* Cloud vendors use disclaimers to waive liability - EU paper
* Resolving cloud disputes a legal maze
By Claire Davenport
BRUSSELS, June 19 (Reuters) - The European Commission wants cloud computing firms to improve contracts they offer customers in a drive aimed at averting costly legal disputes, allaying privacy concerns and boosting an industry which can offer huge savings to users.
Buying computer hardware can be a drain for new and small companies, and huge savings can be made adopting ‘cloud’ storage — using networks to connect remotely to servers elsewhere, possibly in a different continent.
But security and data privacy is a major concern, the EC said in a policy paper intended to encourage the technology.
A lack of trust is cited by many surveys as one of the main reasons companies do not embrace the cloud.
“The complexity and uncertainty of the legal framework for cloud services providers means that they often issue complex contracts ... or agreements with extensive disclaimers,” the EC said in the paper, obtained by Reuters and expected to be published after the summer break.
“Contracts often do not accept liability for data integrity, confidentiality or service continuity.”
The EC said in the paper, which is not binding, it wanted to help the industry develop model agreements on issues such as which country’s laws applied in a legal dispute between a service provider and a customer.
Data in the cloud is often stored or processed in two or more data centres, to ensure access even in the case of heavy network traffic.
And services are sometimes provided through a chain of firms with different tasks in various countries, making legal action by a dissatisfied client difficult.
Customers and policymakers want to ensure that wherever the data is, it has the same level of protection as the location where the client uses it, and that companies are held accountable.
The Commission will also look into whether binding laws will be needed for cloud services.
European Union regulators say they have not found cloud vendors to be forthcoming enough about what they will do for customers if a service is disrupted or data stolen.
“They have an attitude of take it, or leave it. You want it cheap then do it large-scale and we cannot tell you where the data goes,” European Data Protection Supervisor Peter Hustinx said.
Hosts of data, which under EU law are typically companies which provide internet access or search engines which host but do not create content like websites, will not be liable in a legal row, the draft policy said.
Big cloud firms like Google and Microsoft are trying to lure more customers and are buying new sites for data centres to serve clients’ rising dependence on faster and cheaper internet.
Google has recently bought land in Hong Kong, Singapore and Taiwan to build new centres.
In June, Google announced that it would also offer model contracts.
Microsoft said it offers such model clauses to more than 500,000 users, sometimes including free audits for small and medium-sized businesses that cannot afford an auditing firm.
To make cloud computing a safe part of everyday life the EC said it will work with the World Trade Organisation, the Organisation for Economic Co-operation and Development and the United Nations to develop a common legal basis.
The paper singled out Japan and the United States as two regions with whom it wanted to develop more common standards.
The United States has the most evolved cloud computing market and Japan has made strides driven by its need for faster disaster recovery systems after events such as an earthquake or tsunami.