a. | Enforceability of Clickwrap and Browsewrap. i. | Courts apply traditional principles of contract law to assess the enforceability of online agreements, focusing on whether the party challenging enforcement had reasonable notice of and manifested assent to the terms.1 Generally, courts differentiate online agreements between “clickwrap” agreements and “browsewrap” agreements. A clickwrap agreement appears on an internet webpage and requires that a customer agree to any terms or conditions by engaging in some affirmative act, such as by clicking on a check box on the screen, in order to proceed with the internet transaction. In contrast, a “browsewrap” agreement occurs where the website provides customers with the ability to view the terms of the agreement, such as through a hyperlink at the bottom of a web page, but does not otherwise require that the customers take any affirmative action to signify their assent to the agreement. | | | | ii. | Courts routinely enforce clickwrap agreements because notice and assent are more easily established.2 In contrast, the enforceability of browsewrap agreements involves a more fact-sensitive inquiry in which courts determine whether the customer has “actual or constructive knowledge” of the contract prior to being bound.3 Actual knowledge is most often obtained through a defendant’s admission of knowledge of the site terms or through the presence of a cease and desist letter that advises the defendant of the existence of such terms.4 Alternatively, constructive knowledge is typically found where reasonable notice of the terms is provided such that the court can impute knowledge of their existence to the customer.5 Courts have found notice to be sufficient to impute knowledge where a website provided prominent notice of the hyperlinked terms with easy access to the full agreement.6 In contrast, courts have held browsewrap agreements unenforceable where customers were required to scroll down below the fold (i.e., to a secondary or submerged screen) to see the hyperlinked notice, an action which was not necessary to complete their transaction.7 |
|
b. | Authority to Bind i. | Generally, an agent can bind his principal when the agent has either actual or apparent authority or if the principal ratifies the agent’s agreement.8 Actual authority may be express or implied, and is triggered by the principal’s objective manifestations to the agent. 9With apparent authority, the manifestations are made to a third person, and must be made by the principal rather than the purported agent.10 The principal’s manifestations will support a finding of apparent authority only if (1) they cause the one claiming apparent authority to actually or subjectively believe that the purported agent has authority to act for the principal and (2) the claimant’s actual, subjective belief is objectively reasonable.11 Such objective manifestations to third parties do not necessarily need to come directly from the principal, but rather can also arise “from authorized statements of the agent.”12 Whether apparent authority exists is normally a question of fact.13 A principal ratifies an agent’s agreement if the principal, with full knowledge of the facts: (1) receives, accepts, and retains benefits from the contract; (2) remains silent or fails to repudiate the contract; or (3) otherwise exhibits conduct demonstrating adoption and recognition of the contract.14 | ii. | Courts generally will apply these same agency contract law principles when evaluating authority to bind in the context of online agreements. For instance, a Massachusetts District Court held that there was no apparent agency as a matter of law where the only relevant conduct by defendant was that it issued the purported agent an e-mail address with the defendant’s corporate domain name.15 In denying the plaintiff’s claim of apparent agency in this context, the court cited opinions finding that giving someone a business card with the company name or logo, access to a company car, or company stationery, by themselves, did not create sufficient indicia of apparent authority.16 Similarly, a Tenth Circuit Court refused to infer that a corporation’s ownership of an IP address used in connection with an online purchase was sufficient to establish that the individual who agreed to the user agreement from that IP address had authority to bind the corporation.17 Finally, where a plaintiff company expressly notified both its employees and the defendant that only three executives were authorized to bind the plaintiff to an online agreement, the court held that unauthorized employees had no actual or apparent authority to bind the plaintiff when they used defendant’s website and agreed to defendant’s online agreements.18 |
|
