In a recent blog posting titled “The coming collision of “free to the public cloud storage” and eDiscovery”. I mentioned some of the potential gotchas involved in storing your ESI with these cloud services. One of the cloud storage services I named was the Dropbox service.

On Friday the Dropbox cloud storage start-up announced changes to its policies, claiming it had rights to your data stored on its service.

The original section read: “You grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service.”

This message obviously started a major reaction so the company has revisited its terms again, being forced to update its blog twice in order to try and calm the storm surrounding its policy.

The last two blog updates are below:

[Update – 7/2] – We asked for your feedback and we’ve been listening. As a result, we’ve clarified our language on licensing:

You retain ownership to your stuff. You are also solely responsible for your conduct, the content of your files and folders, and your communications with others while using the Services.

We sometimes need your permission to do what you ask us to do with your stuff (for example, hosting, making public, or sharing your files). By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service. This license is solely to enable us to technically administer, display, and operate the Services. You must ensure you have the rights you need to grant us that permission.

[Update 2 – 7/2] – An update based on your feedback:

One of the main reasons we updated our terms of service was to make them easier to read and understand. It seems we’ve mostly accomplished that, which we’re thrilled about.

Some of you have written us with very understandable concerns about the legal-sounding parts. In particular, our new TOS talks about the licenses we need to run Dropbox. We want to be 100% clear that you own what you put in your Dropbox. We don’t own your stuff. And the license you give us is really limited. It only allows us to provide the service to you. Nothing else.

We think it’s really important that you understand the license. It’s about the permissions you give us to run the service, things like creating public links when you ask us to, allowing you to collaborate with colleagues in shared folders, generating web previews or thumbnails of your files, encrypting files, creating backups… the basic things that make Dropbox safe and easy to use. Services like Google Docs and others do the same thing when they get these permissions (see, for example, section 11.1 of Google’s TOS).

We wish we didn’t have to use legal terms at all, but copyright law is complicated and if we don’t get these permissions in writing, we might be putting ourselves in a tough spot down the road. Not to bore you with the details, but please take a look at the license term in the TOS. We think it’s fair and strikes the right balance: “This license is solely to enable us to technically administer, display, and operate the Services.”

We want to thank everybody who wrote in, understanding your concerns helps us make Dropbox better.

Drew & Arash

It looks to me that they made a decent and honest attempt to come back from a really unsettling policy change. The main point here is that you have to understand the policies which manage your data on these services.

One practice I employ when using these services is to encrypt the data I upload to these services using applications such as TrueCrypt or PGP (see my blog on this topic). This practice does remove some of the capabilities such as indexing for search on the cloud service but the main reason I utilize these cloud storage offerings is to to be able to access my data anywhere from any computer.