Using and protecting data is complex and the regulatory issues are wide-reaching. When choosing third party services to process data, brands often assume they retain control over how their data is used. However, that is often not the case and it can have serious practical and legal consequences.
Being able to identify potential issues in advance is a key skill when trying to ensure your business does not get caught by them. From ownership, to the GDPR, this article will explore some of the issues facing companies when they hand over their data.
Check the Terms and Conditions
A YouGov survey of UK SME’s shows that over 18% have had legal issues surrounding terms and conditions of software. SME’s routinely agree to two types of agreement without reading them or referring them to their lawyers – Standard Terms or Standard Contracts and Clickwrap agreements. Agreeing to any form of contract without reading it is a danger.
Commercial agreements can contain clauses giving extensive rights to the provider over your data. For example (taken from real terms and conditions found in business to business contracts, although I have made minor amendments to aid reading), this legal clause gives the service provider complete control over client data permanently:
“You hereby grant [us] a perpetual, transferable, irrevocable license to store, manipulate, transmit, copy, display, sub-license or otherwise use your [data]…for any purpose not restricted to the performance of this agreement including but not limited to providing services to third parties.”
Brands agreeing to this effectively give data to marketing technology providers whosell it or use it for other purposes. This can include selling your valuable data on to direct competitors or providing insights into how you work by analyzing it.
It’s even more complex when in the form of a ‘clickwrap’ – those boxes which require you to click to confirm that you have read and accepted the terms before continuing. In that instance, where a decision to use a provider has been made, the terms will rarely be read because the click box is seen as a ‘lock’ to open the service to use.
While services like Terms of Service; Didn’t Read help consumers, there is no equivalent for brands. In a digital world, they need to understand that online terms and clickwrap agreements are the same as paper contracts and get them reviewed – or face losing their data or worse.
While it is obvious a business operating across borders must comply with laws in different countries, it might not be so clear when it comes to those operating in just one country.
The increase in cloud and SaaS services and their emergence as a viable, practical and affordable option for SMEs has brought a spotlight on this problem.
One good example of the complexity of these laws is the European General Data Protection Regulation (GDPR), which go into effect on May 25, 2018. GDPR is an extensive set of rules on how businesses can store, treat and transmit data about EU citizens and is primarily aimed at businesses who are based inside the European Union. However, they also apply to businesses based outside the EU which provide goods or services within the EU.
Attention needs to be paid to contract terms within service providers’ standard agreements which may not be GDPR compliant because the sanctions are considerable – up to 4% of worldwide turnover or 20 million euro.
What is the answer?
Clever entrepreneurs will use legal experts to ensure they don’t overlook the law, where their data is stored, processed and transferred.
They should also consider finding providers who go ‘above and beyond’ by ensuring their services are compliant with existing laws in multiple jurisdictions and, better still, that they commit to keeping them that way. Providers that work in your systems, who make no claims over your data, can also be a sensible way of removing an unnecessary headache.
Ultimately, retaining control of your own data gives you control over your business’ future. Find out more in our whitepaper.