Risks of Click-Wrap Agreements

Ekaterina Mizrobova

Click-wrap agreements are the texts containing the terms and conditions you have to accept when installing a software product or subscribing to a cloud service. Click-wrap agreements may comprise a part of documentation of a software product, be displayed when you purchase software or a cloud service on-line, or when you install a software product.

Employees installing software or signing up to a cloud service scarcely ever read these click-wrap agreements. And organizations frequently consider these terms vicious but inevitable.
The problem is these agreements can pose significant risks to organizations. They can jeopardize confidential information, intellectual property rights and lead to unexpected expenditures.

What is a click-wrap agreement?

A click-wrap agreement is also known as a click-through agreement, a click-wrap license or a click-and-accept agreement. It is a legally binding contract of a software (End User License Agreement – EULA) or SaaS (Terms of Services -ToS) vendor with the end user.

Click-wrap agreements come in variety of forms depending on a vendor. However, there are common elements typical for all click-wrap licenses. All of them usually require the user’s consent by clicking “I accept”, “I agree”, or “OK”. The user can refuse to agree by clicking “Cancel”, but the installation or subscription process will stop, and the user won’t get access to the required software or SaaS.

Generally, click-wrap licenses are non-negotiable (“contracts of adherence” or “take-it-or-leave-it” contracts), that is the user has to agree to its terms and conditions as is. The worst thing is that if these terms and conditions are provided on the vendor’s Web-site, they can change any moment. Indeed, click-wrap agreements often state that the vendor may not notify the user about any changes in the terms and conditions and the user agrees to all future changes.

Usually, software and cloud services accompanied by such click-wrap agreements are trivial, low cost, non-critical for the organization’s performance, have standard modifications for all the users, easy to deploy without applying to any technical support, and widely used on the market. So, you could continue blindly using them ignoring any potential risks. But firstly, if the software product differs in any point from the one described above, your risks increase exponentially. Secondly, courts have recognized click-wrap agreements to be enforceable. That is the vendor can sue you if you violate the click-wrap agreement terms.

What general risks click-wrap agreements pose?

The threats click-wrap agreements pose vary by license. However, there are some general risks you may face by giving your consent to their terms and conditions.

First of all, click-wrap agreements provide limited warranty protection, if any. As a rule, they contain a disclaimer of warranty according to which the vendor may be fully or partially relieved from the obligation to provide remedy in case of any warranty claims. That is, in case of any defect in the software you installed, there can be minimal or no refund.

Moreover, click-wrap licenses are used by vendors to limit their liabilities for any infringements or damages in connection with their products and to shuffle off as much responsibility as possible to the users, granting them minimal remedies. That means that in case of any damages to the organization’s other applications in connection with the use of the click-wrap product, the vendor of the respective click-wrap product will not be obliged to remunerate the associated losses.

Click-wrap products can be cheap per unit, but the cost of all copies needed by the organization can turn out to be huge.

Extra costs can be incurred in connection with litigation terms, for instance, the forum-selection clause. The court of jurisdiction may be located far from the organization’s office. Thus, in case of any litigation you could incur high travel expenses or attorney fees. For instance, the organization can be located in San Francisco and the stipulated court of arbitration in New York.

Additional risks can arise in connection with intellectual property and proprietary data. Some click-wrap agreements include provisions according to which practically any information you provide to the software or SaaS vendor can become property of the vendor. Besides, some licenses can stipulate for audits which terms can be broad and cover all data, records, facilities, contractors and agents of the organization. Thus, not only you but also your clients can be put at risk in regard to confidentiality. It is especially critical, if your firm works with sensitive data (for example, a financial institution). If a financial institution has installed some software which terms and conditions permit full access to its records, it can face additional risk of exposing personal information of its clients.

Besides, in case of any violations found during the audit, the organization will have to pay significant fines. For example, if the number of program copies installed by the organization turns out to be greater than the number of licenses it has purchased.

With regard to the open-source software licenses other types of risks can arise. They are often called “copyleft”, as in case of GPL, that is their conditions (the terms they are granted on) must be complied with further. For instance, if you use an open-source code to develop a customized product, this new product will also be open-source. You are prohibited to charge for it.

How to manage risks of click-wrap licenses?

As we mentioned above you can blindly accept the evil nature of click-wrap licenses and continue using click-wrap products without taking any measures, hoping for the best. However, to maintain control over your security, liabilities and costs you need to minimize the risks click-wrap agreements imply.
There are three general steps to mitigate the risks:

  • First of all, the organization needs to become aware of potential risks by tracking click-wrap products accepted by the employees and used across the organization.
  • Then, the IT and legal professionals have to assess the impact of the risks by analyzing the terms and conditions of click-wrap agreements.
  • Finally, the organization should make a decision on further actions in regard to the click-wrap products. For instance, in case of any serious threat in the terms and conditions the organization can cease usage of the corresponding software. An alternative way to handle this problem is to negotiate more favorable terms with the vendor and sign an amendment to the click-wrap agreement. The number of users who now negotiate amendments to the click-wrap agreements is growing. And the increasing number of vendors accept them, albeit it depends on the influence of the potential user/purchaser (for example, IBM or Walmart) and the size of the deal.

Conclusion

Click-wrap agreements can pose serious risks to the organization. As the main goal of the clip-wrap licenses is to protect the vendor, remedies and warranties of the end user are significantly limited. That is why it is necessary for the organization to analyze the terms and conditions of click-wrap licenses to assess and mitigate potential risks.

 

How to save IT budget on SaaS subscriptions and software compliance