We examine some important issues and concepts of the Consumer Protection Code (in Portuguese, CDC) and the difficulties of applying them to cloud computing contracts offered in Brazil. The main conclusion is that the Brazilian current consumer law offers important difficulties in relation to the interpretation of some concepts, such as the concept of “remuneration” present in the definition of “service”. By raising a discussion on the legislative lacunae in relation to a new reality present in cloud transactions involving consumers that use free cloud services for both personal and later professional interests, i.e. “prosumers”, the paper aims to offer suggestions which can help the legislators or even judges to overcome the risks of leaving this cloud computing sector far from the protective rules of a consumer rights’ code.
Cite as: C Castro, C Reed and R de Queiroz, “On The Applicability of the Consumer Protection Code to Cloud Computing Transactions in Brazil”, (2013) 10:4 SCRIPTed 458 http://script-ed.org/?p=1260
© Clarice Castro, Chris Reed and Ruy de Queiroz 2013
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
This sort of arrangement might, however, entail certain problems when consumers are acquiring, downloading or streaming data via the cloud. Such problems include: digital content or services which do not work, or a lack of interoperability with the advertised equipment; and a failure to meet legitimate consumer expectations due to a lack of pre-contractual information.
The online transactions are usually made via “web-wrap”, “browse-wrap” or “click-wrap” and are available on the web provider’s online platform. These standard form contracts, that are usually submitted to the users to be accepted with a single click, represent the vast majority of cloud agreements. Under their terms and conditions providers usually protect themselves very well, but consumers have to face the risks that are inherent to contract terms that are not negotiated and may, therefore, be unfavourable to them.
Indeed, this is one of many examples of the new legal challenges which cloud technology has created over time and which traditional consumer law does not cope with adequately. In this new scenario, which is by no means static, consumer law cannot wholly protect digital consumers and providers and give certainty to their relationship. It is nonetheless imperative for the development of this digital economy that both online providers and customers have certainty and security of rights acquired through business made via cloud computing platforms.
Cloud-originated services, as Helberger and Mak note:
Of course this new digital domain – where consumers can store information or digital content, and use software to stream videos, music and play games via cloud computing – has different facets as it can also be the manifestation of cultural and artistic values of the society. Indeed related problems that arose in relation to central issues of the so-called information age, such as copyright, tax law and telecommunication law have already been the subject of recent legal and regulatory adaptations at a European and even global scale. However these fields are outside the scope of this research.
The paper seeks to delve further into some academic analysis through a practical approach examining some important issues and concepts of the Consumer Protection Code (in Portuguese, CDC) and the difficulties of applying them to cloud computing contracts offered in Brazil.
The Brazilian Consumer Protection Code – Law n° 8.078 – is dated from 11 September 1990. It is federal legislation which creates a comprehensive bill of rights for consumers and represents the birth of the concept of a consumer relationship in Brazil. Designed specifically to protect vulnerable interests, insofar as a relationship of consumption is found (following the definition set out in the Code), it is the first legislation to recognise the vulnerable position of consumers.
The CDC represents huge progress in the search for justice and a fair balance between suppliers and consumers and is considered an innovative legal code. However, its avant-garde position does not automatically guarantee its applicability to cloud transactions as some of its concepts fail to keep pace with the changes of this technology.
It is noteworthy that although, from 15 March 2013, Decree n º 7.962 was edited in order to adapt the CDC to some e-commerce issues, not all of the needs of digital consumers in relation to digital content and some models of cloud transactions have been covered.
Article 1 of the recent Decree states that:
This Decree regulates Law n° 8.078, of 11 September 1990, to deal with contracting in e-commerce, encompassing the following aspects:
I.clear information in relation to product, service and provider
II.easier access to consumers
III.the right of withdrawal.
In this context, this paper seeks to answer the following questions:
– Can the current CDC legal framework – with its general rules related to goods and/or the supply of services – be applied to cloud computing transactions?
– If the CDC is not applicable, which amendments to the current legislation would be necessary to better fit cloud computing transactions?
In order to answer these questions it is first essential to examine the nature of cloud computing transactions. This involves investigating whether – when the consumer uses a cloud infrastructure, a cloud platform or a software as a service sourced from a provider – a transaction should be classified as a service, a good, or something sui generis. Depending on the classification of each transaction different legal rules present in the CDC will be applied.
