We were lucky Michael, we only had to write specific ToS (for lease of the server), contract (for product development and scope) and usage license (for ongoing payment for management and maintenance) for New Zealand due to the application being a custom development and the other party also being a legally incorporated entity in New Zealand. They 'owned' the application even though the IP of the application was retained my ourselves. We were able to be very specific.
As the application was being developed for a specific party and for their exclusive use, even under their discretion they could provide access to any specified party, we had the same liability of a "standard" employee of the client that contracted us under the contracts law at the time.
Many developers do not understand the type of liabilities they face as they don't consult the right lawyers half the time, that is if they consult lawyers at all. It is very complex and confusing, developers are not stupid but normally we don't know where the lines are. For example, my customer is a company, a company member authorised to open, provide information to my business as a supplier and maintain the account has access to the system, he/she creates a login for another staff member who has not been authorised to have the information provided about the company, I am now sharing "private" or "confidential" and potentially damaging information about the company with an unauthorised party putting my business in a position where we may be liable, so what do I need to do to cover myself as a developer/SaaS provider? Most developers don't think or understand about these aspects of where their liability stands.
If I were to produce the application now on a SaaS basis then I would probably be advised by my IP lawyers to use something very similar to Facebook, Google and Dropbox. ToS for an international service is a pain because of what you have pointed out, it needs to be enforceable and relevant in every country and district/state the service is provided in.
This is what I'm thinking about, do I want to open myself up to this scrutiny and liability? Is it worth it to produce this product?
Thinking about it, I do wonder how other free email providers and IM providers deal with it? Could be an interesting follow up for you Michael?
One thing that from a legal standpoint does raise concern also is the way the ToS is written, if Google, Facebook or Dropbox wants to publish a book of your innermost thoughts with the pictures of your girlfriends half nipple that you accidentally uploaded and didn't realise, they have permission to do so if you have put that content on their website or via their service. In the case of Facebook you can remove permission by closing your account or deleting the content where they would have to immediately remove it but the others could continue to use your information in this way should they want to. I'm sure the couldn't care less about me but think about the celebrities such as Cameron Diaz, Nicole Kidman, Mike Tyson and Micahel Kassner (haha) that have all sorts of bits and pieces that fans/gossips would pay to read.
Keep Up with TechRepublic