between judicial intervention, readily finding that
supplier liability provisions were unreasonable in order to protect the 'small'
customer, and a more permissive attitude recognising that the parties themselves
3089381/1
Page 9
are the best placed people to decide what is reasonable or not. At present the
pendulum is in favour of the supplier, perhaps permanently so.
In this section I summarize some of the notable cases in the IT field. In the first
few cases, clauses were repeatedly struck down.
In Salvage Association v CAP Financial Services (1995), the contract was valued
at £300,000 but contained a clause limiting CAP's liability to £25,000. The parties
were of equal bargaining power and had taken legal advice. However, it was
found that the clause was nonetheless unreasonable and therefore invalid. As a
result, CAP's liability was unlimited. The court was swayed by a number of
factors including that CAP had no evidence to justify the £25,000 limit in relation
to the value of the contract or the financial risk taken by Salvage Association.
CAP also had insurance which Salvage Association could not easily obtain.
In St Albans City and District Council v International Computers (1996), the
contract contained a clause limiting ICL's liability to the lesser of the price or
charge payable or £100,000. This clause was held to be unreasonable. Again,
one of the factors taken into account importantly was that ICL could not justify
the cap of £100,000 as well as the insurance position (a public sector body would
find it hard to insure against commercial risks).
In Pegler Ltd v Wang (UK) Ltd (2000), the court found it was unreasonable to rely
on fairly standard exclusion of loss of profit liability when the supplier 'had so
misrepresented what they were selling that breaches of contract were not
unlikely'.
In Horace Holman Group v Sherwood International Group Ltd (2002), a standard
'price paid' liability cap was struck down as being unreasonable.
All the cases mentioned above were very much in favour of the customer; clause
after clause was struck down on the basis of an assessment by the courts that
the terms were unreasonable.
However, the tide turned in favour of the providers in 2001 with Watford
Electronics v Sanderson. The contract excluded liability for consequential loss
and contained a 'price paid' limitation for other losses. The Court of Appeal
upheld the clauses, stating that when parties of an equal bargaining power
negotiate a contract so that the risk falls on one particular party, the courts
should be 'cautious' about saying that a term is not reasonable. This was such an
important turning point in the application of UCTA to business cases and a
marked departure from the earlier judicial interventionism that it is worth quoting
one of the more important passages in the judgement:
"Where experienced businessmen representing substantial companies of
equal bargaining power negotiate an agreement, they may be taken to
have had regard to the matters known to them. They should, in my view
be taken to be the best judge of the commercial fairness of the agreement
which they have made; including the fairness of each of the terms in that
agreement. They should be taken to be the best judge on the question
whether the terms of the agreement are reasonable. The court should not
assume that either is likely to commit his company to an agreement which
he thinks is unfair, or which he thinks includes unreasonable terms.
Unless satisfied that one party has, in effect, taken unfair advantage of the
other - or that a term is so unreasonable that it cannot properly have been
understood or considered - the court should not interfere."
3089381/1
Page 10
As a result of this decision, cloud services providers have become more confident
that their clauses would survive scrutiny.
4.1.
The danger of overselling
The case of BSkyB Ltd v HP Enterprise Services UK Ltd (formerly Electronic
Data Systems Ltd) (2010), has introduced another possible element of
attack. If a supplier deliberately oversells its product when it knows it will
not do what the customer wants, it will be hard for it to rely on protective
contractual language. BSkyB engaged Electronic Data Systems Ltd (EDS)
to build a customer relationship management system. The contract had a
value of £47.6 million and contained a limitation of liability clause which
capped EDS' liability at £30 million. EDS never delivered and BSkyB
ended up building the system itself and sued EDS for £706 million of
losses. The customer (BSkyB), who suffered substantial losses, could not
attack the limitation language on the basis of UCTA as the contract was
not on the standard terms of the supplier. It successfully brought a claim
for 'fraudulent misrepresentation' as one of its managing directors had
made statements to BSkyB which he knew were false or at the very least
was reckless as to whether they were true or not. These statements
included confirming that EDS had fully scoped the work and that the
timescales were realistic even though it had not carried out any supporting
analysis. The £30 million cap on liability was of no assistance to EDS as it
expressly did not apply in the event of fraud. Once liability was
determined, the parties agreed a figure for damages of £318 million in
June 2010.
It is a useful reminder to suppliers not to over-promise in the tender
process or as part of the selling process, as such promises can lead to
liability even if they are not then confirmed in a written contract.
5.
Liability of a cloud services provider for hosting user generated content
Many cloud services (especially those – but not exclusively – targeted to
consumers) involve the cloud services provider hosting on the internet content
created or uploaded by the user. In doing so, a cloud services provider risks
liability for the actions of its users. In an attempt to shield themselves from
liability, cloud services providers will generally have terms (sometimes in a
separate document called an Acceptable Use Policy or 'AUP') which sets out what
customers can do with the service. Nevertheless, such cloud services providers
remain a more attractive target for a potential claimant than the user who may
not have the same level of financial resources and may be more difficult to trace.
This section of the paper examines the extent of this potential liability and how it
can in practice be avoided.
There are a number of potential liability risks that a cloud services provider leaves
itself open to as a result of content put up by its users. In many cases, European
cloud services providers will have a general defence under the Ecommerce
Directive.
5.1.
Defence under the Ecommerce Directive
The Electronic Commerce (EC Directive) Regulations 2002 (the
"Ecommerce Regulations") implement the Ecommerce Directive
(2000/31/EC) in the UK. Regulation 19 of the Ecommerce Regulations
provides a 'hosting' defence available to providers of 'information society
3089381/1
Page 11
services', which is likely to include the type of cloud service being
considered by the Expert Group.
Regulation 19 states that where a service consists of the storage of
information provided by a user (that is, uploaded content), the services
provider will not be liable where the services provider does not have actual
knowledge of unlawful activity or information and is not aware of facts or
circumstances from which it would have been apparent to the service
provider that the activity or information was unlawful. Where the provider
discovers the unlawful activity or information (perhaps as a result of a
rights holder informing it), the services provider avoids liability if it acts