These CDC questions are particularly important since, in spite of the increasing interest in cloud computing transactions, many parties of the consumer relationship still do not understand the concepts and the description of these different cloud models and their relation to emerging digital consumer rights. They do not know if the transactions that their businesses engage in are governable by the CDC. If not, then the consumer (in particular) will not receive the same level of rights and remedies designed under this special regulation.
It will be argued that current consumer law provides some difficulties in relation to the interpretation of some concepts, such as the concept of “remuneration” which is present in the definition of “service”. Those definitions may represent a barrier to the applicability of the Brazilian Consumer Protection Code to these transactions, to which legislation must soon respond. This article will also discuss the legislative lacunae in relation to a new reality present in cloud transactions: consumers that use free cloud services for both personal and later professional interests – “prosumers”. As it turns out, “prosumers” represent a significant proportion of the participants in cloud transactions. Finally, it aims to offer possible suggestions which could possibly help the legislators, or even judges, to overcome the risks of leaving this cloud computing sector far from the protective rules of a consumer rights’ code.
There are many legal issues and implications regarding the categorisation of cloud computing as a good, service, or sui generis category. The categorisation is not only relevant in the field of contracts and digital consumer law but also in relation to taxing cloud transactions amongst other areas.
In Brazil, although the CDC offers almost the same rights and remedies, the consumer contracts are still established on this dual categorisation of goods or services. Indeed in relation to legal protection one category is not a priori more appealing than the other. Therefore, there is no interest in Brazil in prioritising one category over the other. However, it is necessary to discuss the CDC’s definition of goods and services in order to analyse whether cloud computing contracts fit within a category at all as the consumer contract may in fact concern neither a good nor a service. If cloud transactions do not fit either category, consumer protection laws will not be applied to them. Therefore, the end-user of the cloud service will be deprived of the protection granted by this special Code that came about to precisely address the needs of the vulnerable party of the consumption relationship.
Last, but not least, cloud computing services are, from the consumers’ perspective, different from e-commerce services because through e-commerce transactions consumers are normally buying something which they consider a “product” and therefore like a good. This would include downloaded apps due to the Brazilian law’s broad approach concerning what constitutes goods. Consequently those consumers expect some absolute quality standards.
However if the object of cloud computing contracts is to deliver services and if the cloud service is also, legally, a pure service, then all that the consumer gets is a promise of reasonable care and skill. There is no absolute quality standard such as satisfactory quality or fitness for purpose. The two problems that are not yet addressed by consumer law are thus: (a) that the cloud service provider’s obligations do not match the consumer’s expectations, and; (b) that the consumer will not be able to assess whether the service provider is in breach because consumers have no knowledge about what constitutes reasonable care and skill.
As an example, Flickr and Photobucket are both cloud applications for storing photos. If the service provider loses all the photos it would be obvious that the service was not fit for purpose and thus this situation would amount to a breach of contract if the service is treated analogously to goods. However, it would be far from obvious that the loss was caused by a lack of care and skill which is the relevant obligation if this is a service contract. It is clear that the distinction still matters.
3.1 Could a cloud computing offering be categorised as a good?
In order to answer this question it is first of all critical to analyse some definitions of goods before later examining the nature of the cloud computing transaction when the consumer uses a cloud infrastructure (IaaS), a cloud platform (PaaS) or software as a service (SaaS).
Due to the different nature of cloud computing services it would be possible, for instance, to envisage that a SaaS could be considered a “good” when providing customers with something such as a travel booking or a word processing application as it offers a single ascertainable application or product. However, the principal feature of these software applications via cloud computing is still the fact that they are being performed in an online cloud through intangible means.
Cunningham and Reed put forward a very compelling argument against considering SaaS as a “good”. They assert that:
Arguably, SaaS aspects of cloud computing involve the use of software applications. No transfer of ownership is implied, expressly or otherwise, nor is it suggested that the use of service implies any type of licence. It would thus be difficult to argue that SaaS provision is the provision of a good, in particular because it confers no right to use a particular version or build of the software. For example the terms for using Google Docs state:
We are constantly changing and improving our Services. We may add or remove functionalities or features, and we may suspend or stop a Service altogether.
And the terms for Microsoft’s Windows Live provide:
We continuously work to improve the service and may change the service in that respect at any time and for any reason.
Indeed, it is exactly what is happening to the “app” industry. When someone uses an app they no longer merely expect to download one static “product”. Apps continually keep updating to fix bugs and provide new functions. App providers are almost bound to do so in order to retain a customer’s interest and to stay up-to-date with latest technology. If an app is unsatisfactory at doing so consumers will move to find different apps that are more efficient at providing new functionality. From this perspective apps (wherever they are downloaded from) are a service, not goods, because the content is not fixed but changes at the supplier’s whim. It becomes clear that the very nature of SaaS argues against its categorisation as a good.
