Does a data monetization strategy require data ownership in the first place? Is it a question of ownership or entitlement to use data?
LawBytes #39 presents the second article of the data monetization special edition, a series of articles containing a practical in-depth study on legal issues, tools, and strategies to exploit information and create value from big data.
Following our previous post “Opportunities and legal challenges of data monetization” in this post we will address one of the leading issue in every Big Data strategy: is it necessary to own the data to exploit them?
The data ownership dilemma in a monetization strategy
It is critical to regulating the transfer and protection of data adequately to enable safe data exploitation, considering the substantial value of data.
Indeed, database transactions give rise to many legal issues ranging from antitrust to privacy, with implications in different fields of law depending on the classification and nature of the data itself (e.g., raw vs. processed data, personal vs. non-personal data, open vs. confidential data). Such legal challenges are particularly impressive considering the non-material, non-consumable and – sometimes – non-rivalrous nature of Big Data.
Once data is under the control of a business, it feels to be in the position to decide how to use – or not use – such data, being well aware that as that data is non-rival it might be used – at the same time – by some other entity (e.g., in the case of statistical information acquired from a public body).
Therefore the first major question to be tackled is: who owns the data? And what right is held on such data?
There are several legal instruments available in this sense ranging from trade secret rules, or the sui generis protection for data banks. However, who lawfully holds the data feels in the position to be entitled to use them, therefore the term data entitlement appears much more appropriate than data ownership in a monetization strategy. So the second big question now is: what kind of data can you be entitled to use?
Data vs. information
In 1995, the director of the Medialab of the Massachusetts Institute of Technology, defined the bit as “the DNA of information“, identifying in digital data and digitalization what would trace the boundary line between two immeasurable cultural shifts.
The translation or description of anything in binary language allows the reunification of language, logic, and mathematics, calculation and description. When we talk about the data which produce and compose Big Data archives, we refer exclusively to digital data. This data coincide with those mentioned in a recent definition in the European legal system, contained in the EU Regulation 910/2014, the so-called “eIDAS Regulation“, which defines an electronic document as “any content stored in electronic form, in particular text or sound, visual or audiovisual recording“.
Analogic data (neither produced nor readable/stored through digital techniques) cannot become Big Data because such modern data aggregates are the prerogative of digital information production technologies. Analogic data must first become digital data to become susceptible to be part of a Big Data aggregate.
Data, therefore, is the minimum information unit (or bit), i.e., an unorganized component of the information. Information can be seen as the result of a data processing activity, resulting as an output of a process of elaboration in which a structure transforms, according to its own rules of operation, data into information.
One of the fundamental principles of copyright law provides that law does not protect the information itself, but rather the specific expressive form of presentation of information. It is sufficient to read Article 9(2) of the TRIPs Agreement:
“Copyright protection covers expressions and not ideas, processes, methods of operation or mathematical concepts as such”.
As a result, there is no legal protection available for pure information, whereas there can be some protection for raw data.
What protection for pure data?
The misappropriation of data by unauthorized parties, as well as the use of data for unauthorized purposes, and the reckless inclusion of such data on the web, can eliminate the competitive advantage that the database represents for the company and annihilate the investment made for its implementation and maintenance.
Therefore, before developing data monetization strategies, consideration should be given to how to protect databases.
To date, laws protect databases, know-how, and trade secrets, while the protection of pure raw data, which play a fundamental role in the exploitation of commercial and industrial value, is uncertain.
For example, the so-called sui generis right (implemented in articles 102 bis and 102 ter of Italian Copyright Law) gives the “creator” of a database the exclusive right to prohibit the extraction or reuse of all or a substantial part of its database as well as the forms of use that constitute an unlawful economic exploitation of its content.
However, this form of protection does not protect data taken individually, but only data that form part of a database, which excludes all data measured by sensors or produced by machines, at least in the first phase of their existence, i.e. before being collected in a database. This scenario creates a protection gap in the period between the production of the data and its collection to the detriment of the manufacturer.
To this need, strongly felt by stakeholders, the European Union is trying to give a satisfactory and precise answer as can be seen from recent legislative developments. The actions from the EU include the proposal for a Directive for the re-use of information in the public sector and the Regulation on the circulation of non-personal data, but especially from the various public consultations launched during the last two years, including that on the so-called Database Directive, which introduced the sui generis protection of databases.
The Commission is currently revising such a legal framework on data ownership, and hopefully, the new 2020-2024 EU Agenda will bring forward the legislative update to enable and foster the new data monetization based business models.
In the meanwhile…, don’t miss the next episode of LawBytes Data Monetization special edition, we’ll explore the privacy risks arising in database transfer contracts and the available legal measures to protect assets and limit liability.
Also, if you are interested in this topic don’t miss our previous posts: “EU blockchain resolution and the new regulation on data flow” and “Opportunities and legal challenges of data monetization“.