expeditiously to remove or disable access to the information (a so-called,
'notice and takedown' process).
5.2.
Copyright infringement
If content is uploaded into a cloud service, the copyright of which is not
owned by the user, the cloud services provider will also potentially be
infringing copyright.
To date, the most well-known examples of this type of liability have arisen
in the US. Viacom unsuccessfully sued YouTube and its owner Google in
the US courts. In March 2007 it claimed compensation of US$1 billion for
infringement of copyright in videos posted on the YouTube site. Viacom
had argued that Google did not qualify for immunity under the Digital
Millennium Copyright Act 1998, which provides a hosting defence similar in
intention to that in the Ecommerce Directive, because internal records
showed that Google was well aware that its video-hosting site was riddled
with infringing material posted by its users. In essence, Viacom argued
that general awareness of infringing acts were enough. Google contended
that it needed specific notice of each infringement and that it had indeed
complied with thousands of takedown notices from Viacom. Google
prevailed in a judgement given in June 2010. The decision was overturned
on appeal and was then subsequently appealed by Google. However, the
parties settled in 2013.
In the UK, a service provider may well be able to rely on the hosting
defence of the Ecommerce Regulations.
5.3.
Trademark infringement
There are two main ways in which online service providers can be liable for
trade mark infringement: when a user puts a third party trade mark into
the service as an advertising 'key word' and when a user attempts to sell
infringing goods. Two recent cases (albeit not involving services that can
properly be called cloud) show that it will be hard for the service provider
to be held liable.
In Google France v Louis Vuitton, a number of trade mark owners,
including Louis Vuitton, sued Google France for trade mark infringement
on the basis of the use of their trade marks as sponsored key words. The
European Court of Justice (ECJ) held that Google could not be liable for
trade mark infringement because the provision of its AdWords tool did not
amount to use of a third-party mark in the course of trade for various
technical reasons which are outside the scope of this discussion paper.
However, it also found that the hosting defence of the Ecommerce
Directive only applies where the service provider's role was 'neutral, in the
3089381/1
Page 12
sense that its conduct is merely technical, automatic and passive, pointing
to a lack of knowledge or control' of the key word data that it stored from
the advertiser. Once the provider becomes aware of the infringing nature
of the stored data or the advertiser's activities it must act expeditiously to
remove or disable access to the data in order to avoid liability.
In L'Oreal SA v eBay, the English High Court held that eBay was not jointly
liable with individual sellers for the sale of infringing or counterfeit
products on its auction site. It held that eBay was under no legal duty or
obligation to prevent infringement of third parties' registered trade marks.
It stated that eBay did facilitate the infringement of third-party trade
marks by its sellers; it knew that such infringements had occurred and
were likely to continue to occur; and it profited from such infringements.
However, these factors were not enough to make eBay jointly liable.
5.4.
Defamation
Anyone who participates in the publication of defamatory material is
treated as having caused its publication. A cloud services provider hosting
user content is potentially liable for anything defamatory that the user
posts. However under the new Defamation Act 2013, protection to
operators of websites hosting user-generated content (such as cloud
services providers) is given provided they comply with a procedure to
enable the complainant to resolve any dispute directly with the author of
the material concerned.
5.5.
Other illegal content
There are a whole range of other unlawful acts which a cloud services
provider might unwittingly be implicated in as a result of content posted
by a user. For example, it is a criminal offence to publish, disseminate or
display written material where it is intended or likely to stir up racial or
religious hatred. A cloud services provider can avoid conviction if (as
would be likely when it is merely hosting) it can show that it was not
aware of the content of the material and did not suspect, and had no
reason to suspect, that it was unlawful. Cloud services providers can also
rely on the 'mere hosting' defence under the Ecommerce Regulations to
avoid liability.
Cloud servicers providers also face a risk that users will upload
inappropriate or illegal content that includes obscene or classified content
and child pornography. Such content is governed by a number of key
criminal law statutes (for example, in the UK, the Obscene Publications Act
1959, the Protection of Children Act 1978 and the Criminal Justice Act
1988). Content may also be inappropriate for minors. The use of age
verification software to separate adult content from other content could
reduce the risk that material is considered obscene, as the target audience
is restricted. Primary defences of innocent publication are available in
some circumstances. However, where these might not be available, cloud
services providers may, again, be able to rely on the 'mere hosting'
defence.
Some statutes have special provisions dealing with internet activities (and
defences). Regulation 7 of the Electronic Commerce Directive (Terrorism
Act 2006) Regulations 2007, for example, mirrors the 'mere hosting'
defence of the Ecommerce Regulations. It provides a defence for service
providers to certain terrorism offences in respect of a service that consists
3089381/1
Page 13
of the storage of information provided by a user if (broadly) the cloud
services provider did not know when the information was provided that it
was terrorism-related, or upon obtaining actual knowledge that it was, the
service provider expeditiously removed the information or disabled access
to it.
5.6.
Summary on user generated content hosting
Any cloud services provider hosting user content will always run the risk of
unwittingly committing some unlawful act as a result of the user's actions.
Clearly, AUPs, warranties and indemnities can, in theory provide protection
to a cloud services provider. However, in practice such protection is often
worthless. It will not normally be possible to identify the real person
behind the user account (certainly for free services where credit card
details are not obtained), and in any case private individuals will often not
be worth pursuing through courts.
6.
Cloud services provider liability for data
One of the most difficult issues to address in a cloud contract is the issue of the
cloud services provider's liability for data. Data could be lost (in the sense of
being deleted or irretrievably corrupted) or the security of data could be breached
(in the sense of it being inappropriately disclosed to or accessed by third parties).
Both issues are frequently dealt with together in the contract. A cloud services
provider will often in its starting standard terms present carefully crafted
language allowing it to avoid any or most liability for data. This may be
acceptable to the customer if the data is not critical, if it is backed-up and if there
is little risk of liability to third parties (such as under data protection legislation).
On the other hand, such a stance may be unpalatable to a customer for the
following reasons:

