Feeds

Dropbox erects sueball shield with new T&C and privacy legalese

Drops mention of AWS, forbids class actions and makes arbitration compulsory for all

Choosing a cloud hosting partner with confidence

Grumpy with Dropbox? Forget sueing the company, which is trying to keep you from your lawyers with its new Terms of Service document effective as of March 24th, 2014.

Dropbox has been progressively notifying its customers of its new rules over recent days. Your correspondent received an email yesterday, but legal blog Lawyerist received it a few days ago and has noted that the company is trying to head off legal action in interesting ways.

Firstly, Dropbox now insists “We want to address your concerns without needing a formal legal case. Before filing a claim against Dropbox, you agree to try to resolve the dispute informally by contacting dispute-notice@dropbox.com. We'll try to resolve the dispute informally by contacting you via email. If a dispute is not resolved within 15 days of submission, you or Dropbox may bring a formal proceeding.”

In other words don't even think of throwing a sueball until you tell us what you're thinking so we can do everything in our power to cut you off at the pass.

If you send such an email, Dropbox has made arbitration a compulsory next step, unless you opt out by completing this form before April 24th. If you stay opted in, The American Arbitration Association's processes will be used, and “The arbitration will be held in the United States county where you live or work, San Francisco (CA), or any other location we agree to.”

Let's hope you can make it to Reykjavik in case Dropbox decides that's a nice place for arbitration.

If your complaint against Dropbox is shared with others, forget banding together thanks to this clause:

No Class Actions. You may only resolve disputes with us on an individual basis, and may not bring a claim as a plaintiff or a class member in a class, consolidated, or representative action. Class arbitrations, class actions, private attorney general actions, and consolidation with other arbitrations aren't allowed.”

Your correspondent takes that to mean that if Dropbox deletes every one of its users folders named “Family photos” you'll have to go mano e mano rather than find a nice lawyer willing to virtualise you into a single, larger, lawsuit.

The service has also posted an updated privacy policy that differs markedly in wording from its April 2013 predecessor but on our reading does not suggest the company plans to collect more personal data. Indeed, the new policy outlines a plan to honour Do Not Track requests. “If our systems receive a DNT:1 signal from your browser, we’ll stop using pixels to promote our services on third-party sites accessed via that browser,” according to the company's Cookie-handling advice.

There are a couple of interesting-looking additions to the policy. Here's one:

“If you are not a Dropbox for Business user but interact with a Dropbox for Business user (by, for example, joining a shared folder or accessing stuff shared by that user), members of that organization may be able to view the name, email address and IP address that were associated with your account at the time of that interaction.”

That may give you pause before you download something from a Dropbox for Business account.

There's also an interesting nugget for those who may use Dropbox for personal and work purposes, to wit:

“If you are a Dropbox for Business user, your administrator may have the ability to access and control your Dropbox for Business account. Please refer to your employer's internal policies if you have questions about this.”

One interesting omission in the new privacy policy is Amazon Web Services (AWS). The current privacy policy says “As of the date this policy went into effect, we use Amazon’s S3 storage service to store some of your information (for example, your Files)”. The new privacy policy makes no mention of AWS.

There are still plenty of mentions of service providers in the new policy, and the term “our servers” is used often in both versions. Dropbox's spokesagency assures us that it is still storing your stuff in AWS' S3 bit buckets. Clearly the company's recent $US250m cash injection isn't enough to build data centres that could rival AWS' for reliability or capacity. ®

Security for virtualized datacentres

More from The Register

next story
It's Big, it's Blue... it's simply FABLESS! IBM's chip-free future
Or why the reversal of globalisation ain't gonna 'appen
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Bitcasa bins $10-a-month Infinite storage offer
Firm cites 'low demand' plus 'abusers'
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
CAGE MATCH: Microsoft, Dell open co-located bit barns in Oz
Whole new species of XaaS spawning in the antipodes
Microsoft and Dell’s cloud in a box: Instant Azure for the data centre
A less painful way to run Microsoft’s private cloud
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.