Nature of data, ownership, and control

Global Publication February 2021

In many jurisdictions pure information, or data, is not considered to be property.1 This is because a claim to property in intangible information presents obvious definitional difficulties, having regard (at least in common law jurisdictions) to the criteria of “certainty, exclusivity, control and assignability” that normally characterize property rights at common law, distinguishing them from personal rights.2 (The position of cryptoassets may be different, as they are increasingly being regarded as “digital assets” – as opposed to pure information – capable of constituting property in an increasing number of jurisdictions.)3

Accordingly it may not be straightforward for a data-holder to exercise a proprietary claim over pure information or data. In many jurisdictions rights to data / datasets are in practice not exercised by reliance on ownership of title or exclusive possession, but rather, by control to access and use. The equivalent of ownership in relation to data in practice may be better considered as the ability to control.


Control of data: Practical examples

A data holder might:

  • prohibit access to data and datasets:
    • by passwords.
    • by use of technical protection measures such as encryption.
  • make data / datasets available to another, but might control how that data can be used by putting in place technical protection measures (e.g. copy prevention, robot.txt, or rights management software).
  • impose granular control by a contract / license, specifying exactly who can access data, how it can be used, for what purposes, and the duration of access and use.
  • in certain circumstances, rely on intellectual property rights (see Ways of Protecting Data).


Who should have the right to control?

The determination of who should have the right to control data may not be obvious. For example:

  • Internet of things (IoT): It can be difficult to ascertain who should own or have exclusive rights or access to machine-generated data within an IoT ecosystem. This is because, typically, the production of data / datasets will involve multiple stakeholders carrying out a number of processes, such as collection, aggregation and analysis (see our site, The Internet of Things for more information).
  • Autonomous vehicles (AVs): The issue of ownership of data is particularly complicated in the world of autonomous vehicles because there are a multitude of different actors interacting within the data ecosystem:
    • Autonomous vehicles depend on generating data about its surrounding environment so that the vehicle can navigate the road autonomously. This is made possible by technical means (such as cameras, LiDAR systems, RADAR, GPS positioning plus computer systems) installed by the vehicle manufacturer, which collect the surrounding data and process it in real time. It may also communicate wirelessly with other vehicles and roadside infrastructure (such as road signs, traffic lights) installed typically by local government, leading to further generation of data, including predictive data.
    • The data is carried by a mobile network operator (or a mobile virtual network operator), ultimately for further analysis using a cloud service provider to extract information/data about behaviour, traffic and the environment.
    • It is unclear how the rights in the co-generated data, generated by a number of different such actors (as well as the owner of the vehicle and the driver, who will both also have a stake in the data, and without whom the data would not have come into existence) should be allocated, especially where the different actors are not typically bound by contractual relationships with each other.

Some jurisdictions are already considering ways to address usage rights in co-generated data. For example:

  • EU: In its Data Strategy Communication, the EU Commission has proposed the enactment of a new Data Act in 2021, which would clarify usage rights to co-generated data.
  • Australia: There is no specific legislation addressing rights to co-generated data but the National Transport Commission has published a Government Access to Vehicle-Generated Data discussion paper to consider whether government should have the right to access and use vehicle-generated data.


2   See, for example, the English Court of Appeal case of Fairstar Heavy Transport NV v Adkins [2013] EWCA Civ 886.