c. | Goods vs. Services laws i. | Many cloud service contracts have evolved from a software licensing model that in the past were governed by the Uniform Commercial Code (UCC) Article 2. While UCC obligations may be triggered by the delivery of software applications that are used to access the cloud services, generally the UCC doesn’t apply to a pure services contract. This can lead to questions concerning the enforceability of various exculpatory clauses, since most case law concerning the interpretation of such clauses arises under the UCC rather than the common law. | ii. | Using a traditional license grant clause in a cloud services contract may cause confusion, because it may grant a user rights in the underlying software used to provide the service (i.e., the cloud provider’s software infrastructure) rather than a right to obtain the services provided by the software. Therefore, many cloud service contracts are drafted in the form of a service contract rather than as a license. 1. | Compare: a. | Provider hereby grants customer a non-exclusive right to use the software/services | b. | Provider will use commercially reasonable efforts to provide access to the services set forth in Exhibit A. |
|
|
|
d. | Ownership of Custom Developments i. | Shared Multi-Tenant – it is difficult for the vendor to convey IP ownership of any service feature, because all customers must use the same service 1. | This is the tradeoff for obtaining the efficiency of using a cloud service model |
| ii. | Single Tenant - customer ownership of improvements is at least possible, as the customer is able to use a personalized instance of the software |
|
e. | Pricing/Payment i. | Many service providers will seek annual payment in advance (may need to address refund issues for certain breaches and termination issues) | ii. | Pay for use - How is “use” determined? 1. | Actual use / number of users/ number of employees |
| iii. | Price Changes 1. | How frequently can the vendor change pricing? | 2. | Are there any limits on the amount that prices can increase? |
| | | | iv. | Does the customer have any rights to obtain prices lower? (e.g., benchmarking right, and obligation on provider to match benchmark price) | v. | MFN ? |
|
f. | Services Description i. | A services description protects both the customer and the provider so that each party understands what services will be provided (and what services will not be provided) | ii. | Common items that are included in the services description: technical specifications; published materials; FAQs; and, bug and technical reports |
|
g. | Service Evolution i. | The contract should specify the process to changing the service | ii. | Can the customer refuse or delay a change? 1. | Changes are often deployed simultaneously to all users in a shared multi-tenant architecture. |
| iii. | What is the process for changing the platform, operating system or application? | iv. | Notification? | v. | How does pricing work? | vi. | Is the data accessible by the customer for other purposes? |
|
h. | Service Levels i. | How are service metrics defined? Does the entire service have to be unavailable or only particular portions of the service? | ii. | How are service metrics reported? 1. | Does the customer have to request reports or will the reports be automatically delivered? | 2. | Does the customer need to complain in order to receive the credit or is the credit applied automatically? |
| iii. | Does the customer need to have access to any vendor tools? 1. | Does the vendor have the necessary rights to allow customers to use the tools? |
| | | | iv. | Does the customer need to report a service issue to obtain a service credit or will a credit be automatically generated? | v. | What is the process for strengthening service metrics over time? | vi. | Are service credits the sole and exclusive remedy arising from a performance breach? 1. | Frequently, vendors will provide service credits as the sole and exclusive remedy for issues concerning the service. |
| vii. | Vendors often want to reserve the right to “immediately” suspend the service in the event of an “emergency” issue. However, the standard for what constitutes an emergency may not be clearly defined other than an event that has or could have the potential of causing a material disruption in service or potential risk to data integrity. | viii. | Service Levels Agreements typically have two components: 1. | A service component - defines how the services will be provided. Common SLA service components include: a. | Identification of the services that are to be provided | b. | May identify the services that are not provided | c. | Identification of assumptions underlying service availability | d. | Establishment of service standards (e.g., the timeframes in which services will be provided) | e. | Definition of the responsibilities of both parties |