First, the purpose of the cloud service might well be as an alternative (and
perhaps only) storage solution.

Secondly, the customer might find itself with a very large bill for rectifying a
problem which was not of its own making.
To explore further this issue it useful to briefly summarise some of the possible
consequences of a hypothetical data breach and to discuss what types of loss the
customer might suffer (and therefore seek to pass onto the cloud services
provider).
6.1.
Notification costs
The customer may want to notify individuals who are the subject of the
data that the security of data has been breached. There is not (at present)
a general obligation under UK data protection law to do so, but
nonetheless there might be a desire to do so and indeed in some
circumstance the Information Commissioner would recommend that it is
done as best practice. I understand that the US experience, under their
comprehensive notification laws, shows that this can be very costly, as
notices must be prepared in accordance with legal requirements, which
differ between states.
6.2.
3089381/1
Assistance to individuals
Page 14
Companies that suffer a breach will be faced with concerned customers.
Help desks might need to be set up in order to deal with enquiries and
reassure customers. There is a burgeoning industry of security experts
who will assist. The cost of this might be significant.
6.3.
Compensation to individuals
There might be financial damage suffered by individuals (for example, as
result of identity theft, fraud on their bank accounts and so on). These
individuals will seek redress against the customer (not the cloud services
provider with whom they have no contract and may not even have
knowledge of).
6.4.
Damage to goodwill
There might be damage to reputation following a catastrophic breach
resulting in loss business/reputation. This type of claim is notoriously
difficult hard to prove in court.
6.5.
Data might be lost or corrupted
If data is 'only' lost or corrupted, and not compromised, some of the costs
mentioned above would not arise. However, there might be two types of
claim here: first, the cost of reconstituting the data and, secondly, the
financial consequences of not being able to use the data or of relying on
wrong data.
A starting point for many cloud services providers is to exclude liability for
loss which is of a purely financial type (such as damage to goodwill,
inability to use the data, lost profits, and so on). It is difficult for a
customer to persuade a cloud services provider to move from its usual
stance in relation to these types of losses. Where there might be
movement, however, is in relation to 'direct' types of losses such as the
cost of reconstituting the data (where it is the provider's breach of
contract which caused a loss or corruption) or the cost of notifying
individuals and setting up help desks. It might also be possible to have the
provider take the financial consequences of claims brought by individuals
against the customer (and this is normally covered by an indemnity
against the claim).
Whatever is in principle recoverable, it will still likely be subject to a
contractual cap on liability.
7.
Service Credits
Service credits are an attempt to incentivise the cloud services provider and
compensate the customer in a pre-agreed manner for levels of performance
which are not perfect but not disastrous either. Service credits are by no means
appropriate for all degrees of failure. Where service credits apply they will
generally be in full and final settlement of all claims related to performance falling
within the scope of the service credit regime. In other words no other remedies
will be applicable whether by way of damages or termination.
The customer needs to decide whether it favours a service credit regime and, if
so, how extensive it should ideally be. Service credit regimes have the advantage
to both the customer and cloud services provider of certainty and of keeping risk
to identifiable and manageable levels. Pre-agreed service credits also avoid
3089381/1
Page 15
disputes about applicable compensation occurring on an ongoing basis. Service
credits are also useful where it is particularly difficult to quantify the loss which
has been suffered as a result of specific breaches.
Service credits may be characterised in two ways:

a form of liquidated damages; or

a contractual mechanism that sets out the different charges payable by the
customer for different levels of service.
If the service credits are properly characterised as a contractual mechanism,
there are no constraints on the level of the service credits that can be agreed; it
is a matter for negotiation between the customer and the cloud services provider.
7.1.
Service credits as liquidated damages
If service credits are characterised as liquidated damages, n order to be
enforceable, service credits must be a genuine pre-estimate of loss. They
must also not be unduly "oppressive". If they are a penalty they will be
unenforceable in their entirety. The case, McAlpine v Tilebox (2005) EWHC
281 (TCC) suggests that a court will be slow to interfere with a liquidated
damages clause negotiated at arms length between commercial parties. In
that case even though the liquidated damages amount was quite
significant (£45,000 per week), it was still not held to be a penalty. In
practice, the circumstance in which a customer could negotiate a regime
which amounts to a penalty is likely to be quite rare. The English courts
have certainly begun to incorporate this requirement for a liquidated
damages clause to amount to "oppression" before it would be
unenforceable in a contract negotiated between commercial entities.
Nevertheless, from a practical perspective, when negotiating the amount
of service credits it is prudent for the customer to retain evidence
indicating how the predetermined sum was calculated and any evidence
demonstrating how that sum was negotiated. This is particularly important
if it is difficult to calculate likely losses with precision. However this
approach is difficult to implement in practice for cloud computing
arrangements.
7.2.
Service credits as a contractual mechanism for adjusting prices for
varying levels of performance
Customers should be made aware that if service credits are not expressed
as liquidated damages in the cloud computing contract, there is the
argument that the cloud services provider will not be in breach of contract
if it fails to achieve the service levels. The rationale for this is if service
credit regimes are not expressed as liquidated damages, they are seen as
a contractual mechanism for adjusting prices for varying levels of
performance.
In contractual terms, failure to meet a service level is not in itself a breach
because the parties have agreed that a lower price applies for that lower
level of service. If the cloud services provider refused or failed to pay
service credits associated with a failure to meet service levels, then that
would be a breach (with damages being the value of the applicable service
credits plus any interest for late payment).
3089381/1
Page 16
This poses issues in practice when a cloud services provider is
commercially better off incurring small monthly service credits rather than
pay to fix whatever issue is preventing them meeting the service level.
Therefore, customers should usually seek to include provisions in contracts
to the effect that the supplier shall:

put all reasonable endeavours into meeting a service level within a
specified number of months of any failure to meet that service level;

provide a rectification plan for agreement by the customer whenever it
fails to meet a service level; and

failure to comply with these provisions would then be a breach.
Service credits are usually capped at a certain point beyond which the
injured party has to claim ordinary damages. This protects the cloud
services provider but also the customer (as service credits rarely provide
sufficient recompense for major outages or significant service-level
failures, the cap allows the customer to claim higher damages beyond that
point). Customers should usually ask for termination thresholds associated
with service levels when:

Performance drops below a certain defined point in any measurement
period.

A certain value of service credits have become payable in any year (or
other chosen period).

A service level is not met for a certain number of consecutive
measurement periods, for example, six.
All of these measures fit into the rationale for SLAs, which is certainty for
both sides and pre-determination of remedies, cutting down some of the
scope for future dispute.
It is also worth bearing in mind that a failure to meet a service level is
caused by some failure in the services which is often a breach of some
specific provision within the requirements, service description or technical
documentation. There will, however, normally be a clause limiting recovery
of damages where service credits are applicable in order to protect the
cloud services provider against double-recovery.
If the service credits are categorised as contractual remedies, the
provisions may fall within the UCTA. If the cloud computing contract is
entered into on the CSP's standard terms, any limitation of customers to
service credits as an exclusive remedy must be reasonable.
7.3.
Service credits as a sole and exclusive remedy
From the customer's perspective the exclusive remedy nature of service
credits may be a problem particularly if they are not sufficiently sensitive
to reflect poor performance or if they cover too broad a scope of poor
performance such that the customer is not left with a meaningful remedy
or threat to secure improvements. Service credit regimes can lead to cloud
services providers wrongly concentrating on simply avoiding incurring
credits to the detriment of the service overall. Conversely, if service
3089381/1
Page 17
credits are too sensitive in their operation the cloud services provider will
be overly punished for relatively minor breaches and will be left with an
unprofitable contract and with significant disincentives to perform well.
7.4.
Calculation of service credits
The service credits may be a lump sum, a percentage of the monthly
charge, or the product of a more complex formula. Whatever the
calculation, the amount of service credits involves implicit or explicit
weighting based upon the importance of a particular function or service to
the customer's business. The more significant the failure, the more it will
cost. Repeated or multiple failures may cost even more (for example, if
the same failure recurs, or more than one critical service level is missed in
a single month).
Of course a customer could decide not to go for a service credit regime at
all. This means that the cloud services provider is immediately at risk of
damages at large (according to common law principles) subject to any
applicable exclusions/limitations upon liability contained within the cloud
computing contract. This can represent quite a significant incentive as
against a service credit regime which is not sufficiently sensitive (i.e. the
formula does not adequately compensate the customer/incentivise the
cloud services provider). However, it does mean that for levels of
performance which are poor but not disastrous there is effectively no
remedy short of the "nuclear" option of going to court and claiming
damages. Since court action is very much a last resort it probably means
most cloud services providers get away without paying compensation in
such circumstances unless performance deteriorates to such low levels as
to be completely intolerable.
References
Chitty, J., & Beale, H. G. (2011). Chitty on contracts. London: Sweet & Maxwell.
Bradshaw, S., Millard, C., & Walden, I. Contracts for Clouds: Comparison
and Analysis of the Terms and Conditions of Cloud Computing Services, 19(3) INT'L
J.L. & INFO. TECH. 187 (2011).
3089381/1
Page 18
EXAMPLES OF LIABILITY CLAUSES IN CLOUD CONTRACTS
Oracle
“23.1 […] Oracle is not liable for, bound by, or responsible for any problems with the
Services arising due to, any acts of any such business partner or third party, unless
the business partner or third party is providing Services as an Oracle subcontractor
on an engagement ordered under this Agreement and, if so, then only to the same
extent as Oracle would be responsible for Oracle resources under this Agreement.”
(Oracle SaaS-Online Cloud Services Agreement - UK Version, effective from 1
December 2012)
Available at: http://www.oracle.com/us/corporate/contracts/saas-csa-uk-2069269.pdf
Tuenti
Furthermore, under no circumstances will TUENTI be responsible for:

