If one of your servers crashes or an upgrade does not end as expected, you can only blame yourself. However, you probably will have foreseen the risk, and you will have taken measure to get protected. But from the moment you put hardware and software into the hands of an outside provider, what does happen? Who is responsible? Have you set up an alternative system? Could the provider not have foreseen a critical error? You can also ask the same question in case of data leakage for example! Who is responsible? These two cases will have consequences: loss of productivity, loss of confidence, financial losses, etc.
Terms and conditions
The answer to these questions can generally be found in the Terms and Conditions of the services. Let’s imagine a cloud service provider that runs not a hundred merchant sites, but several hundreds of thousands, some thousands of which generate millions of dollars in revenue per month. Can this provider repay all of his clients’ lost income in the event of an accidental failure? The answer is probably no unless you want to bankrupt it automatically. As a result, the entire profession will limit liabilities.
Before we look at the details, let us take the problem from another angle and imagine that the few thousand merchant sites are each hosted on infrastructure owned by the companies that own the sites. If each site were to stop for a hardware failure problem, would the owner turn to the hardware manufacturer, software developer or network provider who implemented the site? If this could be possible, there is a strong bet that it will not be because each of these companies will have in its terms and conditions a limited liability. The same goes for cloud service providers.
Let’s have a look at the T&Cs of those major providers.
To the extent permitted by applicable law, each party’s total liability for all claims relating to Professional Services will be limited to the amounts Customer was required to pay for the Professional Services or the limitation of liability for the Online Service with which the Professional Services are offered, whichever is greater. In no event will either party be liable for indirect, incidental, special, punitive, or consequential damages, including loss of use, loss of profits, or interruption of business, however, caused or on any theory of liability in relation to the Professional Services (https://www.microsoft.com/en-us/licensing/product-licensing/products.aspx, pick Online Services Terms (OST)).
WE AND OUR AFFILIATES AND LICENSORS WILL NOT BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, REVENUES, CUSTOMERS, OPPORTUNITIES, GOODWILL, USE, OR DATA), EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHER, NEITHER WE NOR ANY OF OUR AFFILIATES OR LICENSORS WILL BE RESPONSIBLE FOR ANY COMPENSATION, REIMBURSEMENT, OR DAMAGES ARISING IN CONNECTION WITH: (A) YOUR INABILITY TO USE THE SERVICES, INCLUDING AS A RESULT OF ANY (I) TERMINATION OR SUSPENSION OF THIS AGREEMENT OR YOUR USE OF OR ACCESS TO THE SERVICE OFFERINGS, (II) OUR DISCONTINUATION OF ANY OR ALL OF THE SERVICE OFFERINGS, OR, (III) WITHOUT LIMITING ANY OBLIGATIONS UNDER THE SERVICE LEVEL AGREEMENTS, ANY UNANTICIPATED OR UNSCHEDULED DOWNTIME OF ALL OR A PORTION OF THE SERVICES FOR ANY REASON; (B) THE COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; (C) ANY INVESTMENTS, EXPENDITURES, OR COMMITMENTS BY YOU IN CONNECTION WITH THIS AGREEMENT OR YOUR USE OF OR ACCESS TO THE SERVICE OFFERINGS; OR (D) ANY UNAUTHORIZED ACCESS TO, ALTERATION OF, OR THE DELETION, DESTRUCTION, DAMAGE, LOSS OR FAILURE TO STORE ANY OF YOUR CONTENT OR OTHER DATA. IN ANY CASE, EXCEPT FOR PAYMENT OBLIGATIONS UNDER SECTION 9.2, OUR AND OUR AFFILIATES’ AND LICENSORS’ AGGREGATE LIABILITY UNDER THIS AGREEMENT WILL NOT EXCEED THE AMOUNT YOU ACTUALLY PAY US UNDER THIS AGREEMENT FOR THE SERVICE THAT GAVE RISE TO THE CLAIM DURING THE 12 MONTHS BEFORE THE LIABILITY AROSE (https://aws.amazon.com/agreement/).
We have retained the capital letters to the extent that this article appears in capital letters on the AWS site. It should be noted that articles 10 (disclaimer) and 11 (Limitations of liability) are the only ones to be in full capital! A way to draw attention to their importance probably.
13.1 Limitation on Indirect Liability. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY, NOR GOOGLE’S SUPPLIERS, WILL BE LIABLE UNDER THIS AGREEMENT FOR LOST REVENUES OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, EVEN IF THE PARTY KNEW OR SHOULD HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE AND EVEN IF DIRECT DAMAGES DO NOT SATISFY A REMEDY.
