A few months back a student from a premium institute in India was put under the scanner of laws as he violated the laws of the Indian Railways in providing railway ticket booking services. Similarly, a much-awaited court case between Oracle and Google was reviewed by the US Supreme Court. What are the similarities in these cases? At a surface level, there is very little actually, but if you delve deeper they are kind of similar. Let’s take the first case, many sites provide railway booking services in coordination with IRCTC why was this student singled out. Similarly, many organizations build collaborative solutions but why should Google and Oracle get into a legal wrangle?
The Private Laws
There are various legal interactions among people and institutions people build. The Govt cannot decide the interaction possibilities among them. The governments only define general guidelines of how they can interact but keep the exact details within the framework of a contract to be worked upon by the interacting parties. In short, in both the above cases, parties did not engage in establishing a legal relationship ahead of time. Due to which they got into stepping on the legal rights of parties that led to bigger and often complex legal conditions leading to lawsuits.
Both these cases are actually around startup planning. In the first case, the student probably did not realize there was a need to evaluate the legal viability or he needed an explicit contract with IRCTC before using their data. Android was acquired by Google while Oracle acquired Sun Microsystems. Android and Sun Microsystem did not see any reasons to have a contract in place. Subsequently, when Oracle acquired Sun Microsystems it saw a definite value in chasing Google of copyright violation considering the scale and market opportunity that was ahead of them. Many companies while small or initial phases of their incorporation do not see the need to establish formal legal arrangements. Thus, get into more complex legal issues that can significantly affect their businesses.
Since contracts can be a subject matter of individuals and organizations within their mutual activities, they are called private laws. They do not apply to non-party entities.
Elements of a Contract
While we can go into every detail of defining a contract I will refrain from doing so. Here are some simple rules that must be followed in defining a contract:
- Parties must be competent to contract
- They should have a legal subject matter and lawful consideration
- The parties must have equitable power in contracting and there must be an element of negotiation.
- Contracts need not be in writing. They can be by conduct as well.
Any contract that is one-sided and does not give enough powers to one of the parties to negotiate can be considered a contract of adhesion and declared void in the court of law.
Suppose, I have an Indian website that sells e-commerce goods during festive seasons. A few weeks before Holi, I launched an advertisement campaign on various websites for the non-residential Indians to buy gifts and send them to near and dear ones from my website. My website terms and conditions said all matters of legal disputes have to be resolved in the jurisdiction of Arunachal Pradesh, India court as I have my registered office there. An aggrieved NRI resident of San Francisco files a case against my company in the court of San Francisco. Will the court entertain such a case? The court may consider the terms and conditions of an adhesion contract and do away with the jurisdiction clause. Secondly, any plea to the expectation that I have no business interest in the USA may be rejected as my conduct of advertising in the USA proves I had a deliberate business interest in the USA and cannot shy away from it.
What should I have done as a business owner or product manager? I should have at least assessed the risk and considered these issues while either accepting or mitigating the risk.
Parties to Contracts
Many SaaS-based B2B solutions face this challenge of who are they building the solutions for. Suppose as a SaaS vendor I create a mobile app that only is giving access to employees of my customers. However, the app is downloadable from the Google play store; so anyone can download the app. As part of the app installation process, the app picks the mobile number and few other details from the mobile device. The app EULA does not talk about these privacy breaches. I only have a contract as part of the sales agreement to my customer. Do I need any special arrangements of detailing privacy concerns to the general public who may download the app? If you think through the answer is yes. A user and buyer or customer can be completely different entities. Sometimes, the user may not have any direct relationship with your customer. At least in this case it’s the employees of the customer that is the intended user group. However, the general public that downloaded the app becomes an unintended user group. As a business, their privacy is also an equal concern to me. The matter can be far more complex for a market research company. The user domain is a completely unrelated set of people from the sponsorer of the research. A completely disjoint set. Every interface you cross while developing a business relationship is a subject matter of a contract. One needs to evaluate the scope of such a relationship.
We just scratched the surface of the nuances of contracts in the article so far. Many complex scenarios may arise due to business relationships. As a SaaS application with a website as well as a mobile app, how many interfaces you come across? How are you establishing legal relationships across those interfaces? Do you have enough EULAs, terms and conditions documentation, or even signed contracts for all classes of users, customers, analysts, evaluators, etc.? It may be the right time to relook at some of those as part of your product management process.