Problems of access, availability, and continuity of the Service and/or the
mobile applications that permit access from a mobile device and/or the various features
it includes when those problems are caused by external factors outside our control and
activity. Examples include, but are not limited to, problems with your computer or
device, available bandwidth, speed of your Internet connection, geographical location,
etc.

Damage or harm of any type that you may encounter due to the interruption,
termination, or malfunction of the Service based on causes not attributable to TUENTI.

The presence of a virus or other element that may cause alterations in your
computer system and/or mobile device.

Loss and/or damages that you might experience as a result of unauthorized
third parties accessing and/or using your account as a user of the Service. To that end,
remember that you are solely responsible for controlling your passwords and for any
damage and/or harm that may be caused to TUENTI and/or third parties due to the
unauthorized use of said passwords
Dropbox
Limitation of Liability
TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL
DROPBOX, ITS AFFILIATES, SUPPLIERS OR DISTRIBUTORS BE LIABLE FOR
(A) ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY OR
CONSEQUENTIAL DAMAGES OR ANY LOSS OF USE, DATA, BUSINESS, OR
PROFITS, REGARDLESS OF LEGAL THEORY, WHETHER OR NOT DROPBOX
HAS BEEN WARNED OF THE POSSIBILITY OF SUCH DAMAGES, AND EVEN IF
A REMEDY FAILS OF ITS ESSENTIAL PURPOSE; (B) AGGREGATE LIABILITY
3089381/1
Page 19
FOR ALL CLAIMS RELATING TO THE SERVICES MORE THAN THE GREATER
OF $20 OR THE AMOUNTS PAID BY YOU TO DROPBOX FOR THE PAST 12
MONTHS OF THE SERVICES IN QUESTION. Some states don't allow the types of
limitations in this paragraph, so they may not apply to you.
Google
Liability for our Services
WHEN PERMITTED BY LAW, GOOGLE AND GOOGLE’S SUPPLIERS AND
DISTRIBUTORS WILL NOT BE RESPONSIBLE FOR LOST PROFITS, REVENUES
OR DATA, FINANCIAL LOSSES OR INDIRECT, SPECIAL, CONSEQUENTIAL,
EXEMPLARY OR PUNITIVE DAMAGES.
TO THE EXTENT PERMITTED BY LAW, THE TOTAL LIABILITY OF GOOGLE AND
ITS SUPPLIERS AND DISTRIBUTORS FOR ANY CLAIMS UNDER THESE
TERMS, INCLUDING FOR ANY IMPLIED WARRANTIES, IS LIMITED TO THE
AMOUNT THAT YOU PAID US TO USE THE SERVICES (OR, IF WE CHOOSE, TO
SUPPLYING YOU WITH THE SERVICES AGAIN).
IN ALL CASES, GOOGLE AND ITS SUPPLIERS AND DISTRIBUTORS WILL NOT
BE LIABLE FOR ANY LOSS OR DAMAGE THAT IS NOT REASONABLY
FORESEEABLE.
3089381/1