Is data really that important to a business?
A quick survey of the top companies by market capitalisation readily reveals that data is key.
Nature of data, ownership, and control
Global | Publication | February 2021
In many jurisdictions pure information, or data, is not considered to be property.1 This is because a claim to property in intangible information presents obvious definitional difficulties, having regard (at least in common law jurisdictions) to the criteria of “certainty, exclusivity, control and assignability” that normally characterize property rights at common law, distinguishing them from personal rights.2 (The position of cryptoassets may be different, as they are increasingly being regarded as “digital assets” – as opposed to pure information – capable of constituting property in an increasing number of jurisdictions.)3
Accordingly it may not be straightforward for a data-holder to exercise a proprietary claim over pure information or data. In many jurisdictions rights to data / datasets are in practice not exercised by reliance on ownership of title or exclusive possession, but rather, by control to access and use. The equivalent of ownership in relation to data in practice may be better considered as the ability to control.
Control of data: Practical examples
A data holder might:
- prohibit access to data and datasets:
- by passwords.
- by use of technical protection measures such as encryption.
- make data / datasets available to another, but might control how that data can be used by putting in place technical protection measures (e.g. copy prevention, robot.txt, or rights management software).
- impose granular control by a contract / license, specifying exactly who can access data, how it can be used, for what purposes, and the duration of access and use.
- in certain circumstances, rely on intellectual property rights (see Ways of Protecting Data).
Who should have the right to control?
The determination of who should have the right to control data may not be obvious. For example:
- Internet of things (IoT): It can be difficult to ascertain who should own or have exclusive rights or access to machine-generated data within an IoT ecosystem. This is because, typically, the production of data / datasets will involve multiple stakeholders carrying out a number of processes, such as collection, aggregation and analysis (see our site, The Internet of Things for more information).
- Autonomous vehicles (AVs): The issue of ownership of data is particularly complicated in the world of autonomous vehicles because there are a multitude of different actors interacting within the data ecosystem:
- Autonomous vehicles depend on generating data about its surrounding environment so that the vehicle can navigate the road autonomously. This is made possible by technical means (such as cameras, LiDAR systems, RADAR, GPS positioning plus computer systems) installed by the vehicle manufacturer, which collect the surrounding data and process it in real time. It may also communicate wirelessly with other vehicles and roadside infrastructure (such as road signs, traffic lights) installed typically by local government, leading to further generation of data, including predictive data.
- The data is carried by a mobile network operator (or a mobile virtual network operator), ultimately for further analysis using a cloud service provider to extract information/data about behaviour, traffic and the environment.
- It is unclear how the rights in the co-generated data, generated by a number of different such actors (as well as the owner of the vehicle and the driver, who will both also have a stake in the data, and without whom the data would not have come into existence) should be allocated, especially where the different actors are not typically bound by contractual relationships with each other.
Some jurisdictions are already considering ways to address usage rights in co-generated data. For example:
- EU: In its Data Strategy Communication, the EU Commission has proposed the enactment of a new Data Act in 2021, which would clarify usage rights to co-generated data.
- Australia: There is no specific legislation addressing rights to co-generated data but the National Transport Commission has published a Government Access to Vehicle-Generated Data discussion paper to consider whether government should have the right to access and use vehicle-generated data.
Footnotes
1
See our briefing, Cryptocurrencies are property capable of being held on trust, New Zealand High Court holds.
2
See, for example, the English Court of Appeal case of Fairstar Heavy Transport NV v Adkins [2013] EWCA Civ 886.
The myriad ways in which data may be used
The value that can be gained from data by businesses will inevitably lead to an increase in the use of data to improve daily operations and to develop new products, services and processes.
Nature of data, ownership, and control
In many jurisdictions pure information, or data, is not considered to be property. This is because a claim to property in intangible information presents obvious definitional difficulties.
Ways of protecting data
There is a patchwork of different rights, intellectual property rights and contract rights that may apply to data. Understanding the way in which these rights come into play enables a business to understand how its data assets can be protected.
Disruptive technology data: case studies
Disruptive technologies, such as AI, IoT, AVs, distributed ledger technology (DLT), cryptocurrencies and smart contracts, generate many different forms of data. What are the particular characteristics of such data, and to what extent can intellectual property rights or other rights protect them?
The regulatory environment for data
In this section, we review the EU’s position with regards to industrial and non-personal data and look at whether other jurisdictions have similar initiatives.
Free flow of data
Data location laws (in relation to industrial and non-personal data) can be restrictive (as in banking secrecy laws, which may require some types of data to remain onshore or to be “localised”) or liberalising (as in laws that ban the prohibition of export of data from a locality).
Data for re-use
In furtherance of the objective of leveraging existing datasets paid for by public funds, a number of jurisdictions have sought to make public sector information (PSI) available to industry.
Antitrust / competition law data issues
The exclusive possession or control of data can have antitrust / competition law considerations, giving rise to access disputes.
Contractual considerations in sharing data
The uncertain nature of intellectual property rights in data means that “contract is king” in data transactions.
Managing Data
Data is an incredibly valuable resource for businesses, enabling organisations to effectively operate and to make business improvements. In order to exploit this value most effectively, businesses must invest in good data management.
Liability
Errors, incompleteness or biases within data may flow through, and be amplified by, data analytics process outputs upon which a business's strategic and investment decisions may depend, potentially causing business losses. In this section we deal with liability arising out of use of data / datasets that are in some respect sub-optimal.