| 2. | A management component - defines the management procedures for tracking the delivery and modification of the services. Common SLA management components include procedures for: a. | Tracking the availability of the services | b. | Reporting service issues | c. | Resolving service issues | d. | Revising services or service metrics |
|
|
|
| |
|
i. | End User Conduct i. | Cloud service provider contracts often require that customers “ensure” that their end users comply with the vendor’s terms of service. Many sophisticated customers will attempt to soften this requirement. For example, a customer may only want to undertake an obligation to use “commercially reasonable efforts” to cause its users to comply with the terms of service, or simply “inform” its users of the obligations. Other customers may want the vendor to directly contract with the end users. | ii. | Vendor terms of service typically prohibit the customer and its end users from engaging in inappropriate activities or using the services to store or process inappropriate content (which activities and content may, or may not be, identified in further detail). | iii. | Vendor contracts may require the customer to notify the vendor in the event the customer terms of service are breached. | iv. | Vendor contracts typically allow the vendor to suspend or terminate the customer or its users in the event the terms of service are breached, and require the customer to indemnify the vendor against any third party claims arising from the breach. Customers will often try to limit the suspension to: (1) material violations or violations that significantly threaten the security or integrity of the cloud service; and, (2) those end users that actually caused the breach (rather than the customer itself). Customers will also request advance notification of any suspension. | v. | Cloud vendor agreements may incorporate by reference additional terms and policies posted to the vendor’s website, such as policies addressing privacy practices and end user obligations concerning the use of the service, which are typically are subject to the vendor’s unilateral amendment. Customers will frequently attempt to require the vendor to provide direct notice in advance of the effective date of any amendments to incorporated terms, along with the right to terminate if such amendments are materially detrimental to the customer’s interests. |
|
j. | Termination and Transition i. | Every contract will end at some time 1. | It is important to plan for termination issues prior to contract execution |
| | | | ii. | Contract should address 1. | Duration of termination services | 2. | Payment for post-termination services | 3. | Transition assistance including data migration a. | Format of data? | b. | It may not be easy to copy or download the data |
|
|
|
k. | Disaster Recovery and Mitigation i. | Does the service provider: 1. | have a business continuity plan? | 2. | provide redundant operations from different sites? | 3. | routinely test its back-up capability? | 4. | routinely attempt to restore data? |
| ii. | Contract may require the service provider: 1. | to have a data/computing back-up plan | 2. | to routinely test its back-up capability | 3. | to store back-up on servers located at a separate location | 4. | to provide redundant operations from different sites | 5. | Consider the impact of bankruptcy on the ability to access data and the ownership of back-up media |
| iii. | Disaster Recovery 1. | What events cause the service provider to engage in data recovery operations? | 2. | Does the contract contain data recovery goals? | 3. | What are the consequences if the data is not recovered within the specified time frames? | 4. | Who takes priority if multiple customers of the service provider are affected? | 5. | How will a force majeure event impact contractual obligations? |
|
|
l. | “Force Majeure” Events i. | Parties can bargain for effects of “FME” | | | | ii. | Consider scope and wording (what is/is not considered FME) | iii. | What form of relief is granted (excused from performance, suspension of performance, termination, etc.)? | iv. | Does the FME clause override disaster recovery and service level credits? | v. | What are the disaster recovery obligations during an FME? 1. | Are some customers contractually prioritized? |
|
|
