Dropbox: new terms of service bring smiles

Dropbox updated its terms of service to reflect stated policies on user privacy and intellectual property control.
Written by Michael Krigsman, Contributor

Recently, Dropbox has suffered through mistakes that caused a system-wide security breach and a broad outcry by users against its terms of service. While these have been difficult days for Dropbox, the company has taken steps to recover users' confidence and regain their lost smiles.

Related: Convenience over privacy: Is Dropbox watching you?

Dropbox has consistently maintained that its terms of service do not allow them to exercise control over customers' intellectual property. Despite these protestations, the language presented potential problems for users concerned about data privacy and raised questions over how the service might use their files. For more detail, read the related post linked just above this paragraph.

In a very smart move, Dropbox has changed the language of its terms of service to reflect the company's stated hands-off policy on customers' intellectual property rights. Here are the new terms:

You retain full ownership to your stuff. We don’t claim any ownership to any of it. These Terms do not grant us any rights to your stuff or intellectual property except for the limited rights that are needed to run the Services, as explained below.

We may need your permission to do things you ask us to do with your stuff, for example, hosting your files, or sharing them at your direction. This includes product features visible to you, for example, image thumbnails or document previews. It also includes design choices we make to technically administer our Services, for example, how we redundantly backup data to keep it safe. You give us the permissions we need to do those things solely to provide the Services. This permission also extends to trusted third parties we work with to provide the Services, for example Amazon, which provides our storage space (again, only to provide the Services).

This straightforward language satisfies my concerns as a user; I'm not a lawyer, but have reviewed and signed literally hundreds of contracts and this new language looks good to me.

Interestingly, the company's terms go overboard to satisfy users, with this statement (emphasis added):

To be clear, aside from the rare exceptions we identify in our Privacy Policy, no matter how the Services change, we won’t share your content with others, including law enforcement, for any purpose unless you direct us to.

Realistically, Dropbox cannot avoid law enforcement requests, especially when backed by a court order. In fact, this clause contradicts the company's privacy policy (emphasis added):

We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement.

It's worth noting that Google's terms of service contain the kind of language that observers found objectionable with Dropbox. For this reason, the Photo Focus blog cautions professional photographers against uploading images to Google properties.

Advice to CIOs and enterprise buyers: Dropbox offers a useful service that seems determined to create loyalty and customer satisfaction. At the same time, the security issues and terms of service flip-flopping point to a company that is not quite enterprise-ready. Still, given additional time I suspect the company will eventually gain the requisite level of internal process maturity; certainly the service itself is generally reliable.

Advice to consumers: For personal use, Dropbox is great and I recommend it wholeheartedly. As with all online services, follow the usual security precautions: change your password periodically, use different passwords for each service, and so on.


Update 7/9/11: Dropbox sent me an email asking for this correction:

Your comment here is inaccurate: "Realistically, Dropbox cannot avoid law enforcement requests, especially when backed by a court order. In fact, this clause contradicts the company’s privacy policy." We state in our ToS that "To be clear, aside from the rare exceptions we identify in our Privacy Policy..." which say " comply with a law, regulation or compulsory legal request."

My response: Stop playing games with language; it does you no good. It's clear that Dropbox will hand over users' files when required by law enforcement, which is a reasonable position.


Photo by Michael Krigsman. Dropbox declined to comment for this post.

Editorial standards