In this twelfth article in our series on "Big Data & Issues & Opportunities" (see our previous article here), we take a closer look at the data ownership issues surrounding the (big) data value chain and examine how such issues are addressed at EU and Member State level. Where relevant, illustrations from the transport sector will be provided.
The European Commission has voiced on multiple occasions the most important legal issues in a data environment. In its data-driven economy Communication of July 2014 already, but also in the context of its 2016 free flow of data initiative, it highlighted that "barriers to the free flow of data are caused by the legal uncertainty surrounding the emerging issues on 'data ownership' or control, (re)usability and access to/transfer of data and liability arising from the use of data".
Indeed, if they cannot rely on any of the other exclusive rights discussed in this article series (see for instance our article on Intellectual Property Rights), stakeholders in the (big) data analytics lifecycle increasingly try to claim "ownership" in (parts of) the datasets used in the analytics.
The "ownership" concept
There is often some kind of misunderstanding between legal practitioners and non-legal professionals on the meaning of the term "ownership".
Following the Oxford Dictionary of Law, the word "ownership" has the following meaning: "it is the exclusive right to use, possess, and dispose of property, subject only to the rights of persons having a superior interest and to any restrictions on the owner's rights imposed by agreement with or by act of third parties, or by operation of law." It is therefore something that implies certain rights over a property such as being able to enjoy, use, sell, rent, give away, or even destroy an item of property. Ownership may be corporeal (i.e. title to a tangible/material (im)movable object) or incorporeal (i.e. title to an intangible object, such as intellectual property, or a right to recover debt).
However, for businesses, the meaning of "ownership" may be different, especially in a data environment. It is often used to assign responsibility and accountability for specific databases, whereby reference to the "data owner" is made. In such particular context, 'ownership' does not have a legal connotation but refers to other concepts such as assurance of data quality and security. There is thus no transfer of or licence over a property as such.
In this article, the term "ownership" will be used in its legal meaning. This nevertheless includes certain difficulties due to the particularities of data. Indeed, data is not like any other tangible or intangible "thing". It has certain characteristics often put forth when discussing the data economy, such as the fact that data is limitless and non-rivalrous, that fit uneasily with the legal concept of "ownership".
Actors in the data value chain who could claim ownership in data
The issue of data ownership is even more complicated by the data value cycle which can be rather complex and involves numerous stakeholders. This increases the difficulties in determining who could or would be entitled to claim ownership in data. Many of such stakeholders may attempt claiming ownership in data because, for instance, they create or generate data, or because they use, compile, select, structure, re-format, enrich, analyse purchase of, take a licence on, or add value to the data. Accordingly, in many instances, different stakeholders will have different powers depending on their specific role. Hence, no single data stakeholder will have exclusive rights.
The following Figure created by the Organisation for Economic Co-operation and Development (OECD) aims to depict the data value cycle.
Looking at the data value cycle, one can distinguish various actors and determine their roles in the data economy, in particular in the "datafication" process, the analysis of data, and the decision-making phase. It should however be kept in mind that certain organisations may play multiple roles. Also, the data value cycle does not reflect the cross-border flow of data and the legal intricacies related thereto.
There is a multitude of actors on the market actively reaping the benefits of the data economy. The relationships between such actors are an essential element of the data value cycle. Some of the most important actors are depicted in the layered Figure below, whereby the underlying layers supply the upper layers with goods and services:
Illustration in the transport sector: The developments in relation to connected and autonomous vehicles have also raised questions with respect to data ownership. The on-board computing systems present in connected and autonomous vehicles will allow for the transfer of substantial amounts of information, including about the driver and its location. At the current stage, it is still unclear who will "own" this information among the many different actors involved; i.e. the driver who the personal data relates to, the owner of the vehicle (if different from the driver), the manufacturer of the vehicle, insurance companies, navigation service providers, the government, or any other third party. Any data ownership claim may have a far-reaching impact on the further implementation of the technology concerned. In any event, the personal data protection rules will need to be respected.
Legislation on data ownership
Our researches have not enabled us to identify any EU legislation that would specifically regulate the question of ownership in data. This being said, such absence of ownership-related legislation does not exclude the fact that there are numerous legislations that have an impact on data or that may confer some kind of protection to certain types of data or on datasets (i.e. copyright, database rights and trade secrets).
The same issues apply when looking at the situation at Member State level. There clearly is no specific data-related legislation that explicitly recognises ownership in data in the various Member States. Having said that, some countries have legislation in place allowing to control the flow of data. One example would be France, where the civil code sets out mechanisms (based on both civil and criminal law measures) enabling the holder of data to prevent or restrain the misuse of data.