m. | Data Protection Laws i. | Data protection and privacy laws should be considered when evaluating a cloud services offering. Different laws may be implicated depending on the nature of the content that is being stored or processed by vendor or the location where the data originates or is processed. Generally, cloud service providers will attempt to shift some or all of the compliance obligations to the end users, because the cloud service provider may be unaware of the actual content being processed or stored in its services. Depending on the circumstances, some of these laws may impose specific security requirements and, may require the imposition of various obligations on subcontractors. Some frequently implicated laws include: 1. | Export Administration Regulations (EAR) / International Traffic in Arms Regulations (ITAR) prohibit the unlicensed “export” of information to foreign nationals and to certain prohibited persons for national security reasons or protection of trade. These laws can be triggered if the employee of the provider has foreign nationals who can access the stored data. | 2. | Health Insurance Portability and Accountability Act (“HIPAA”) 42 U.S.C. § 1320a imposes various technical requirements on the storage of protected health information. a. | Health Information Technology for Economic and Clinical Health (HITECH) Act. Contains incentives related to development of health care information technology and adoption of electronic health record systems. This Act also widens the scope of privacy and security obligations imposed on service providers
(including their subcontractors) that process or store information. |
| 3. | Family Educational Rights and Privacy Act (“FERPA”) 20 U.S.C. § 1232g; 34 CFR Part 99 protects the privacy of student education records. Many universities take the position that any education information, including student information databases and faculty and staff email constitutes “education records” for purposes of FERPA and therefore may be outsourced only to vendors that have been designated, and are willing to accept obligations associated with being a “school official” with “legitimate educational interests” in the data under FERPA. | 4. | Sarbanes-Oxley Pub. L. No. 107-204, 116 Stat. 745 (2002) (codified as amended in scattered sections of 11, 15, 18, 28 and 29 U.S.C.). imposes various controls over how financial information is stored, retained, altered and monitored. | 5. | Gramm-Leach-Bliley 15 U.S.C. §§ 6801 et. seq. addresses the treatment of personal data in banking and insurance industries. | 6. | Children’s Online Privacy Protection Act (COPPA) – 15 U.S.C. §§ 6501- 06. Address the collection and use of information from children. | 7. | Patchwork of evolving state laws. Many states impose data security requirements on entities operating in a state or who process data for its residents. For example, Massachusetts has enacted the “Massachusetts Standards for the Protection of Personal Information of Residents of the Commonwealth” that requires all individuals, corporations, associations, partnerships and other legal entities (regardless of where they are located) that own, license, store or maintain personal information about a Massachusetts resident to develop, implement, maintain and monitor a comprehensive, written information security program applicable to such information. |
| ii. | EU Data Protection Act prohibits export of personally identifiable information from EU to countries that have inferior (as viewed from an EU perspective) data protection laws. 1. | Rule: Data must not be transferred to countries outside the EU that do not offer an “adequate level of protection” a. | Currently only: Andora, Argentina, Canada, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland, Uruguay | b. | Exceptions: i. | ask permission from every “data subject” involved | ii. | US/EU Privacy Shield Adopted by European Commission on July 12, 2016 (US Companies can certify compliance August 1, 2016) | iii. | EU model contract clauses | iv. | “Binding Corporate Rules” |
|
| 2. | From a cloud perspective, EU data protection law will apply when a “controller” is located in its territory; or, when a “controller” outside the EU uses “equipment” within the EU territory. When applied to cloud computing, EU law can be triggered when using an EU-based data center. Many authorities interpret “equipment” in an extremely broad way (e.g., browser cookies). |
| iii. | Sophisticated customers will often want to review a service provider’s internal security and control policies, audit security and control procedures and impose contractual obligations on the service provider to ensure that the service provider is in compliance and remains in compliance with the applicable laws. Many cloud service providers may have difficulty imposing contractual obligations on their subcontractors. For example, cloud service providers will often subcontract with very large data storage providers (such as Amazon) to provide underlying storage or computing resources. | iv. | Note: Some vendors will attempt to minimize the impact of various laws by: (i) refusing to comply with laws that are triggered by specific content; (ii) providing each customer with encryption tools that do not allow the vendor to access the customer data; and (iii) requiring the customer to warrant that it is legally permitted to have the vendor process the information provided by the customer. |