As far as the IaaS is concerned it is true that the computing infrastructure offered may either give access to (physical) hardware provided by the cloud provider or to an application which is also more “ascertained”. However, once again, the very definition of cloud computing involves the provision of a service to use, for example by way of data storage, the remote computing infrastructure, otherwise it would not be characterised as a cloud computing contract.
In case clients have access to a particular machine without requiring any other maintenance or “bridging” service by the provider the contract would simply be for a “rent” or “lease” of the hardware space. Thus it would probably lack the crucial characteristics of the cloud transactions, such as elasticity and scalability, which characterise this sort of transaction. It is important to note that shared use of computing resources is the very essence of cloud computing and shared use is not readily compatible with transfer of ownership or possession.
Now, recalling that the cloud platform service PaaS is the set of tools and services offered by the provider remotely and is designed to make coding and deploying the applications more efficient, again the central feature of the cloud transaction is a service and not a product.
It is worth noticing that there are several directories offering cloud “products”. However even when the term “product” is used technically what is being offered is the delivery of digital content or data, computing, and infrastructure (such as storage capacity) as a service to a heterogeneous community of end-recipients. Clearly these offerings have to be developed by specialised companies which produce the cloud applications that provide the digital service or content. Note that the main source of revenue for the companies that develop the cloud offerings comes from the subscription of cloud “products”/services.
It is accepted that in some circumstances it is not easy to understand if a cloud transaction should be considered as a good or service. In the cloud transactions whereby, for example, Dropbox, Google, IBM or Amazon offer specialised document storage it may seem like a provision of a product when in fact when they store data they provide the software and the full functionality to enable the user to have access to content and/or a service. In reality cloud computing can hardly offer a unitary product without services which enable the consumer to use or access it when needed.
This difficulty mutatis mutandis is not new, even in traditional contract law in the “analogue world”. Ortiz and Viscasillas remind us that:
In any event when a transaction involves the provision of materials and goods it is, most of the time, not considered as a sales contract but as an employment, mixed, or sui generis contract and, in Brazil, can be even classified as “empreitada”.
Therefore, the general conclusion in regards to this question is that the definitions of goods, both in general and in the CDC, do not fit the nature of cloud computing transactions; either as SaaS, PaaS or IaaS.
3.2 On the Characterisation of Cloud Computing as a Service
Likewise, Newton describes cloud computing as a service highlighting its function as, essentially, a utility model of computing:
Cloud computing involves the delivery of computing facilities as a service over the internet, with access to shared resources (like computer and data centres) located in different locations, and perhaps ultimately controlled by different entities. It is intended to be a kind of “utility” model of computing, where the user can buy computing capacity as he needs it, without infrastructure costs of purchasing and implementing a system specifically for himself.
In addition, the Directive considers “information society services” as inclusive of a wide range of economic activities which take place on-line. These activities can, in particular, consist of: selling goods on-line; services giving rise to on-line contracting, and, insofar as they represent an economic activity, services which are not remunerated by those who receive them such as those offering on-line information or commercial communications or those providing tools allowing for search, access and retrieval of data; services consisting of the transmission of information via a communication network, in providing access to a communication network, or in hosting information provided by a recipient of the service; and finally services which are transmitted point to point such as video-on-demand or the provision of commercial communications by electronic mail.
Cunningham and Reed provide evidence, and note:
Finally, Sluijs, Larouche and Sauter state that:
… Cloud computing in essence is an IT service, for which there is no explicit regulation on a pan-European level. Nonetheless, we identify three European legal regimes that are potentially relevant to the concerns set out above: EU competition law; EU electronic communications regulation; and EU electronic commerce regulation.
The draft Bill states:
In spite of this disagreement the draft Bill captures an important aspect of this technology – it considers cloud computing as a service. It is a consumer-oriented definition of cloud. The definition is certainly not perfect however as it emphasises aspects such as the “minimum requirement is a compatible computer” when in fact, now the cloud service can be “offered”, for example, through apps, smartphones or tablets. Nonetheless, at least it recognises that this technology demands special attention from the legal regulators in Brazil.
Article 3 (2) of the Brazilian CDC defines service as:
This definition needs some considerations.
