Cloud computing contracts

Types of contract

What forms of cloud computing contract are usually adopted in your jurisdiction, including cloud provider supply chains (if applicable)?

In practice, cloud computing contracts usually adopted in Korea are similar to those globally used by cloud computing service providers. Many cloud computing service providers adopt modular agreements composed of several different components such as:

  • a master agreement between the customer and cloud servicer provider;
  • service level agreements and terms for each service;
  • the cloud service provider’s acceptable use policies; and
  • end-user licence agreement.

 

Often these agreements are presented as clickwrap agreements with non-negotiable terms. Accordingly, to protect the rights of the cloud service users, the Ministry of Science and ICT has published a model agreement.

Typical terms for governing law

What are the typical terms of a B2B public cloud computing contract in your jurisdiction covering governing law, jurisdiction, enforceability and cross-border issues, and dispute resolution?

Article 24 of the Cloud Computing Act states that the Ministry of Science and ICT, in consultation with the Fair Trade Commission, may establish a model agreement for cloud computing to protect the rights of cloud computing users and establish fair trade practices. In December 2016, the Ministry of Science and ICT published two versions of Model Cloud Agreement for Protection of Cloud Service Users and Establishment of Fair Trade Practices, one for B2B and one for B2C. 

Under the Model Cloud Agreement for Protection of Cloud Service Users and Establishment of Fair Trade Practices for B2B (B2B Model Agreement), Korean law is the governing law and any disputes arising out of the agreement are subject to the jurisdiction of the Korean court.

Typical terms of service

What are the typical terms of a B2B public cloud computing contract in your jurisdiction covering material terms, such as commercial terms of service and acceptable use, and variation?

Under the B2B Model Agreement, the cloud service provider must provide cloud computing services in accordance with the B2B Model Agreement, and the specific service levels will be subject to the service level agreements. Any modifications to the service levels should be mutually discussed, provided that any modifications that are material or are contrary to the interests of the cloud computing user are subject to the user’s consent.

The B2B Model Agreement divides service fees into basic fees and ancillary fees. The details of the service fees (type, price, method of pricing, discounts, etc) must be listed in an attachment to the B2B Model Agreement or on the service website. In principle, the service fees are on a monthly basis and prorated on a daily basis upon termination. Any discount or waiver of fees can be determined based on mutual discussion. In the event of temporary suspension or disruption of services, the user will be entitled to request discount of the service fees or seek damages arising from such suspension or disruption. 

Typical terms covering data protection

What are the typical terms of a B2B public cloud computing contract in your jurisdiction covering data and confidentiality considerations?

Under the B2B Model Agreement, the cloud computing provider must:

  • adopt the Cloud Computing Standards;
  • provide adequate security measures; and
  • ensure protection against leakage of personal information and third-party infiltration.

 

Further, the cloud computing provider cannot provide the user‘s information to a third party without the user’s consent or use the user’s data beyond the agreed purpose. The user is responsible for controlling its ID and password and bear responsibility for any theft or inappropriate use due to the user’s failure to exercise due care. 

Data protection measures not stated in the B2B Model Agreement will be subject to the privacy laws such as the PIPA, Network Act or industry-specific laws based on the user’s business. 

Typical terms covering liability

What are the typical terms of a B2B public cloud computing contract in your jurisdiction covering liability, warranties and provision of service?

In general, under the B2B Model Agreement, the cloud computing service provider is liable for damages incurred by the user owing to intentional or negligent service disruptions or for failure to meet the level of quality or performance of the services under the relevant service level agreement.

However, absent any intentional misconduct or negligence, the cloud computing service provider will not be liable for the user’s damages because of:

  • inevitable service interruption due to system upgrade, prevention of infiltration such as hacking or network failure, force majeure events that have been notified to the user pursuant to the B2B Model Agreement;
  • service suspension due to force majeure events beyond the control of existing technical capability;
  • service suspension, disruption or termination of B2B Model Agreement owing to the user’s intentional misconduct or negligence;
  • the network service provider’s discontinuation or disruption of network services;
  • ancillary issues arising from the user’s computer environment or network environment; and 
  • user’s computer error or erroneous identification information or incorrect email address. 

 

Further, the cloud computing provider is not liable for the credibility or accuracy of the information or material transmitted using the services or posted on the service website absent any intentional misconduct or negligence. 

Additionally, the cloud service provider will not be liable in disputes regarding cloud computing services between users or between a user and a third party if all of the following conditions are met:

  • the cloud computing service provider has not violated the Cloud Computing Act;
  • the cloud computing service provider has proved that there is no intentional misconduct or negligence on its part;
  • the cloud computing service provider does not have the authority or capacity to control the acts of the user that is infringing on the rights of other users or third parties;
  • even if the cloud computing service provider does have the authority or capacity to control the user against the infringement of the rights of other users or third parties, the cloud computing service provider does not financially benefit from such infringement; and
  • the cloud computing service provider immediately suspends the infringement once it becomes aware of the fact or circumstances that a user or third party is infringing on the user’s rights.  

 

On the other hand, if the user has caused damages to the cloud computing service provider, it will be liable for the damages incurred by the cloud computing service provider. 

Typical terms covering IP rights

What are the typical terms of a B2B public cloud computing contract in your jurisdiction covering intellectual property rights (IPR) ownership in content and the consequences of infringement of third-party rights?

Under the B2B Model Agreement, the user must not violate the Copyright Act and related laws or moral customs and social order. Further, absent any intentional misconduct or negligence, the cloud computing service provider will not be liable for any infringement on IPR between users or between a user and a third party. Other matters concerning IPR ownership are not specifically mentioned in the B2B Model Agreement and would, therefore, be subject to the intellectual property laws of Korea. 

Typical terms covering termination

What are the typical terms of a B2B public cloud computing contract in your jurisdiction covering termination?

Under the B2B Model Agreement, both the cloud computing service provider and the user can rescind or terminate the B2B Model Agreement. The termination rights of the cloud computing service provider and user are as follows.

 User
  • Cloud computing service provider is unable to or there is a materially adverse effect on its ability to perform its obligations;
  • the cloud computing service provider fails to provide services as contracted; and
  • a material event has occurred that makes is impossible to maintain the contractual relationship.
 Cloud computing service provider
  • The user violates its obligations such as payment default or assigns its rights to a third party without the consent of the cloud computing service provider;
  • a user whose use has been restricted under the B2B Model Agreement fails to cure the cause for such restriction for a substantial period of time; and
  • the cloud computing service provider terminates its cloud computing business.

 

The cloud computing service provider must return the data to the user upon the rescission, termination of the B2B Model Agreement or upon expiry of the service term. If the return of data is practically impossible, the cloud computing service provider must destroy the user data in an irreversible manner. The cloud computing service provider must also cooperate in transferring the user’s data to a different cloud computing service.

Employment law considerations

Identify any labour and employment law considerations that apply specifically to cloud computing in your jurisdiction.

There are no labour or employment laws specific to the cloud computing industry.

Law stated date

Correct on

Give the date on which the information above is accurate.

August 2020.