Feeds

Dropbox erects sueball shield with new T&C and privacy legalese

Drops mention of AWS, forbids class actions and makes arbitration compulsory for all

Internet Security Threat Report 2014

Grumpy with Dropbox? Forget sueing the company, which is trying to keep you from your lawyers with its new Terms of Service document effective as of March 24th, 2014.

Dropbox has been progressively notifying its customers of its new rules over recent days. Your correspondent received an email yesterday, but legal blog Lawyerist received it a few days ago and has noted that the company is trying to head off legal action in interesting ways.

Firstly, Dropbox now insists “We want to address your concerns without needing a formal legal case. Before filing a claim against Dropbox, you agree to try to resolve the dispute informally by contacting dispute-notice@dropbox.com. We'll try to resolve the dispute informally by contacting you via email. If a dispute is not resolved within 15 days of submission, you or Dropbox may bring a formal proceeding.”

In other words don't even think of throwing a sueball until you tell us what you're thinking so we can do everything in our power to cut you off at the pass.

If you send such an email, Dropbox has made arbitration a compulsory next step, unless you opt out by completing this form before April 24th. If you stay opted in, The American Arbitration Association's processes will be used, and “The arbitration will be held in the United States county where you live or work, San Francisco (CA), or any other location we agree to.”

Let's hope you can make it to Reykjavik in case Dropbox decides that's a nice place for arbitration.

If your complaint against Dropbox is shared with others, forget banding together thanks to this clause:

No Class Actions. You may only resolve disputes with us on an individual basis, and may not bring a claim as a plaintiff or a class member in a class, consolidated, or representative action. Class arbitrations, class actions, private attorney general actions, and consolidation with other arbitrations aren't allowed.”

Your correspondent takes that to mean that if Dropbox deletes every one of its users folders named “Family photos” you'll have to go mano e mano rather than find a nice lawyer willing to virtualise you into a single, larger, lawsuit.

The service has also posted an updated privacy policy that differs markedly in wording from its April 2013 predecessor but on our reading does not suggest the company plans to collect more personal data. Indeed, the new policy outlines a plan to honour Do Not Track requests. “If our systems receive a DNT:1 signal from your browser, we’ll stop using pixels to promote our services on third-party sites accessed via that browser,” according to the company's Cookie-handling advice.

There are a couple of interesting-looking additions to the policy. Here's one:

“If you are not a Dropbox for Business user but interact with a Dropbox for Business user (by, for example, joining a shared folder or accessing stuff shared by that user), members of that organization may be able to view the name, email address and IP address that were associated with your account at the time of that interaction.”

That may give you pause before you download something from a Dropbox for Business account.

There's also an interesting nugget for those who may use Dropbox for personal and work purposes, to wit:

“If you are a Dropbox for Business user, your administrator may have the ability to access and control your Dropbox for Business account. Please refer to your employer's internal policies if you have questions about this.”

One interesting omission in the new privacy policy is Amazon Web Services (AWS). The current privacy policy says “As of the date this policy went into effect, we use Amazon’s S3 storage service to store some of your information (for example, your Files)”. The new privacy policy makes no mention of AWS.

There are still plenty of mentions of service providers in the new policy, and the term “our servers” is used often in both versions. Dropbox's spokesagency assures us that it is still storing your stuff in AWS' S3 bit buckets. Clearly the company's recent $US250m cash injection isn't enough to build data centres that could rival AWS' for reliability or capacity. ®

Internet Security Threat Report 2014

More from The Register

next story
Docker's app containers are coming to Windows Server, says Microsoft
MS chases app deployment speeds already enjoyed by Linux devs
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
Symantec backs out of Backup Exec: Plans to can appliance in Jan
Will still provide support to existing customers
VMware's tool to harden virtual networks: a spreadsheet
NSX security guide lands in intriguing format
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.