A new privacy agreement called the Privacy Shield has been agreed by the US and EU to replace the safe harbour scheme. The Privacy Shield is based upon safe harbour but has additional protections, particularly with regard to public authority access to personal data. The Privacy Shield must now be reviewed by the European Commission before it can be relied upon and adopted by SaaS suppliers or customers. The European Commission is currently assessing whether or not the Privacy Shield provides adequate protection in accordance with EU data protection laws. This process is expected to take up to 3 months.
Continue readingTag: ASP
SaaS Agreements – Data Protection – Direct Marketing Rules
In September 2013 the Information Commissioner’s Office (ICO) published a lengthy guide to Direct Marketing. The guide covers compliance with the Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications Regulations 2003 (PECR) in relation to the sending of unsolicited marketing. SaaS suppliers who are sending unsolicited marketing
Continue readingSaaS Agreements – Data Protection – Russian Data Centres
SaaS Suppliers who will be processing personal data of Russian citizens on behalf of SaaS customers need to be aware of amendments to the Russian Federal Law on Personal Data. From the 1st of September 2015 changes to this Russian law may prohibit foreign SaaS suppliers from processing personal data of Russian citizens on servers located outside of Russia.
Continue readingSaaS Agreements – International Agreements – Valid Execution
Where an international SaaS agreement is entered into between a non-UK SaaS customer and a non-UK company of a SaaS supplier the parties should ensure that the SaaS agreement has been properly executed in accordance with the law of the country of incorporation of each company. Even where the SaaS
Continue readingSaaS Agreements – International Agreements – Interest on Late Payments
SaaS customers often delay payment of invoices. In order to protect your SaaS business and improve cash flow, SaaS suppliers usually include the right to claim interest on late payments in the terms of their SaaS agreement or rely on their statutory right to interest under the Late Payment of Commercial Debts (Interest) Act 1998 (Act”). However, following the decision in Martrade Shipping and Transport GmbH v United Enterprises Corporation SaaS suppliers should be aware of the limitations of relying upon the Act, particularly where the SaaS customer or SaaS supplier is a non UK entity.
Continue readingSaaS Agreements – Data Protection – Anonymising Data
Many SaaS suppliers use personal data, collected on behalf of SaaS customers, in an anonymised form for their own purposes, such as benchmarking. The UK Information Commissioner’s Office (ICO) Anonymisation Code and more recently the Article 29 Working Party’s Opinion on Anonymisation provide guidance on how to check that personal data is actually anonymous.
If you are a SaaS provider using anonymised personal data you should comply with the recommendations in these two guides, to ensure that you are properly anonymising data, otherwise you could be found to be using personal data in breach of the DPA.
Continue readingSaaS Agreements – Heads of Terms – Entire Agreement Clause
Heads of terms are often by SaaS suppliers where the final terms of the SaaS agreement have not yet been fully agreed with the SaaS customer. By using heads of terms the SaaS supplier can start to provide the SaaS services to the SaaS customer. However sometimes the parties are unaware of, or overlook, the legal implications and dangers of using heads of terms prior to finalising the terms of the SaaS agreement.
A recent court case in the UK highlights these problems.
Continue readingSaaS Agreements – Data Protection – Which law applies?
UK SaaS suppliers who provide cloud computing services to SaaS customers located outside of the UK are increasingly being required to comply not just with UK data protection law, but also the data protection laws of the countries in which the SaaS customer and its clients are based. This increasingly creates problems for SaaS suppliers, as data protection laws generally assume that data is stored/processed in one place. However when operating in the cloud data is often moved between jurisdictions and often it may be unclear exactly where data is being stored or processed and who is storing and processing it.
Two recent cases against Facebook and Google show the extent of this developing problem.
Continue readingSaaS Agreements – Reseller/Distribution – International SaaS Reseller Agreements
If you decide to use a local partner to resell your SaaS software to customers outside of the countries in which you are based, you will need to have an international distribution/reseller agreement in place between yourself and each distributor/reseller. What is a Reseller/Distributor? A reseller is the same as
Continue readingSaaS Agreements – Data Protection – Microsoft must disclose data on EU server
Many SaaS customers falsely believe that if their SaaS data is stored in a data centre located in the EU it will be protected against disclosure to the US authorities. This is incorrect. The recent US court ruling against Microsoft has confirmed the position, namely that SaaS suppliers and SaaS customers who use data centres located in the EU, owned by US companies, cannot prevent US authorities from accessing their data.
Continue reading