A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.
We're closed, folks!
Doug Nebeker ("Doug")
To preface this: please don't hijack this with demands that I find a $500+/hr IP attorney. I'm looking for obvious examples and cases that already exist. If it ever got real I'd get with a lawyer. Right now this is a thought experiment. Okay?
I'm considering creating a service that performs specific transformations, to order, upon a user's uploaded data, and which provides the user with the same data but with the transformations applied.
The basic idea is that this service would targeted to a very specific, identifiable kind of user - non technical - and would replace the services of a consultant or IT employee.
So here's the question. The data that my service would propose to transform for users is generally provided by fee-based subscriptions, or by download from sites that have very strict EULAs on not sharing the data with others. In other words, every user of my service likely is under an EULA that governs their sharing of this data.
I wouldn't keep the data on my server, etc. The idea is - the user uploads their data set - I operate on it with tools and create the resultant data - I give it back to them - I erase the source data set.
Am I at legal risk for running a web site that collects such data by FTP or Dropbox uploads and which dispenses the transformed equivalent of the data back to the same user/login?
This is for the US.
IANAL, YMMV, etc, etc.
I would think that if your service really doesn't keep the data, and the user has no reason to believe you would keep the data, this would be like the user saving this data on a flash drive and taking it to a print shop (FedEx/Kinkos/etc) to get a hard copy. The print shop temporarily has access to the data, but they have no right to keep it, and the user granted them no right to keep it. Ie, the user wasn't exactly sharing it with the print shop.
Maybe it's similar to the user uploading the data to their own SkyDrive/DropBox folder, or emailing themselves a copy via GMail?
For my thinking about this, I'm imagining the user has a subscription to a stock price/stock picking service.
I thought of a way around this. The DropBox user could share their own folder containing their data with my service. They would give my service read/write permission to that folder. I could then deposit the processed data in the same folder. So I'd only be using the customer's resources for file transfer.
"In other words, every user of my service likely is under an EULA that governs their sharing of this data"
IANAL, but the user is under the EULA, not you. So how can you be held liable for processing it? It's none of your concern where the data from the customer comes from. You've simply received it in good faith and processed it.
What you should do, just to cover your butt, is have an EULA of your own, that states anyone submitting data for processing by you is legally authorised to submit that data.
> IANAL, but the user is under the EULA, not you.
> What you should do, just to cover your butt, is have an EULA of your own,
Riiight. I agree completely with your assessment.
However, the law (esp. US law) is a REALLY funny thing. Blame gets assigned to the innocent just because they're associated with the "guilty." And US computer and IP law is f*cked up. What if I market using keywords targeting specific data services that have these restrictive EULAs?
All business has its risks, I guess. Can't hide under a bed.
"However, the law (esp. US law) is a REALLY funny thing"
I find it amusing when people say things like "especially in the U.S." where obviously they have no idea how laws can be screwy in other countries where the laws defy any logic.
for instance, did you know that in Ukraine the ownership of a startup is determined by the number of people participating in it, and not on the % of ownership? just saying.. i find US laws (although having its nuances) to be at the top of pragmatic and "just makes sense" pile.
Regarding the OP's question, as long as you keep it clean as service provider you'll be in the clear. Disclaim any liability in terms of service, rather push any liability onto your users for sharing the data. Avoid offering any features that rely on exposing one user's data to another.
> where obviously they have no idea how laws can be screwy in other countries where the laws defy any logic.
We in the US are generally deeply disappointed in the capricious nature of our legal system, considering the image of plain, simple spoken honesty that we grew up to expect.
It's probably not much different in the US than elsewhere in this regard, but it's a sort of culture shock to USians.
This topic is archived. No further replies will be accepted.Other recent topics
Powered by FogBugz