Consumer Protection in the Cloud: Why governments struggle to keep pace with tech

Today’s consumers often use the cloud without even realizing it. From storing files to accessing documents and running apps, the cloud is a normal part of digital experiences. For companies providing B2C services in the cloud it can be unclear what types of consumer protection laws apply in the cloud—or whether businesses count as “consumers.” MSCloudNews spoke with Chris Reed, a professor of electronic commerce law at Queen Mary University of London about the evolving area of cloud consumer protection law, focusing on how this area of law generally applies to companies across the US and Europe. Reed has written extensively on laws governing cloud, blockchain, AI, and ML, and recently published a chapter on consumer protection in the cloud in Cloud Computing Law.

Most government entities tasked with developing consumer protection laws for the cloud are struggling to do it, Reed tells MSCN.  Traditionally, consumer protection law focused mainly on goods rather than services, with an assumption of protecting individual people as small consumers, rather than companies harmed by a bad product. As a result, Reed says, the law in most countries does not have a clear answer of how to deal with services and assessing complaints about services, including cloud services, with standards like reasonable care and skill.

Similarly, laws fall short as the line blurs between businesses and consumers. And so far, governments haven’t clearly resolved whether or not businesses can be “consumers” within the meaning of consumer protection law. Individuals and businesses can be harmed not only by a service but by exposure of their sensitive data. Reed explained that protection in the digital realm has some parallels to products in the physical world.

Let’s say the handle breaks on my coffee cup and splashes me with scalding coffee. I have a cause of action or a right to replace it…In Europe, there is a strong move toward digital products and services. Does my coffee cup hold coffee and go through the dishwasher. [If yes, then it is a “good” product.] We now have the same idea with streaming services or online games, but looking at things like [latency] or [data breaches].

Consumer protection laws are different in the US than in Europe, as are consumer expectations. Even the way that people expect to resolve problems with a product differ, with a greater emphasis on lawsuits in the US and much more use of negotiations and arbitration in Europe, Reed says.