Case law addressing the issues of "ownership" of data
Thus far, there has been no real EU or national jurisprudence satisfactorily dealing with the issues surrounding data ownership. Nevertheless, some decisions at EU and national level may give an indication on how these issues may be dealt with in the future:
- EU: According to some authors, the Court of Justice of the European Union opened the door for a discussion on ownership in intangible assets in its UsedSoft judgment issued on 3 July 2012. In this ruling, the Court held that the commercial distribution of software via a download on the Internet is not only based on a licence, but on a sale of goods. Therefore, the owner of copyright in software cannot prevent a perpetual "licensee" from selling his software (understood as downloaded file). The decision implies that there is a specific ownership attributed to intangible goods like software downloaded via the Internet. Applicability of this model to other digital goods remains to be considered in future court decisions.
- Germany: In a case concerning the destruction of data, the Higher Regional Court of Karlsruhe considered that deletion of data stored on a data carrier may violate the ownership in the data carrier under the German Civil Law Code, extending the protection of the ownership in the data carrier to data stored on it. Later decisions of German courts opposed the possibility to hold ownership over data as such, since data lacks the necessary material character and since it is not considered a ‘thing’ under the German Civil Law Code. The Court of Appeal of Nuremberg has built on the general principle adopted in Germany, according to which things that are neither rights nor goods may nevertheless be sold within a sale contract (Section 453 of the German Civil Act). To decide whether former employees were allowed to delete the data stored on their company-owned laptops, the Nuremberg Court made reference to the theory of the so-called "Skripturakt". According to this theory, the person who generates the data gets the right to the data, even if the data afterwards are used for the business or for the sake of the employer. In consequence, under criminal law and in this particular case, the employees were allowed to delete the data.
- United Kingdom: So far, the UK courts held that data is not property and therefore cannot be stolen, that data are not eligible to be the subject of a common law lien, and that there is no proprietary right in the content of an email.
- France: The French Supreme Court ("Cour de cassation") rendered a ruling in 2015 that could open a way to recognising the ownership of "data". The Court found that (remotely) downloading computer data without taking away their support may amount to the offence of theft, acknowledging therefore indirectly that such independent data may be owned.
Commission Communications having an impact on the Data Ownership Debate
"Towards a Thriving Data-Driven Economy" (2014)
The 2014 Commission Communication entitled "Towards a thriving data-driven economy" expected the big data market to grow worldwide to USD 16.9 billion in 2015 at an annual rate of 40%. The Commission nonetheless also indicated that the EU had been slow in embracing this revolution and that the complexity of the legal environment and the insufficient access to large datasets created entry barriers to SMEs and stifled innovation.
The 2014 Communication addressed the various challenges by sketching the features of the European data-driven economy of the future and drawing some conclusions to support and speed up the transition towards it. It notably concluded that to be able to seize the opportunities related to a data-driven economy and to compete globally in such economy, the EU must "make sure that the relevant legal framework and the policies, such as on interoperability, data protection, security and IPR are data-friendly, leading to more regulatory certainty for business and creating consumer trust in data technologies".
In a section dedicated to the regulatory issues, the Communication further highlighted the issues related to personal data protection and consumer protection, data mining, and security. It also raised the concerns pertaining to the ownership and liability of data provision and data location requirements in various sectors that limit the flow of data.
"A Digital Single Market Strategy for Europe" (2015)
In its 2015 Staff Working Document related to the Digital Single Market, the Commission reiterated the legal issues by putting forth problem drivers related to the data economy: "currently, collecting, processing, accessing and protecting data is a major challenge. This includes issues such as ownership of data, treatment of personal and industrial data, availability, access and re-use, contractual terms and conditions, data security, quality of data (e.g. timely updates), authentication of users, cybercrime, acceptance of electronic documents, liability for incorrect information, standardisation of languages and formats."
"Building a European Data Economy" (2017)
The EU Commission carefully examined the most topical issues related to data in its Communication on "Building a European Data Economy" and the associated Staff Working Document.
With respect to the particular issue of data access, we note in particular the EU Commission's conclusion according to which "comprehensive policy frameworks do not currently exist at national or Union level in relation to raw machine-generated data which does not qualify as personal data, or to the conditions of their economic exploitation and tradability. The issue is largely left to contractual solutions." In the same vein, the EU Commission also concludes that "where the negotiation power of the different market participants is unequal, market-based solutions alone might not be sufficient to ensure fair and innovation-friendly results, facilitate easy access for new market entrants and avoid lock-in situations."
Finally, the Communication suggests several non-exhaustive and not mutually exclusive possibilities, to be discussed with stakeholders, to move forward on the issue of access to machine-generated data. Some suggested measures are non-legislative and consist of (i) the creation of guidance on incentivising businesses to share data; (ii) fostering the development of technical solutions for reliable identification and exchange of data; and (iii) the creation of model contract terms. Other suggested measures are of a legislative nature and amount to (i) the creation of default contract rules; (ii) providing access to commercially-held data to public sector bodies for public interest and scientific purposes; (iii) granting a right to use and authorise the use of non-personal data to the "data producer"; and (iv) the creation of a legal framework governing access to data against remuneration.
