Is data really that important to a business?
A quick survey of the top companies by market capitalisation readily reveals that data is key.
Liability
Global | Publication | February 2021
Errors, incompleteness or biases within data may flow through, and be amplified by, data analytics and process outputs (such as trend analysis and predictions) upon which strategic and investment decisions may depend, potentially causing business losses. Businesses may rely on data sourced from third parties and suffer loss, or cause loss to third parties based on its own data or that it has sourced from others. In this part we deal with liability arising out of use of data / datasets that are in some respect sub-optimal.
Disruptive technologies can give rise to unique risks and a range of liabilities in relation to data in their data ecosystems. Such technology-specific issues are dealt elsewhere (see our sites, AI, IoT, AVs, distributed ledger technology, cryptocurrencies and smart contracts).
Data quality will likely depend on the nature of its source
Data sourced from different sources may vary in quality. Businesses will need to consider a number of factors in relation to the question of quality:
- Machine-generated datasets: May include errors where, say, input data was incorrect (for example, incorrect environmental data received from IoT sensors).
- Open data: So-called "open data" is typically licensed on terms similar to those applicable to open source software. Such terms usually give little or no comfort in relation to the reliability (and non-infringing nature) of the licensed material. Similarly in the case of publicly available data sourced from local authorities or central government, public providers of such data are seldom willing to accept liability for losses arising from reliance on the data (particularly where the data is provided free or for a nominal charge).
- Licensed-in data: Contractual provisions can provide for certain level of quality, for example, by obliging the data provider that the licensed-in data will have been subject to certain checks.
- Data created in-house: Data governance policies should be applied and complied with to ensure the integrity of in-house data (see Managing Data).
Liability regimes specific to data
Are we likely to see legal systems enacting laws that deal with allocating liability specifically in relation to non-personal or industrial data?
EU
As at the date of publication, the European Commission’s view is that the transfer of information should be considered a service, so that the provision of data would fall outside the EU product liability and safety regimes (see the discussion on product liability as it relates to IoT ecosystem data at our site, The Internet of Things).
However, the European Commission is working on addressing the gaps in the present product liability and safety framework exposed by the challenges that arise from the use of emerging technologies (like connectivity, autonomy, data dependency, opacity, complexity of products and systems, software updates and more complex safety management and value chains).1
Other sources of liability need to be considered. In common law jurisdictions, for example, businesses who on-supply data, or who provide services dependent on it, could potentially face claims in contract, in tort (for example, for negligent misstatement) or for some other form of liability. In the EU, for example, there may be consumer claims based on the EU’s Digital Content Directive (2019/770)).
Other new EU legislation?
The European Commission is, at the date of publication, exploring the need to clarify rules on legal liability to ensure responsible sharing and use of data in the form of a proposed Data Act (envisaged for 2021) in order to facilitate voluntary data sharing.2
Any such new legislation may impact upon the liability of those businesses reliant upon emerging digital technologies which perform tasks dependent on data, such as distributed ledger technology, AI, IoT and robotics.
Businesses will need to ensure that they circumscribe their own liability to the extent legally permitted in the EU, insure against the potential risks, carry out reasonable checks and monitoring of the quality of data they supply or rely upon, and secure appropriate contractual comfort where possible.
United States
There is no federal legislation specifically allocating liability in relation to data across all industries.
China
China does not have a specific data liability law. However, when data is embedded in a product, say, to activate a function, such data (being a part of the product) will be subject to the quality requirements under the PRC Product Quality Law.
It is also common for information service providers to warrant certain levels of quality in relation to information being supplied, including data. In such cases, contractual liability will apply for breach.
The myriad ways in which data may be used
The value that can be gained from data by businesses will inevitably lead to an increase in the use of data to improve daily operations and to develop new products, services and processes.
Nature of data, ownership, and control
In many jurisdictions pure information, or data, is not considered to be property. This is because a claim to property in intangible information presents obvious definitional difficulties.
Ways of protecting data
There is a patchwork of different rights, intellectual property rights and contract rights that may apply to data. Understanding the way in which these rights come into play enables a business to understand how its data assets can be protected.
Disruptive technology data: case studies
Disruptive technologies, such as AI, IoT, AVs, distributed ledger technology (DLT), cryptocurrencies and smart contracts, generate many different forms of data. What are the particular characteristics of such data, and to what extent can intellectual property rights or other rights protect them?
The regulatory environment for data
In this section, we review the EU’s position with regards to industrial and non-personal data and look at whether other jurisdictions have similar initiatives.
Free flow of data
Data location laws (in relation to industrial and non-personal data) can be restrictive (as in banking secrecy laws, which may require some types of data to remain onshore or to be “localised”) or liberalising (as in laws that ban the prohibition of export of data from a locality).
Data for re-use
In furtherance of the objective of leveraging existing datasets paid for by public funds, a number of jurisdictions have sought to make public sector information (PSI) available to industry.
Antitrust / competition law data issues
The exclusive possession or control of data can have antitrust / competition law considerations, giving rise to access disputes.
Contractual considerations in sharing data
The uncertain nature of intellectual property rights in data means that “contract is king” in data transactions.
Managing Data
Data is an incredibly valuable resource for businesses, enabling organisations to effectively operate and to make business improvements. In order to exploit this value most effectively, businesses must invest in good data management.
Liability
Errors, incompleteness or biases within data may flow through, and be amplified by, data analytics process outputs upon which a business's strategic and investment decisions may depend, potentially causing business losses. In this section we deal with liability arising out of use of data / datasets that are in some respect sub-optimal.