Industrial and non-personal data: Building blocks of emerging technologies

Data is a vital asset for almost all businesses. In many cases it is fundamental to profitability and survival. Many businesses now have a mature understanding of the regulatory and commercial imperatives applicable to personal data, but may have not developed the same degree of data literacy in relation to industrial and non-personal data.

Managing, and extracting value from, such data can be a significant challenge. The increasing complexity of data capture, control, management, and analytics in the digital economy could well overwhelm businesses who are not sufficiently data literate. For example:

Ownership: data are intangible and can be copied and used by multiple businesses, and (with some exceptions) at the moment generally fall outside the scope of property law in common law jurisdictions, leading to difficult questions in relation to ownership.
Combining data: data can be combined with, or interact with, other data to make new, derived data, which can be used to drive, or to be manipulated, by software or algorithms (such as artificial intelligence (AI)) in order to produce a variety of outcomes. The transformable nature of data can lead to new contractual and liability issues.
Governance: the imperative for better data governance by businesses is likely to increase, driven in part by potential business partners, business and consumer clients, and by law.

Accordingly there is potentially a large range of issues a business will need to consider when dealing with industrial and non-personal data. For example, how can businesses control and protect such data, use third party data, minimise risks in deploying data, value and monetise such data, and comply with rules and regulations applicable to (non-personal) data?

What do we cover?

With the object of outlining the main issues a business should be mindful of in relation to protecting its data as an asset, working with partners using or monetising data and managing risks specific to data, we examine the following in more detail:

The importance and increasing use of data
The nature of data, ownership, and control
Ways of protecting data
Disruptive technology data
The regulatory environment for data
Regulated data activities
Antitrust / competition law data issues
Contractual considerations in sharing data
Managing data
Liability issues specific to dealing in data

We discuss the legal position in a number of jurisdictions, using them as case studies, in order to illustrate principles of more general application in relation to industrial and non-personal data (given the breadth of laws potentially applicable, we do not attempt to state the law exhaustively in relation to such data for those jurisdictions). We do not address issues specific to personal data.

Local law advice should always be sought in relation to any data project.

Content

Is data really that important to a business?

A quick survey of the top companies by market capitalisation readily reveals that data is key.

Read

The myriad ways in which data may be used

The value that can be gained from data by businesses will inevitably lead to an increase in the use of data to improve daily operations and to develop new products, services and processes.

Read

Nature of data, ownership, and control

In many jurisdictions pure information, or data, is not considered to be property. This is because a claim to property in intangible information presents obvious definitional difficulties.

Read

Ways of protecting data

There is a patchwork of different rights, intellectual property rights and contract rights that may apply to data. Understanding the way in which these rights come into play enables a business to understand how its data assets can be protected.

Read

Disruptive technology data: case studies

Disruptive technologies, such as AI, IoT, AVs, distributed ledger technology (DLT), cryptocurrencies and smart contracts, generate many different forms of data. What are the particular characteristics of such data, and to what extent can intellectual property rights or other rights protect them?

Read

The regulatory environment for data

In this section, we review the EU’s position with regards to industrial and non-personal data and look at whether other jurisdictions have similar initiatives.

Read

Free flow of data

Data location laws (in relation to industrial and non-personal data) can be restrictive (as in banking secrecy laws, which may require some types of data to remain onshore or to be “localised”) or liberalising (as in laws that ban the prohibition of export of data from a locality).

Read

Data for re-use

In furtherance of the objective of leveraging existing datasets paid for by public funds, a number of jurisdictions have sought to make public sector information (PSI) available to industry.

Read

Antitrust / competition law data issues

The exclusive possession or control of data can have antitrust / competition law considerations, giving rise to access disputes.

Read

Contractual considerations in sharing data

The uncertain nature of intellectual property rights in data means that “contract is king” in data transactions.

Read

Managing Data

Data is an incredibly valuable resource for businesses, enabling organisations to effectively operate and to make business improvements. In order to exploit this value most effectively, businesses must invest in good data management.

Read

Liability

Errors, incompleteness or biases within data may flow through, and be amplified by, data analytics process outputs upon which a business's strategic and investment decisions may depend, potentially causing business losses. In this section we deal with liability arising out of use of data / datasets that are in some respect sub-optimal.

Read

Data blog

UK Information Commissioner’s Office Publishes Final Guidance On Employee Monitoring

The UK Information Commissioner’s Office (ICO) published its final guidance on monitoring workers on 3 October 2023 (the Guidance).

Global | Articles | October 12, 2023

Blog post

An overview of the European digital strategy

We have published an article, EU: An overview of the European digital strategy, explaining the aims and key components of the EU digital strategy, outlining at a high-level key legislation that has been published in this space in the past three years and highlighting the way in which the various legislative instruments interact with each other and with European data privacy rules.

Global | Articles | September 26, 2023

Blog post

ICO and OFCOM Joint Statement on Online Safety and Data Protection

On 25 November 2022, the UK Information Commissioner’s Office (ICO) and the Office of Communications (OFCOM) (together, the Regulators) released a joint statement setting out their shared views on the interactions between online safety and data protection (the Statement).

Global | Articles | December 06, 2022

Data protection

The proposed EU Cyber Resilience Act: what it is and how it may impact the supply chain

On 15 September 2022, the European Commission published its proposal for a new Regulation which sets out cybersecurity related requirements for products with “digital elements”, known as the proposed Cyber Resilience Act (the CRA).

Global | Articles | October 17, 2022

Data

EU Vehicle Data Consultation and the evolving EU regulatory landscape for connected vehicles

In the coming years, data collected by vehicles will be subject to a new EU regulatory regime consisting of horizontal rules applicable across many industries and vertical rules designed specifically for the automotive sector.

Global | Articles | April 12, 2022

Data

High Court rejects claim blockchain developers owe duties to users

The latest instalment in the Tulip Trading v Bitcoin Association litigation has been greeted with relief by many in the blockchain community, after the High Court threw out a claim that bitcoin developers (including several bitcoin forks) owed a duty of care or a fiduciary duty to an alleged owner of bitcoin.

Global | Articles | March 29, 2022

Data

Digital Health 2022

Norton Rose Fulbright lawyers Roger Kuan and Jason Novak contributed several chapters to Digital Health 2022 International Comparative Legal Guide, published by GLG, which is a leading global platform for legal reference, analysis and news.

Global | Articles | March 08, 2022

Data

Facebook data "scraping" claim lacks some basis in fact

The Supreme Court of British Columbia recently dismissed an attempt to certify a class action lawsuit against Facebook after the court found the plaintiffs failed to provide some “basis in fact” for their central allegation – that Facebook engaged in unauthorized data scraping.

Global | Articles | February 25, 2022

Data

Intellectual property rights in the Metaverse

The metaverse will offer an immersive digital world that feels physical and tangible in nature. Interacting with metaverse has the opportunity to shift the internet in a new direction and pose new intellectual property rights for developers, contributors, and users.

Global | Articles | February 21, 2022

Intellectual property