|
| |
|
n. | Data Issues- i. | It is important to 1. | define “data” (e.g., does the definition cover only information that is stored by customer, or does it including information that is created or collected by the cloud service provider in the course of providing the services) | 2. | specify ownership rights in the data | 3. | specify purposes for which the data may be used | 4. | identify the obligations of the parties to comply with data and privacy laws |
| ii. | Will the vendor be permitted to use the data (or subsets of the data) for other purposes? |
|
o. | Subcontracting i. | Does the service provider use subcontractors? | ii. | Can the service provider impose contractual obligations on the subcontractors? | iii. | Does the customer have a right to approve new subcontractors? (or a category of subcontractors, such as those that have access to that data in either encrypted or unencrypted form?) | iv. | What does the approval/disapproval process look like? | v. | Should the customer have a subcontractor termination right rather than an approval right? |
|
p. | Data Center Issues i. | Location - Some cloud provider contracts expressly reserve the right to store customer data in any country in which the provider does business. While dispersed geographical storage may be beneficial from a data back-up perspective, it can raise security issues. | ii. | What are the characteristics of the data center? 1. | Security? | 2. | Redundant telecommunications, power, and cooling? |
| iii. | How is data backed-up? On-site? Off-site? How is off-site data protected? | | | | iv. | Where is the data stored? | v. | Is the data and back-up data encrypted? |
|
q. | Security i. | Cloud service providers may offer to provide “commercially reasonable” security for data. In some instances, contracts may also offer to adhere to “industry standard” security practices, without specifying the specific standard. For some customers, it may be beneficial to specify an actual, specific security requirement (e.g., data subject to HIPAA, Gramm-Leach-Bliley, PCI DSS, or the Massachusetts Standards for the Protection of Personal Information of Residents of the Commonwealth) or industry standard (e.g., ISO 27001) that must be followed. | ii. | Customers may want to consider the following factors when evaluating the cloud provider’s security: 1. | What physical security measures does the vendor use to protect the underlying data centers? Can third parties access the data centers? | 2. | Is the customer data encrypted in transit and at rest? | 3. | Does the provider hold the decryption keys or are the keys held only by the customer? If the provider holds the keys, how are the keys protected? | 4. | Will foreign nationals be able to access the data or decryption keys? If so, this may create export control issues. | 5. | Who has access to: facilities, infrastructure, platforms, applications, and data? | 6. | Does the cloud service provider perform background checks on employees who have access to encrypted or unencrypted customer data? | 7. | Will dedicated equipment, shared equipment or some combination be used to store or process the data? | 8. | Does the vendor use access controls to prevent unauthorized access to facilities and stored data? | | | | 9. | Does the vendor regularly perform security audits and penetration testing? Is the vendor under a contractual obligation to take any action if the security audit reveals a deficiency? |
|
|
r. | Security Events i. | In more complex agreements, it may be import to distinguish between an actual security breach (“Security Incidents”) and a vulnerability (“Security Issues”) and provide different rights, obligations and remedies for each category of issues. 1. | Security Issues – are issues with the system that could give rise to a security breach a. | How are security issues defined? | b. | objective vs. subjective definition | c. | Are issues in the vendor’s control and those in the control of its subcontractors differentiated? | d. | Does every problem need to be investigated? | e. | Does every problem need to be fixed? | f. | What is the process for fixing the issue? | g. | Is there a specified time frame? | h. | How is the time frame adjusted for fixes that take longer to implement? |
| 2. | Security Incidents – are breaches of security a. | Notice requirement to other party or to end users? | b. | Remediation efforts? | c. | Who does what? | d. | Who pays for remediation efforts? | e. | Does the breach require end-user notification? | f. | Who has legal liability for the incident? | g. | May want to address liability caused by third parties (e.g., hackers) |
|
|
|