Technically speaking cloud computing is the supply or delivery of services, such as cloud application services (SaaS); cloud platform services (PaaS) where a set of tools and services are offered to make these coding and deploying applications work; or cloud infrastructure services where hardware and software powers all servers, storage, networks or operating systems (IaaS).
Also, as Buyya, Broberg and Goscinski claim:
However, in cloud computing transactions the user should be granted rights of access to programmes running on a supplier’s website or a third party server without downloading it and, as a result, receives the requested service. Obviously this cloud computing technology is not envisaged in the CDC bearing in mind the extensive variety of applications and different kinds of services now available via cloud. Besides, the definition just mentions “any activity supplied” without considering the “access” that has been given to the user which is essential for the provision of the different cloud services. In fact the wording may even concentrate on the activity (data processing for SaaS, storage etc for IaaS, and so on). This is a better approach than asking whether the technology itself is what is provided under the contract, or even access to the technology. The consumer/user has no interest at all in the technology itself (an apparent SaaS could in fact be a load of human abacus users) but is only concerned in the results obtained. Additionally, these distinctions, when the cloud involves purely services, in terms of the consumers, providers and even the judge’s perspective, are not perceptive at all. For this reason, to make the CDC applicable to this technology, in the interest of legal certainty for both consumers and providers, it is suggested that all action related to those cloud services should be considered a “supply” within the meaning of this Code.
The description of services such as banking, financial, credit and security is definitively an extensive one and satisfies the different sectors that the cloud transactions may involve and the exclusion of employment relations does not create any difficulties in applying the law.
On the other hand the requirement of “remuneration” present in the definition of service in the CDC and its judicial interpretation in Brazil may avoid the applicability of the Code in some kinds of cloud computing transactions. The current debate in fact focuses upon whether cloud computing situations will fall within the scope of the Code when the service provided is free as some judges either in the first instance courts or in the high courts interpret this requirement of remuneration as only including direct remuneration.
Indeed a large number of cloud services are apparently offered for free. However, “free” here simply means that the consumer does not pay money to the provider. Instead the users confer a benefit on the provider by offering their personal data that is valuable for the providers for different commercial purposes. Previously this would have been considered a straightforward gratuitous relationship. Currently, consumers are often aware that the use of free Internet services brings with it a high probability that their data (or the results of processing their data) will be sold. That means that, paradoxically, they might expect the provider to receive some sort of remuneration for the service offered and will enter the agreement with full knowledge of those circumstances. In those situations users might expect even more robust protection due to the power that providers have over their information, and the lack of accountability therein, coupled with economic recompense.
Although the Brazilian 2002 Civil Code softens the individualistic and formalistic tendencies of the previous 1916 Civil Code the application of it brings some difference in treatment. Two examples are worthy of notice. Article 18 of the CDC a priori allows consumer to claim for defects even if they were not hidden at the point of purchase, while the 2002 Civil Code only allows claiming for hidden defects. The right of withdrawal also has a different treatment in the two Codes. The CDC allows a right of withdrawal even in the absence of any defect as long as the contract was not concluded at the provider’s establishment/office. This proves particularly useful in the context of e-contracts as they are never concluded at the provider’s office.
Despite the fact that recent decisions uphold the existence of indirect remuneration, the facts that some decisions still do not recognise indirect remuneration and traders/providers still continue to raise the argument, are symptomatic of uncertainty – the argument is still found worthy by lawyers.
Hence while some free cloud computing services are within the scope of this definition, if the judge understands that the indirect payment does not fit within this requirement, the cloud services that are provided without charge may not be covered. Therefore, the ambiguity of this judicial interpretation of remuneration creates a significant level of uncertainty to the consumers who are in fact mostly conscious of this problem when using the service.
It is thus necessary to have some firmer legislative clarification or an adaption of the article to include indirect remuneration in order to create finality and legal certainty in the matter.
3.3 Cloud Computing as a Sui Generis Category
It is important to clarify that cloud transactions which involve the supply of digital content, and which therefore belong to this sui generis category, are beyond the scope of this paper.
4. Other Issues Relevant to the Applicability of Brazilian Consumer Protection Code to Cloud Transactions
This section aims to present an overview of the definitions of consumer and trader present in the Brazilian Consumer Protection Code. It will analyse whether the existing rules and concepts are flexible enough to fit models of cloud computing transactions.
Article 2 of the CDC defines consumer as:
The single paragraph of Article 2 states that:
Article 2 of the CDC, if read literally, protects a consumer as both natural and legal persons when goods and services are acquired by them or supplied to them, insofar as they are the end recipient of the goods or services. It also considers consumers as a collective comprising all people that took part in a consumer relationship.