13.2 Limitation on Amount of Liability. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY, NOR GOOGLE’S SUPPLIERS, MAY BE HELD LIABLE UNDER THIS AGREEMENT FOR MORE THAN THE AMOUNT PAID BY CUSTOMER TO GOOGLE UNDER THIS AGREEMENT DURING THE TWELVE MONTHS PRIOR TO THE EVENT GIVING RISE TO LIABILITY (https://cloud.google.com/terms/).
WE DON’T EXCLUDE OR LIMIT OUR LIABILITY TO YOU WHERE IT WOULD BE ILLEGAL TO DO SO—THIS INCLUDES ANY LIABILITY FOR DROPBOX’S OR ITS AFFILIATES’ FRAUD OR FRAUDULENT MISREPRESENTATION IN PROVIDING THE SERVICES. IN COUNTRIES WHERE THE FOLLOWING TYPES OF EXCLUSIONS AREN’T ALLOWED, WE’RE RESPONSIBLE TO YOU ONLY FOR LOSSES AND DAMAGES THAT ARE A REASONABLY FORESEEABLE RESULT OF OUR FAILURE TO USE REASONABLE CARE AND SKILL OR OUR BREACH OF OUR CONTRACT WITH YOU. THIS PARAGRAPH DOESN’T AFFECT CONSUMER RIGHTS THAT CAN’T BE WAIVED OR LIMITED BY ANY CONTRACT OR AGREEMENT.
IN COUNTRIES WHERE EXCLUSIONS OR LIMITATIONS OF LIABILITY ARE ALLOWED, DROPBOX, ITS AFFILIATES, SUPPLIERS OR DISTRIBUTORS WON’T BE LIABLE FOR:
i. ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES, OR
ii. ANY LOSS OF USE, DATA, BUSINESS, OR PROFITS, REGARDLESS OF LEGAL THEORY.
THESE EXCLUSIONS OR LIMITATIONS WILL APPLY REGARDLESS OF WHETHER OR NOT DROPBOX OR ANY OF ITS AFFILIATES HAS BEEN WARNED OF THE POSSIBILITY OF SUCH DAMAGES.
IF YOU USE THE SERVICES FOR ANY COMMERCIAL, BUSINESS OR RE-SALE PURPOSE, DROPBOX, ITS AFFILIATES, SUPPLIERS OR DISTRIBUTORS WILL HAVE NO LIABILITY TO YOU FOR ANY LOSS OF PROFIT, LOSS OF BUSINESS, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS OPPORTUNITY. DROPBOX AND ITS AFFILIATES AREN’T RESPONSIBLE FOR THE CONDUCT, WHETHER ONLINE OR OFFLINE, OF ANY USER OF THE SERVICES.
OTHER THAN FOR THE TYPES OF LIABILITY WE CANNOT LIMIT BY LAW (AS DESCRIBED IN THIS SECTION), WE LIMIT OUR LIABILITY TO YOU TO THE GREATER OF $20 USD OR 100% OF ANY AMOUNT YOU’VE PAID UNDER YOUR CURRENT SERVICE PLAN WITH DROPBOX (https://www.dropbox.com/terms).
EXCEPT WHERE PROHIBITED, THE SERVICES ENTITIES SHALL NOT BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES ARISING FROM YOUR USE OF THE SITES OR ANY THIRD PARTY’S USE OF THE SITES. THESE EXCLUSIONS INCLUDE, WITHOUT LIMITATION, DAMAGES FOR LOST PROFITS, LOST DATA, COMPUTER FAILURE, OR THE VIOLATION OF YOUR RIGHTS BY ANY THIRD PARTY, EVEN IF THE SERVICES ENTITIES HAVE BEEN ADVISED OF THE POSSIBILITY THEREOF AND REGARDLESS OF THE LEGAL OR EQUITABLE THEORY UPON WHICH THE CLAIM IS BASED (https://www.salesforce.com/company/legal/sfdc-website-terms-of-service.jsp).
It seems that as soon as it comes to responsibility and liability, capital letters become the standard!
I think that the articles coming from the terms and conditions of different providers are eloquent. At best, you can be repaid the amount of your annual subscription, regardless of the damage caused. At worst, you won’t get anything out of it. It is, therefore, necessary to protect yourself to the best of these problems by foreseeing them. Of course, it is not possible to foresee everything; You will have to suffer interruptions of services, rather prevent that cure and predict what to do in this case.
Is it necessary to throw away the baby and the bathwater? Probably not. There are many ways to protect yourself, and these providers offer them all. From redundancy to data encryption, technical means exist. It comes down to weigh risks and costs, an equation you’re your CFO will know, but that they sometimes do not consider. As we tend to say, cheap can be expensive. You must decide accordingly!
Of course, you will find more details in my book Private, Hybrid and Public Clouds.
Photo by Markus Spiske from Pexels