s. | Confidentiality Clauses i. | May impose a back door security obligation on the service provider | | | | ii. | Is the service provider obligated to keep a customer’s information “confidential”? | iii. | Some providers will state that they will employ “commercially reasonable efforts” to “protect” a customer’s confidential information |
|
t. | Subpoenas/E-Discovery i. | Customers and vendors of cloud services can be compelled to produce data under several mechanisms. It is important to note that in some circumstances, certain categories of vendors are not allowed to voluntarily disclose information to the government. 1. | Warrants and Subpoenas a. | U.S. Law - Fourth Amendment - “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons of things to be searched.” |
| 2. | Electronic Communications Privacy Act (ECPA) a. | The Wiretap Act | b. | Stored Communications Act | c. | The Pen register/Trap & Trace Act |
| 3. | Patriot Act (including National Security letters and FISA Warrants) |
| ii. | Typically vendors will: 1. | Try to shift costs and obligations of responding to the client | 2. | Expressly reserve the right to disclose information as required by law |
|
|
u. | Data Retention i. | Customers may want two conflicting obligations: 1. | Vendor should keep the data as long as customer needs it | | | | 2. | Vendor should promptly destroy it when it is no longer needed |
| ii. | Depending on the service, vendor may not know the content of the data and will be unable to assess legal retention requirements | iii. | Contract should specify when data is destroyed |
|
v. | Compliance Requirements i. | Customer may want the contract to contain procedures for auditing compliance issues: 1. | Does the vendor data center facility allow visitors? | 2. | Will the audit disclose too much security information? | 3. | Will a customer’s auditor have access to other customers’ data? |
| ii. | Customer may want to impose compliance obligations on the vendor |
|
w. | Risk Mitigation i. | Typically, the customer wants to impose a combination of the following obligations on the service provider: 1. | Operating procedures | 2. | Warranties | 3. | Indemnities a. | Provider contracts rarely include any form of indemnification, but customers frequently ask for such protections in connection with third party intellectual property infringement and inappropriate disclosure or data breach. If the provider provides an indemnity, such obligation will typically cover: i. | Defense and payment finally awarded judgment | ii. | It will want to exclude combinations created by the customer and data issues arising from the specific data content |
|
| 4. | Software Escrows a. | Typically, software escrows have little value in many cloud service arrangements, because the customer will not have the equipment/data center infrastructure to actually utilize the escrow |
| 5. | Service Escrows: Situation may be different if service is an “app” running on commercial third party platform | 6. | Data Escrows? a. | Data stored with a third party that can be accessed separately by customer |
| 7. | Insurance a. | Contract may require a party to carry certain levels of insurance | b. | CGL policy may not be enough to cover many cyber liability issues | c. | Cyber liability policy may have lower limits for certain categories of damages (e.g., breach notification, credit reporting services) | d. | Requires consultation with broker/agent |
|
|
|
x. | Warranty Disclaimers i. | In some jurisdictions, warranty disclaimers must be explicitly negotiated or bargained for.19 It is unclear what constitutes adequate negotiation in the commercial context. Cases frequently note that the parties did not discuss the disclaimer term— suggesting a high bar for negotiation—but involve distinguishable factual scenarios where the disclaimer was first presented in a post-sale invoice.20 Consumer cases applying the negotiation rule vary; some suggest that knowledge and understanding of the term is sufficient, while others insist that actual knowledge of the term is not sufficient if the negotiation does not address the terms of the disclaimer and possible defects.21 | ii. | Other jurisdictions allow a seller to disclaim warranties.22 For example, in Texas, to exclude the implied warranty of merchantability, the contract “must mention merchantability and in case of a writing must be conspicuous[.]”23 In Colorado, implied warranties may be excluded “by a conspicuous writing which states generally that there are no warranties extending beyond the description in the contract.”24 | iii. | To be conspicuous, a warranty exclusion must reasonably give notice to the person against whom it will operate.25 For example, Texas courts determining conspicuousness consider capitalization, prominent placement,26 setoff from surrounding text, and larger or contrasting type or font.27 Courts are more likely to find a disclaimer conspicuous when the transaction is between commercial entities.28 |