In Brazil the “prosumer” would have to face the challenge of falling within the interpretation of “final addressee”. As previously discussed proving that would depend on the school of thought followed by the sitting court. On a restrictive “finalist” interpretation any connection to business purposes might vitiate the relationship whereas under a more liberal “maximalist” interpretation the most relevant aspect would merely be the end use of the service subject to the contract; namely whether that use could characterise the recipient as a final addressee. Under that reading it might be easier to prove that the relationship is indeed a consumer relationship. Finally, under the “mitigated finalism” theory the mixed purpose might even be irrelevant as what would be analysed would in fact be the power symmetry between the parties. In that case the fact that the contract might have partly been concluded for business purposes seems irrelevant so long as there is an element of vulnerability.
It seems that there are existing means to include mixed purpose contracts within the current definition of consumer, but that this depends on judicial interpretation. That naturally creates a great deal of uncertainty as similar cases may not be treated alike. The understanding of first instance judges or state courts will have the power to either include or exclude cases from consumer law protection. This current position is precarious and unsatisfactory as it significantly undermines legal certainty. We suggest it is imperative to obtain some sort of legislative clarification. Something seemingly as inoffensive as the concept of “final addressee” can have huge implications in cloud transactions. One might suggest that these mixed purpose contracts are marginal and we exaggerate the possible implications of this uncertainty. However, as Pessers suggests, the demarcation between personal and work spaces which is characteristic of the analogue age (as opposed to digital age) is falling apart. We increasingly use the same online environment to deal with many different facets of our lives. In this context a situation that was previously marginal becomes common and the disruptive potential of current uncertainties grows exponentially.
Article 3 defines trader as:
Considering that the trader’s definition in the perspective of the CDC is extensive – encompassing any natural or legal person, public or private, national or international, unincorporated entity who develops activities which fall within their trade, commercial or professional activity, or offers services – the cloud provider certainly falls within the scope of this Code.
In summary, and for the sake of answering the issue related to the applicability of the CDC to cloud transactions, some conclusions must be borne in mind:
.The above remarks show that cloud computing is generally a service.
.The current consumer definition of “service” in the CDC (“any activity supplied in a market of consumption”) if interpreted extensively, is wide enough to include the types of cloud models that purely involve service. Also the term “supply” may be sufficient for the comprehension of these activities for the consumer, provider, and from the judicial perspective. Additionally, considering that the court’s decisions in Brazil already interpret the online transactions supplied by providers such as Google or Orkut as the “supply of services”, the maintenance of this categorisation for the cloud computing will be very helpful in reducing uncertainty for digital consumer law.
.Difficulties in the interpretation of the term “remuneration” within the definition of “service” in the court decisions in Brazil, may represent the inapplicability of CDC to the cloud transactions that are free of charge, such as Gmail and Google Docs. This is very serious considering that some of these cloud services will fall outside the CDC and as a result instead will be governed by the Civil Code or Commercial Code which does not offer the same level of rights and remedies to digital consumers. A legislative decree should be passed admitting the acceptability of indirect remuneration in the definition of “service”.
.The definition of “consumer” should be clarified through a legislative decree to admit mixed purpose transactions in certain circumstances, otherwise many cloud transactions would fall outside the ambit of protection in the CDC.
.The protection given to goods and services are almost identical in Brazilian consumer legislation. However we should guarantee cloud transactions fall within one of these categories in order to ensure consumer law protection for cloud transactions.
* Lecturer, Catholic University of Pernambuco, PhD candidate, Federal University of Pernambuco (UFPE), Recife, Brazil. Visiting PhD Student, 2011/2012, CCLS, School of Law, Queen Mary University of London. Research supported by CAPES (BEX5946/11-5).
** Professor of Electronic Commerce Law, CCLS, School of Law, Queen Mary University of London.
†Associate Professor, Centre of Informatics, Federal University of Pernambuco (UFPE), Recife, Brazil.
1 See Organisation for Economic Co-operation and Development (OECD), Directorate for Science, Technology and Industry Committee on Consumer Policy, “Report on Protecting and Empowering Consumers in the Purchase of Digital Content Products” DSTI/CP (2011) 25/FINAL.
