The Competition and Markets Authority (“CMA”) has been made aware of a number of consumer protection concerns; in response to these concerns on 1 December 2015 the CMA launched a consumer law compliance review into the practices of cloud storage service suppliers. The review will focus on a number of areas during the consumer experience and seeks input from different stakeholders, from consumers to cloud providers. Stakeholders have until 15 January 2016 to comment, with the guidance due to be published in May 2015. This review is likely to be the first of a number of actions by the CMA designed to protect consumer rights.
Cloud storage is now being used by over 40% of adults in the UK, its ease of use means that UK consumers are no longer limited to the storage capacity of their particular device. However, as with any fast-paced technological development, teething problems are inevitable and the regulators are battling to keep up. This is the first in-depth look by the CMA at the competitiveness and consumer friendliness of cloud suppliers’ practices.
Whilst this review comes from a consumer protection perspective, the results could also have wider business implications. This review follows the guidance published recently by the Financial Conduct Authority (“FCA”), which stated that there was no reason why cloud solutions cannot be used in the financial sector. Whilst the FCA advice places emphasis on putting various safeguards in place, the FCA has clearly expressed an appetite to drive development of the cloud in the financial sector.
Our analysis of the recent FCA guidance on cloud usage can be found here.
Key issues and the scope of the CMA review
The CMA intends to assess cloud providers’ compliance with a number of consumer laws, which include the recently enacted Consumer Protection Act 2015, as well as taking into account evolving legislative developments at EU level, such as the proposed Single Digital Market.
The scope of this review will only go as far as looking into cloud storage services whose primary purpose is to store and organise digital data. The review will cover cloud storage service providers who service UK consumers; this will also capture cloud storage providers overseas. The review expressly excludes cloud services which are an incidental part of another service, for example the sharing of photos on a social media platform.
The CMA is particularly interested in how consumers are treated at different stages in the lifecycle of using the cloud; before consumers sign up, during their cloud contract, and after the contract ends:
- Before the contract – how the product is marketed, security of data, how and where the storage is purchased and how the most important terms are communicated to consumers, are just some of the issues which interest the CMA.
- During the contract – why the price or service offered to the consumer might change, as well as how customer data losses are dealt with and any redress options. More generally the CMA is looking to understand what common problems consumers encounter and how are these solved by the cloud providers.
- After the contract – how contracts are renewed automatically, why suppliers might cancel a contract, what happens if a consumer cancels and what happens to the consumer data once a contract is terminated.
The CMA is seeking a wide range of views from consumers, cloud storage providers, research and academic organisations, consumer groups and trade associations.
At this stage, the CMA has yet to give a firm indication of what recommendations or action it is likely to take. In any event, the review’s findings are likely to require each cloud provider to review the terms and conditions controlling the entire customer experience.
Technological developments always bring associated risks, and once the results of the CMA’s review are released in May 2016, we will have a clearer picture of what, if any, action is likely to be taken by that regulator. Following on from the recent FCA guidance consultation covering cloud services, the CMA review further demonstrates that as cloud technology moves into the mainstream, legal and regulatory developments will follow.