Many tech contracts require that one or both parties “comply with applicable law.” Or they require compliance with specific laws, like “all privacy laws and other laws governing the handling of Project Data.” Should you make that promise?
What’s Wrong with Promising to Obey Applicable Law?
You might think that that the law is binding anyway, so why not promise to comply? And who cares, since you have no plans to break the law? Plus, it sounds so bad to say you won’t promise to obey the law. Yet there are good reasons to refuse.
First of all, we’re not talking about knocking over a liquor store. If you break the law related to an IT contract, it’s probably something unintentional, like mishandling data. So don’t kid yourself: you might do it.
What’s the impact of promising compliance with law? In short, it adds one more party to the list of people with a claim against you for breaking the law. Your violation may land you in hot water with government agencies, police, and anyone protected by the law in question — like consumers protected by that data privacy regulation you misunderstood. Adding the promise to your contract means you’re also in trouble with your contracting-partner. In other words, on top of your immediate legal troubles, you’re in breach of contract.
Good citizenship does not demand that you open the door to this breach of contract.
When Does the Promise Makes Sense?
In general, you should consider a promise to obey the law if law-breaking would do real harm to your contracting-partner. If you’re a cloud computing vendor and hold data for your customer, for instance, violation of privacy and other data-related laws could get the customer in serious trouble, even if the customer is innocent. In fact, some laws (e.g., GDPR) require that data controllers get their vendors to promise compliance. So just by refusing to promise, you get your customer into trouble. Financial systems vendors can land their customers in trouble for law-breaking too. And the same goes for many services impacting health and safety.
Customer law-breaking is less likely to get vendors in trouble, but it does happen. Vendors who post or publicize customer content can get in trouble if the customer collected that content illegally — like if the customer provided private information or trade secrets without authorization. And in some cases, customer promises to obey copyright law can help vendors defend themselves against claims of contributory infringement. Relationships like those offer good reasons for customers to promise compliance with applicable law. But customers should always question vendor requests for mutual compliance promises. The vendor’s violation of privacy laws may get the customer into serious trouble, but that doesn’t necessarily mean the reverse. If the customers’ violation wouldn’t significantly harm the vendor, why address it in the contract?
All this goes back to my fundamental advice about contracts. They are lists of promises, and each promise needs a reason. Ask if there’ a good reason for any promise you’re asked to make. If not, don’t promise.
David Tollen is the founder of Tech Contracts Academy and our primary trainer. He is an attorney and also the founder of Sycamore Legal, P.C., a boutique IT, IP, and privacy law firm in San Francisco. His practice focuses on those same topics, and he also serves as an expert witness in litigation about software licenses, cloud computing agreements, and other IT contracts.
© 2018 by Tech Contracts Academy, LLC. All rights reserved.
Thank you to Pixabay.com for great, free stock photos!