As businesses start to see the value in holding large data-sets, many are looking at investing in companies that use (or, depending on your terminology, ‘scrape’) data from third party sources. Meanwhile, the regulators and courts are looking at the legal limits on scraping, storing and using big data. Buyers of data-heavy targets should think about any potential legal problems they might be buying into. Here are some tips for due diligence:
- Check the scope of the target’s licences to scrape data, and to store and use that data. Data scraping can infringe copyright and database rights, and holding a collecting society licence might not be a defence.
- Check whether the target uses a third party to scrape or store data. If so, check the contractual arrangements: who’s responsible for scraping and sharing data lawfully and for storing it securely? Who’s liable if anything goes wrong
- Beware of international differences: the legal position will differ, even between European countries. The issue becomes more complex if data scraped in one country is stored or made available in a different country.
- Check if personal data is involved. EU-wide and country-specific laws govern how businesses can collect, store and use people’s personal data. Penalties include fines and - possibly worse - reputational damage.
In short, a savvy buyer will build a ‘data map’ of the target. Find out: what data is collected; how it’s collected; where it’s stored; how it’s shared; and what permissions are in place - both within the business and externally. Assess the risks at each stage and whether the target has proper compliance policies and contractual protections.