|
y. | Limitation of Liability i. | Three Categories of Damages 1. | Direct damages (basic measure of damages) a. | Difference between what was promised and what was delivered – service providers will often want to limit their damages to direct damages |
| | | | 2. | Incidental damages a. | Costs directly associated with obtaining replacement goods or services |
| 3. | Consequential damages a. | Lost profits | b. | Unauthorized disclosure of data will often result in consequential damages (and direct damages too) |
| 4. | Issues to consider: a. | Caps on the “type” of damages | b. | Direct vs. Consequential vs. Incidental | c. | Caps on the “amount” of damages | d. | Exceptions to the one or both of the caps? i. | Indemnification | ii. | Security Breach |
|
|
|
|
z. | Exclusionary Clauses i. | The enforceability of exclusionary clauses (which include both remedy limitations and disclaimers of liability) can vary widely from jurisdiction to jurisdiction.29 In most jurisdictions, they are largely enforceable under unless unconscionable. For example, under Washington law, “Exclusionary clauses in purely commercial transactions … are prima facie conscionable and the burden of establishing unconscionability is on the party attacking it.”30 When the party seeking to avoid the limitation argues that it should be not be enforced, the court first considers where there are any “indicia of unfair surprise.” That is, was the buyer advised of the limitation term, was the contract short and clear, and was this an arm’s length transaction among competent parties. Compare this to Colorado, which also allows general disclaimers of tort liability for the manufacture and sale of products.31 But, it disfavors such disclaimers, however, and requires that they be “specifically agreed to in negotiations between a commercial seller and commercial buyer.”32 | ii. | Courts may sometime not enforce limits on remedies if the only available remedy fails of its essential purpose. The doctrine is driven generally by concern that contracts should provide at least a fair quantum of remedy for breach of the contract. Many jurisdictions apply two-part test: (1) identify essential purpose of limited remedy; and, (2) identify whether or not limited remedy in fact failed to meet such essential purpose | iii. | Cases are mixed as to whether the failure of Essential Purpose Doctrine applies to pure services agreements. 1. | Cases declining to apply failure of essential purposes doctrine in a services context a. | Pichey v. Ameritech Interactive Media Services, Inc., 421 F. Supp. 2d 1038 (W.D. Mich. 2006) (“Under Michigan law, the failure-of-the-essential-purpose doctrine applies only to matters falling under Article 2 of the Uniform Commercial Code (“UCC”), Article 2 of the UCC, however, applies only to transactions in goods, not transactions for services. … [T]he doctrine of unconscionability more properly provides the vehicle for determining whether the terms of a services contract are sufficiently one-sided as to undermine the purpose of the agreement.”) | b. | Wells v. 10-X Manufacturing Company, 609 F.2d 248 (6th Cir. 1979). (“Article 2 of the Code is intended to have broad application. However, it also follows from the Code’s continued focus on ‘goods,’ the definition of which is cast in terms of a ‘contract for sale,’ that a contract which calls merely for the rendition of services is not subject to the sales provisions of the Code.”) | | | | c. | San Francisco Bay Area Rapid Transit v. GE Transportation Systems Global Signaling, LLC, 2010 WL 2179769 (N.D. Cal. 2010). (“There simply is no parallel provision in the common law as applied to services contracts and although ‘courts are free to reason by analogy to [the U.C.C.],’ the only other court addressing this particular issue has held that the U.C.C. cases do not apply directly to the limitation of liabilities clauses of a services contract.”) |
| 2. | Cases that apply the failure of essential purpose doctrine to a services agreement a. | Jacada (Europe), Ltd. v. International Marketing Strategies, Inc., 2004 WL 24267645 (W.D. Mich. 2003) (Court upheld the arbitration award, reasoning that, “the case law does not strictly limit the application of ‘the failure of an essential purpose’ to cases involving the sale of goods.”) | b. | NetworkTwo Communications Group, Inc. v. Spring Valley Marketing Group and CommunityISP, Inc., 2003 WL 1119763 (E.D. Mich. 2003) (Court upheld its earlier ruling that “the damage limitation provisions [of the agreement did] not fail of their essential purpose and render the damages . . . illusory” in connection with an internet services contract) | c. | Adcock v. Ramtreat Metal Technology, Inc., 105 Wash. Ct. App. 1058 (2001). |
|
|
|