Errors, incompleteness or biases within data may flow through, and be amplified by, data analytics and process outputs (such as trend analysis and predictions) upon which strategic and investment decisions may depend, potentially causing business losses. Businesses may rely on data sourced from third parties and suffer loss, or cause loss to third parties based on its own data or that it has sourced from others. In this part we deal with liability arising out of use of data / datasets that are in some respect sub-optimal.
Disruptive technologies can give rise to unique risks and a range of liabilities in relation to data in their data ecosystems. Such technology-specific issues are dealt elsewhere (see our sites, AI, IoT, AVs, distributed ledger technology, cryptocurrencies and smart contracts).
Data quality will likely depend on the nature of its source
Data sourced from different sources may vary in quality. Businesses will need to consider a number of factors in relation to the question of quality:
- Machine-generated datasets: May include errors where, say, input data was incorrect (for example, incorrect environmental data received from IoT sensors).
- Open data: So-called "open data" is typically licensed on terms similar to those applicable to open source software. Such terms usually give little or no comfort in relation to the reliability (and non-infringing nature) of the licensed material. Similarly in the case of publicly available data sourced from local authorities or central government, public providers of such data are seldom willing to accept liability for losses arising from reliance on the data (particularly where the data is provided free or for a nominal charge).
- Licensed-in data: Contractual provisions can provide for certain level of quality, for example, by obliging the data provider that the licensed-in data will have been subject to certain checks.
- Data created in-house: Data governance policies should be applied and complied with to ensure the integrity of in-house data (see Managing Data).
Liability regimes specific to data
Are we likely to see legal systems enacting laws that deal with allocating liability specifically in relation to non-personal or industrial data?
As at the date of publication, the European Commission’s view is that the transfer of information should be considered a service, so that the provision of data would fall outside the EU product liability and safety regimes (see the discussion on product liability as it relates to IoT ecosystem data at our site, The Internet of Things).
However, the European Commission is working on addressing the gaps in the present product liability and safety framework exposed by the challenges that arise from the use of emerging technologies (like connectivity, autonomy, data dependency, opacity, complexity of products and systems, software updates and more complex safety management and value chains).
Other sources of liability need to be considered. In common law jurisdictions, for example, businesses who on-supply data, or who provide services dependent on it, could potentially face claims in contract, in tort (for example, for negligent misstatement) or for some other form of liability. In the EU, for example, there may be consumer claims based on the EU’s Digital Content Directive (2019/770)).
Other new EU legislation?
The European Commission is, at the date of publication, exploring the need to clarify rules on legal liability to ensure responsible sharing and use of data in the form of a proposed Data Act (envisaged for 2021) in order to facilitate voluntary data sharing.
Any such new legislation may impact upon the liability of those businesses reliant upon emerging digital technologies which perform tasks dependent on data, such as distributed ledger technology, AI, IoT and robotics.
Businesses will need to ensure that they circumscribe their own liability to the extent legally permitted in the EU, insure against the potential risks, carry out reasonable checks and monitoring of the quality of data they supply or rely upon, and secure appropriate contractual comfort where possible.
There is no federal legislation specifically allocating liability in relation to data across all industries.
China does not have a specific data liability law. However, when data is embedded in a product, say, to activate a function, such data (being a part of the product) will be subject to the quality requirements under the PRC Product Quality Law.
It is also common for information service providers to warrant certain levels of quality in relation to information being supplied, including data. In such cases, contractual liability will apply for breach.