"Towards a Common European Data Space" (2018)
In its Communication entitled "Towards a common European data space", the Commission proposes a package of measures as a key step towards a common data space in the EU.
Such initiative was supported and driven by a stakeholder dialogue and replies to the Public Consultation on "Building the European Data Economy". As regards business-to-business data sharing, such stakeholder dialogue showed that stakeholders are not in favour of a new 'data ownership' type of right, on grounds that "the crucial question in business-to-business sharing is not so much about ownership, but about how access is organised".
Legal doctrine related to data ownership
In line with the increasing coverage of data ownership by the Commission in its Communications, the problem of data ownership has been reported by numerous authors.
Some authors are generally in favour of the creation of an ownership right, whereas others make the distinction between an exclusive and non-exclusive right to property in data. Thus, the Max Planck Institute for Innovation and Competition has stated, jointly with other authors, that it could see neither a justification nor a necessity to create exclusive rights in data. Other academics do not necessarily dismiss the idea of an exclusive right in data, but claim its advent to be premature. The authors of this article already expressed their preference for the creation of a non-exclusive ownership right paired with data sharing obligations in the context of the EU-funded H2020 project TOREADOR.
Looking at the situation under Member States' laws, we observe a similar level of divergence.
The current lack of clarity as to the status of data under UK law was addressed for instance by Christopher Rees, who believes that data could be classified as property (based on a simple definition of property as the right to use something and exclude others from its use).
Most of the German academics argue that German law does not know a right in data as such, even if in some instances they recognised the need for creating such right. There are however voices opposing this line of thought, in view of the jurisprudence of the German Courts. In particular, Prof. Dr. T. Hoeren examined the issues of data ownership under the current German legal framework and jurisprudence, concluding that "in general, the property in data is attributed to the originator, creator, or producer of these data. However, in the case of data made for hire (to use the US copyright term), the data belong to the employer". Other scholars seem to suggest that one may rely on the current wording of Section 950 of the German Civil Code to claim some kind of property right in data. Such Section stipulates that "A person who, by processing or transformation of one or more substances, creates a new movable thing acquires the ownership of the new thing, except where the value of the processing or the transformation is substantially less than the value of the substance. Processing also includes writing, drawing, painting, printing, engraving or a similar processing of the surface." Despite the legal uncertainty surrounding such theory, and notably its particular application to intangible assets such as data, certain undertakings have already relied on it in their general terms and conditions. Having said that, the majority of German academics seems to agree that no right in data exists.
Commentators seem to be divided as to the ownership of data under French law. While some commentators indicate that data are not appropriable as such, others believe that in view of the abovementioned ruling of the French Supreme Court the ownership over data cannot be called into question. Having said that, most discussions on the recognition of ownership seem to focus on individuals' ownership over their personal data.
Illustration in the transport sector: In the course of 2017, the German Federal Ministry of Transport and Digital Infrastructure (Bundesministerium für Verkehr und digitale Infrastruktur – "BMVI") conducted a study, the results of which advocate the creation of an ownership right for (mobility) data. In said study, the BMVI highlights the opportunities of (big) data use in the transport sector. It however regrets the heterogeneity and fragmentation of data-related regulations, and therefore advocates the creation of a – potentially exclusive – property-like right in (mobility) data in order to encourage the development of new business models. The BMVI suggests assigning data to the one who has made a substantial investment in the creation thereof, as it feels this would be in line with the economic reality and would provide legal certainty. In order to implement the ownership right in practice, the BMVI considers two different options. The first option entails the immediate creation of an entirely new "data law". The second option consists of different measures that would eventually lead to the development of a data law.
In a big data context, different third-party entities may try to claim ownership in (parts of) a dataset, which may hinder the production of, access to, linking and re-use of big data, including in the transport sector. This article has however amply demonstrated that the current legal framework relating to data ownership is not satisfactory.
No specific ownership right subsists in data and the existing data-related rights do not respond sufficiently or adequately to the needs of the actors in the data value cycle. Up until today, the only imaginable solution is capturing the possible relationships between the various actors in contractual arrangements.
Nevertheless, filling the data ownership gap with contractual arrangements is far from ideal. It would be practically burdensome – and probably even impossible – to regulate with full legal certainty by means of contracts the ownership issues in large-scale data undertakings where there is a multitude of data sources, storages, analyses and thus a myriad of actors who would want to claim ownership in the data concerned. On top of all that, comes the issue where contracts are in principle nonbinding, and therefore unenforceable, vis-à-vis third parties. This issue is further examined in our next article in this series, which will address data sharing agreements in the context of big data, with illustrations drawn from the transport sector.