2 See the UK draft of a Consumer Rights Bill, available at (accessed 8 Aug 2013). Since July, 2012, the Department for Business Innovation & Skills (BIS) in the UK, seeking to protect consumers from faulty digital content, among other objectives, opened a Consultation that was entitled “Enhancing Consumer Confidence By Clarifying Consumer Law, Consultation on the supply of goods, services and digital content” available at (accessed 20 Sept 2012). The draft of the Consumer Rights Bill was based on this Consultation.
3 N Helberger and C Mak, “Toward Identifying Safe and Fair Contract Terms and Conditions for Consumers and Small Firms Using Cloud Computing Services – an Agenda”, (2012) Working Paper Centre for the Study of European Contract Law (CSECL) and the Institute for Information Law (IViR), University of Amsterdam.
4 At the European level, initiatives related to cloud computing and consumers, see Policy Department Economic and Scientific Policy, A Fielder et al, “Cloud Computing. Study for the European Parliament’s Committee on Internal Market and Consumer Protection” (2012) IP/A/IMCO/ST/2011-1 and the European Commission, “Unleashing the Potential of Cloud Computing in Europe”, COM (2012) (Communication), 529 final. On international and national agency reports, see Organisation for Economic Co-operation and Development (OECD) Report on “Protecting and Empowering Consumers in the Purchase of Digital Content Products” (2011) DSTI/CP 25/FINAL; “Consumer Protection in Cloud Computing Services: Recommendations for Best Practices from a Consumer Federation of America. Retreat on Cloud Computing’ (2010) available at (accessed 10 April 2012); and Union des Consummateurs, “Canadian Perspectives on Cloud Computing and Consumers” (2011) available at http://uniondesconsommateurs.ca/docu/vieprivee/CloudComputingE.pd (accessed 6 Sept 2013). On the studies particularly related to digital content and consumer law, see “Analysis of the applicable legal framework and suggestions for the contours of a model system of consumer protection in relation to digital content contract”, Final Report – “Comparative analysis, Law & Economics analysis, assessment and development of recommendations for possible future rules on digital content contracts”, M. Loos et al (2011) and “Comparative analysis of the applicable legal frameworks and suggestions for the contours of a model system of consumer protection in relation to digital content services”, Report 1: Country Reports, University of Amsterdam. Also, a study entitled “Digital Content Services for Consumers: Assessment of Problems Experienced by Consumers – LOT 1”, (2011) Europe Economics and commissioned by the European Commission. An overview of the consumer rights in ‘digital products’ commissioned by the UK Government for Business, Innovation & Skills was produced by Professor Robert Bradgate “Consumer rights in digital products” (2010). Some other relevant material in this area includes Hans-W Micklitz, “Do Consumers and Business Need a New Architecture of Consumer Law? A Thought-Provoking Impulse”, European University Institute, Florence, Department of Law, EUI Working Paper Law 2012/23; M Loos et al, “The Regulation of Digital Content Contracts in the Optional Instrument of Contract Law’ (2011) 6 European Review of Private Law 729-758.
5 See European Commission’s proposal for a Regulation on a Common European Sales Law – Proposal of 11 October 2011, COM(2011) 635 final (CESL).
6 See Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights (Consumer Rights Directive or CRD).
7 See J C Almeida, A Proteção Jurídica do Consumidor (2ª ed, São Paulo: Editora Saraiva, 2000).
8 CRD, see note 6 above.
9 CESL, see note 5 above.
See a further discussion on this aspect on M Schmidt-Kessel, “The application of the Consumer Rights Directive to digital content”, Directorate General for Internal Policies, January 2011, IP/A/IMCO /NT/2010-17, 15; N Helberger et al, Digital Consumers and the Law Towards a Cohesive European Framework Law (The Netherlands: Kluwer Law International, 2013) and in relation to the UK situation, the UK draft of a Consumer Rights Bill, see note 2.
11 N. Helberger, M. Loos, L. Guibault et al, “Digital Content Contracts for Consumers” (2012) 36 Journal of Consumer Policy. 37-57, at 43 available at (accessed 10 Nov 2013).
12 Ibid, at 42-4.
13 For a detailed account of how far the CESL would be applicable to some cloud computing transactions that involve the supply of digital content, see C Castro, C Reed, and R De Queiroz, “On the Applicability of the Common European Sales Law to Some Models of Cloud Computing Services” (2013), available at http://ssrn.com/abstract=2254993.
14 Article 2 (3) CRD – “Goods” means any tangible movable items, with the exception of items sold by way of execution or otherwise by authority of law; water, gas and electricity shall be considered as goods within the meaning of this Directive where they are put up for sale in a limited volume or set quantity.
