They’re everywhere, but under some circumstances organizations have to judge their risk

Have you ever wondered what legal traps might be lurking behind those seemingly innocent “click me” licenses (often referred as an “EULA” or End User License Agreement) that are so often accepted on business and social media Web sites and links leading to software downloads and updates, etc.?


Seemingly innocent, and necessary in order to gain access to the product or service, the Internet is replete with the small gems often headed by a READ CAREFULLY moniker. But let me digress down memory lane for a moment.

Introduction online contracting


It was in the early 90s that I was approached by a legal publisher to develop a computer-contracting chapter as part of a long established legal community series focusing on legal forms in the nature of precedents and containing a variety of “typical” business contracting forms.


That single undertaking has now morphed into two separate chapters as part of the original contracting forms series but, more to the point, it also served to create a springboard for the development of a comprehensive four-volume set of “Computer and Information Technology” legal contracting forms.


Now going into its 19th release, the series is comprised of a set of updatable loose leaf volumes, the included forms being complemented by downloadable digital counterparts. With three annual updates and a variety of sample real-world forms ranging from nondisclosure agreements (NDAs) through to e-commerce, website access and development agreements, and onto sample BYOB and data governance policies, there is an abundance of terms and conditions that demonstrate both the complexity of technology contracting and customer compliance requirements.


The sampling of forms is drawn from real world circumstances, and reflects both the sophistication and complexity of the tech sector, and particularly, the online world. They are extremely consistent in reflecting the provider’s intellectual property concerns, preservation of revenue streams and opportunities for new business, indemnification for default, circumstances giving rise to termination and damages, and the list continues.



There is a certain consistency in tech contracting terms and conditions. Internal legal departments and external legal resources typically provide significant input in the development and formulation of these terms. Technology has introduced much complexity into the traditional law of contracting, and that complexity has been exacerbated through the evolution and growing sophistication of Internet-based solutions.

We’ve advanced substantially from the early days when the ongoing debate among lawyers and academics was whether a click me contract was, in fact, a valid agreement and really did bind the user – around the same time, that the discussion evolved about whether shrink wrap agreements that accompanied CD-ROM/DVD software applications were really enforceable in law. The bottom line is that click-me/shrink-wrap licenses, with the exception of any specific provisions that may be ruled by a court as enforceable, are quite valid as a legally binding contract between the provider and the customer.

End User and associated online contracts


The law governing technology contracts has come a long way through applying traditional legal principles to sophisticated technological advances. Adapting contracts to such advances has been augmented by government enacted instep legislation that addresses a variety of technological advancements and challenges; e-commerce, privacy, cybercrime laws are excellent examples of how government has fashioned legislation in response to, or in advance of, commercial and personal challenges and threats.


Click-me contracts will often address the impact of customer violation of applicable legislation and describe the sanctions and provider remedies. Often, portions legislative-drive compliance provisions may be segregated on the website from the main contract terms as is often the case with privacy.


And so, it seems like you can’t do anything much these days without first acknowledging in the checkmark box that you’ve read and understand the linked terms and conditions and then proceeding to click the “I Accept” button. I guess you can always opt to bypass and not access, but how frequently does that really happen? This approach applies to downloads, whether software or data related, in addition to subscriptions relating to electronic publications, and to apps on your computer, smart phones and tablets. These darn things just seem to be everywhere – and there’s no real “legal” way to avoid them – kind of reminds us the old adage of “no ticket, no laundry”.


We have learned to accept (sometimes blindly) the “terms of use” or “license” as an acceptable risk, as well as a non-monetary upfront cost, of Internet access and freedom to surf. And so, acknowledging that web surfers are prepared to assume a high degree of what they feel is acceptable risk, it should not be surprising that recent surveys have indicated that, on average, somewhere between an astonishingly high 70 to 74 per cent never bother reading the terms before clicking the I Agree button while about 20 – 24 per cent will quickly glance over the language in search of “unusual” provisions, and thus leaving somewhere around three to five per cent of users that actually read the words – why is that? Other than the fact that the language is outright boring and flavoured with extremely complex legalese, the choices are essentially Yes/No – I Agree or I Do Not Agree.

The CIO’s role


And so the question for the CIO is where and how does your organization fit within this framework? 


How much time really is spent reviewing Web-based terms and conditions (this is not to ignore other IT contract categories, but that’s a discussion for another time)?


And by whom – are you consulting with Legal and the folks that assess/manage risk in your organization? And how does this “trend” impact employee downloads and access for personal use on corporate devices? Is this something that needs to be part of your organization’s strategy and associated policies governing acceptable use, BYOD, and data governance policy(ies)?  And if so, what privileges are to be granted to employees and other authorized corporate users, and what are the attendant obligations and restrictions governing “use”?


“Use” is the term most commonly utilized (e.g. terms of use) by those providing access to the services or products and which may specify the number of devices that the software or app may be asked installed upon, or impose a limitation upon the number of concurrent users that may access the site at any single time, etc.


A fairly straightforward example of access and “use” and associated limitations, can be found in the typical Microsoft 360 install and which permits installation of Office 2013 on up to five devices. Using a small working group as an example, each device of that group will need to be registered and licensed at inception of usage, or prior to term expiration.


Now say that a sixth device is then brought into the group. While it may be able to read the documents created using the Microsoft 360 service, it cannot make use of the service to create new documents or edit the previously created documents through the service as the sixth device is unauthorized (and that’s ignoring the fact that any such edits or new document creation can be accomplished through an MS Office accessible network or standalone computer).


However, if one of the original five devices is removed from Microsoft 360 as an “authorized” device, then the sixth device may be substituted in its place.


Just because all apps are offered on a free or no-cost basis, does not mean that they are without terms of use. And it has become an emerging trend, that some apps are available for personal use at no cost, with an optional to be paid-for upgrade to business or broader commercial utilization. The licensing fee and terms will govern how that works. And so, with the click-me type of licenses, essentially it’s a take it or leave it approach. However, in instances where there is a revenue opportunity, the provider may become open to negotiating terms, or have a different set of agreements available for negotiation to cover a broader environment.
(Lou Milrad is a Toronto lawyer who focuses on government, business and technology)

Related Download
New expectations for a new era - CHRO insights from the Global C-Suite Study Sponsor: IBM Canada Ltd
New expectations for a new era – CHRO insights from the Global C-Suite Study
This IBM white paper provides an in-depth analysis of 342 responses by Chief Human Resource Officers to a Global C-Suite Survey.
Register Now
Share on LinkedIn Share with Google+ Comment on this article