Intellectual property and data protectioni Intellectual property
There are no intellectual property protections that are peculiar to fintech. However, in common with all evolving technologies, some fintech technologies do test the limits of the existing legal framework, this having not been written with these new technologies in mind. The most notable challenges come from blockchain technologies and technologies delivering artificial intelligence and machine learning applications.
The most important intellectual property rights for artificial intelligence are confidentiality, copyright and patent rights. The laws of confidence pose no unusual issues for artificial intelligence. However, from a wider financial services policy perspective, it would be preferable for innovators to disclose AI innovations rather than opt to keep these as trade secrets, so other protections come to the fore.
Copyright raises some issues in respect of ownership of the output of artificial intelligence, but otherwise copyright protection of source code remains as applicable to artificial intelligence software systems as it does for more traditional software systems.
It is in the realms of patent that the interesting issues around protection arise. In the UK, and under the European Patent Convention, in order to be granted a patent, the invention must be new, inventive, and capable of industrial application and not specifically excluded from protection as a patent. Mathematical methods are excluded, as are computer programs, which are, of course, at the heart of artificial intelligence development.
This is not to say artificial intelligence and machine learning algorithms cannot form part of a computer-implemented invention where they can be shown to have a 'technical effect'; they are just not patentable in and of themselves. Where they form part of platforms and applications that solve specific technical problems, then the success of a patent application improves significantly. In summary, a combination of copyright and patent protection should provide a good basis for protecting investment in artificial intelligence and machine learning in the UK.
Artificial intelligence is, of course, inextricably linked with the data it consumes and the financial services industry generates vast amounts of data. The data itself comes with a set of intellectual property protections – mostly confidentiality, sometimes copyright and, potentially, the sui generis database right. For example, look-up tables (databases accessed by software routines) are potentially protected by copyright in the structure of the database and by the sui generis database right protecting the extraction and reutilisation of the data contained in the database (provided the owner can show substantial investment in obtaining the data).
The database right is a powerful right, and while the protection ostensibly lasts for 15 years, each time substantial investment is expended in obtaining, verifying or presenting the contents of the database, a new database is likely deemed created and thus a rolling protection obtained. There has been some debate as to whether aggregations of data, for example, sensor or machine-generated data, can fulfil the 'substantial investment in obtaining' requirement of the database right. The debate continues as to where the threshold of effort lies. Irrespective of whether or not the contents of a database are protected by confidentiality or database rights, both can provide limitless protection. Because big data is becoming such an integral part of any business dealings, the UK competition authorities are sure to consider moves to counteract potentially monopolistic effects of vast datasets being controlled by relatively few market players.
Turning to blockchain technologies, similar issues are encountered: patent protection for spreadsheets is not available, and there will need to be some actual technical effect, similar to software-enabled inventions. Copyright is the most common form of protection for blockchain, both proprietary and open-source. The basic building blocks of many blockchain technologies are open-source software codes, but those building on top of the originating technologies may want to protect their inventions through more commercial protections, such as more restrictive copyright and patent licensing.ii Data protection
In the same way as for intellectual property, financial services technologies also test the existing legal framework around data protection, despite the General Data Protection Regulation (GDPR) being of very recent provenance.
The UK Information Commissioner's technology priorities for 2019 include cybersecurity, artificial intelligence, big data and machine learning and online tracking technologies, all of which are highly pertinent to technologies within the financial services sector.
Big data analytics again poses difficulties for data protection law. Difficulties include running large numbers of algorithms against vast datasets to find correlations; the opacity of the processing; the tendency to collect 'all the data'; the repurposing of data and the use of new types of data; not to mention the hurdles of distinguishing between data controllers and data processors. Clearly all of these activities have implications for data protection.
The Information Commissioner's Office is reaching out to partners as part of its Technology Strategy to better understand these technologies, and is seeking to establish a regulatory sandbox, drawing on the successful sandbox process that the FCA has developed. The sandbox is expected to enable organisations to develop innovative digital products and services, while engaging with the regulator, who will provide advice on mitigating risks and data protection by design.
New blockchain technology also poses data protection challenges. There has been significant debate as to whether or not the hashed information contained on the blockchain could be considered personal information and, if it is, how the GDPR can be reconciled with the benefits of the blockchain being an immutable source of the truth without the need for trusted intermediaries. This question has yet to be resolved.