15 A Cunningham and C Reed, “Caveat Consumer? – Consumer Protection and Cloud Computing – Part 1” (2013) Queen Mary University of London, School of Law Legal Studies Research Paper nº 130/2013, available at http://ssrn.com/abstract=2202758, at 26-27.
16 See Alessandro Mantelero, who argues that cloud computing has characteristics of both service and license contracts altogether. In Italian, he says: “Sotto il profilo della qualificazione giuridica del contratto, gli accordi su cui si basa l’erogazione dei servizi di cloud computing hanno natura di contratti misti, in cui coesistono elementi riconducibili all’appalto di servizi ed al contratto di licenza” in A Mantelero, “Il Contratto per L’Erogazione Alle Imprese di Servizi di Cloud Computing” (2012) 4-5 Contratto e Impresa 1216-1222, at 1217.
17 See Misra, “Product Cloud or Service Cloud? Know The Difference” (Information Week, 29 April 2010) available at http://www.informationweek.com/news/cloud-computing/229202857 (accessed 12 March 2012).
18 R Ortiz and P Viscasillas, “The scope of the Common European Sales Law: B2B, goods, digital content and services” (2012) Vol 11 [ Iss 3] Journal of International Trade Law & Policy 241-242, at 247 .
19 CDC – Art. 3º § 1º – Produto é qualquer bem, móvel ou imóvel, material ou imaterial.
20 A Cunningham and C Reed, see note 14 above, at 27.
21 S Goundar, “Cloud Computing: Opportunities and Issues for Developing Countries” (2011) available at archive1.diplomacy.edu/poolbin.asp?IDPool=1335 (accessed 25 April 2011).
22 Marston et al, “Cloud Computing: The Business Perspective” (2009) available at http://dx.doi.org/10.2139/ssrn.1413545 (accessed 5 April 2012).
23 J Newton, “System Supply Contract” in C Reed (ed), Computer Law, (7th ed, Oxford: Oxford University Press, 2011) 3-60, at 55-56 .
24 Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’). The E-Commerce Directive under its Article 2 defines information society as above mentioned within the meaning of Article 1 (2) of 98/34/EC, as amended by Directive 98/48/EC.
25 Commission of the European Communities, Information Society & Media Directorate-General, Software & Service Architectures, Infrastructures and Engineering Unit, Expert Group Report “The Future Of Cloud Computing, Opportunities for European Cloud Computing Beyond 2010”, K Jeffery and B Neidecker-Lutz (eds) and L Schubert (Rapporteur), (2010), available at (accessed 29 October 2013), at 2.
26 A Cunningham and C Reed, see note 14 above, at 27.
27 J P Sluijs, P Larouche and W Sauter, “Cloud Computing in the EU Policy Sphere (15 Aug 2011). TILEC Discussion Paper No. 2011-036 available at (accessed 25 April 2012), at 14 and 34.
28 Câmara dos Deputados PLP 171/2012 available at http://www.camara.gov.br/proposicoesWeb (accessed 3 June 2013).
30 CDC – Art. 3º § 2º – Serviço é qualquer atividade fornecida no mercado de consumo, mediante remuneração, inclusive as de natureza bancária, financeira, de crédito e securitária, salvo as decorrentes das relações de caráter trabalhista.
31 R Buyya, J Broberg and A Goscinski (eds), Cloud computing: principles and paradigms (Melbourne: Wiley, John Wiley & Sons, 2011), at 33.
32 Apelação Cível nº 9094205-87.2008.8.26.0000, Segunda Câmara de Direito Privado, Tribunal de Justiça de São Paulo. Desembargador Relator: Neves Amorim. Data do julgamento: 20/03/2012.
33 Apelação Cível nº 7004.
0602773, Nona Câmara Cível, Tribunal de Justiça do Rio Grande do Sul. Desembargador Relator: Leonel Pires Ohlweiler. Data do julgamento: 25/05/2011.
34 Processo nº 200.2011.039.206-1, Tribunal de Justiça da Paraíba, 11ª Vara Cível da Comarca de João Pessoa, Juiz Rodrigo Marques Silva Lima.
35 The cases mentioned above are: Apelação Cível nº 70034673319, Nona Câmara Cível, Tribunal de Justiça do Rio Grande do Sul. Desembargador Relator: Tasso Caubi Soares Delabary. Data do julgamento: 21/07/2010 and Apelação Cível nº 70027619519, Quinta Câmara Cível, Tribunal de Justiça do Rio Grande do Sul. Desembargador Relator: Romeu Marques Ribeiro Filho. Data do julgamento: 11/03/2009.
36 The Consumer Rights Directive (CRD) describes digital content in Article 2(11) as ‘data which are produced and supplied in digital form’, specifying in Recital 19 (preamble) that if digital content is supplied on a tangible medium, it should be considered as goods within the meaning of this Directive. On the other hand, contracts for digital content which is not supplied on a tangible medium should be classified, for the purpose of the Directive, neither as sales contracts nor as service contracts, belonging to a sui generis category.
37 C Castro, C Reed and R de Queiroz, see note 12 above.
38 A Cunningham and C Reed, see note 14 above.
39 “Enhancing Consumer Confidence By Clarifying Consumer Law”, see note 2 above.
40 C Castro, C Reed and R de Queiroz, see note 12 above, at 11.
41 CDC – Art. 2º – Consumidor é toda pessoa física ou jurídica que adquire ou utiliza produto ou serviço como destinatário final.
42 CDC – Parágrafo único Art. 2º – Equipara-se a consumidor a coletividade de pessoas, ainda que indetermináveis, que haja intervindo nas relações de consumo.
43 Regarding the evolution of the definition of consumer and the possibility of Small and Medium Enterprises receiving special protection from unfair terms in England, see Bradshaw, Millard, and Walden, when they state that : “It should not be assumed that Small and Medium Enterprises (SMEs) are devoid of protection from unfair terms. In Kingsway Hall Hotel v Red Sky IT (Hounslow)  EWHC 965 (TCC) HHJ Toulmin held that elements of an IT services contract between a non-specialist business customer and a specialist provider contracting on its standard terms could, despite it being a business-to-business agreement, be held to be unfair and unenforceable. Although this case did not involve a Cloud service contract, the terms in question were typical of those found when surveying the T&C of Cloud providers.” In S Bradshaw, C Millard and I Walden, “Contracts for clouds: comparison and analysis of the Terms and Conditions of cloud computing services”, (2011), Queen Mary School of Law Legal Studies Research Paper No. 63/2010 available at SSRN: http://ssrn.com/abstract=1662374 or (accessed 2 October 2010), at 16.
44 See B Miragem, Curso de Direito do Consumidor (2a. ed, São Paulo: Editora Revista dos Tribunais, 2010); A H Benjamin, C Marques and L Bessa, Manual de Direito do Consumidor (5ª ed, São Paulo: Revista dos Tribunais, 2013); R Nunes, Curso de Direito do Consumidor (5ª ed, São Paulo: Editora Saraiva, 2010); J G Filomeno, Manual de Direitos do Consumidor (11ª ed, São Paulo: Editora Atlas, 2012).
45 The term “prosumer” here demands an explanation since in academic circles it has two meanings. Its original usage described a person who acted as both content producer and consumer, irrespective of whether business activities were involved. For this reason, some scholars still consider the “prosumer” as an active “user” of services such as blogging or social networking sites, rather than the passive “consumer” of e.g. a television programme. Recently it has acquired the connotation of a person who uses online content and services for mixed professional and consumer purposes. Additionally, Pessers claims that, “The difficulty of defining the ‘prosumer’ already appears from his hybrid name that holds the middle between the terms ‘consumer’, ‘producer’ and, as scholars have suggested, ‘professional’ as well. While ‘consumer’ and ‘producer’ may be perceived as antonyms, the qualification ‘professional’ seems to be the odd one out.” He goes further explaining that, “The term was originally used by Toffler as a contraction of ‘consumer’ and ‘producer’”. He recommends to see A Toffler, The Third Wave (New York: Bantam Books, 1980). L Pessers, “Somewhere between ´B’ and ´C´: The Legal Status of the ´Prosumer´ in European Consumer Law” in N Helberger et al, Digital Consumers and the Law Towards a Cohesive European Framework Law (The Netherlands: Kluwer Law International, 2013), at ch 3, at 41.
46 L Pessers, ‘Somewhere between ´B’ and ´C´: The Legal Status of the ´Prosumer´ in European Consumer Law´, ibid, at 42.
47 CDC – Art. 2º – Fornecedor é toda pessoa física ou jurídica, pública ou privada, nacional ou estrangeira, bem como os entes despersonalizados que desenvolvem atividades de produção, montagem, criação, construção transformação importação exportação distribuição ou comercialização de produtos ou prestação de serviços.