iQoncept - Fotolia


Compliance battle over digital ownership has begun

Rules defining digital ownership will dictate how the data-based economy evolves. CIOs should get ahead of data asset management before competitors write rules to their advantage.

For over 30 years, legal systems worldwide have struggled to adapt to information technologies and the emergence of digital information as a separate and unique kind of property. Companies have expressed legitimate claims for the law to protect their digital assets, and governments have valued the ability to define and regulate behavior which undermines corporate -- and government -- investments in IT systems and their data. 

But the legal systems are hardly consistent in their solutions. In 1998, U.S. law extended copyright protections to digital works through the Digital Millennium Copyright Act; yet, courts have struggled to clearly define how and when "fair use" of protected content collides with technology protection measures.

In 1991, the U.S. Supreme Court established that factual information alone, without a minimum of original creativity, cannot be protected by copyright. In contrast, the European Union (EU) Database Directive adopted in 1996 grants protection to those who make substantial investments in developing databases, irrespective of the level of creative effort that may or may not exist. Japan's Copyright Law extends copyright protection to databases which, by reason of the selection or arrangement of their content, constitute intellectual creations.

Of course, privacy and data protection laws have evolved significantly, and the new EU General Data Protection Regulation (GDPR) goes further than ever in defining the mechanisms by which individuals and companies negotiate consent regarding the use of personally identifiable information (PII). Yet, the GDPR does not define who owns PII once certain consents are granted.

The CIO's guide to industrial data rules

These inconsistencies challenge the lawyers for any company that engages in international trade, as well as any business pursuing data analytics solutions that involve transferring, licensing, or sorting and filtering data with or among third parties: Who owns the inbound data? Who owns the outbound results?

Calls for digital ownership action

Most contracts fail to address digital ownership; yet, nearly every business relationship now requires the constant flow of highly proprietary data.

In a March 2017 podcast prior to the annual CeBit technology fair, German Chancellor Angela Merkel called for data ownership rules that would serve as a foundation on which German innovation and international competitiveness could be enriched. Within days, Alexander Dobrindt, the Federal Minister of Transport and Digital Infrastructure, called for a new law that would include giving data the same legal status as physical commodities. These policy views are significant, particularly when viewed in conjunction with the newly published Reference Architecture Model for the Industrial Data Space.

Japan's Ministry of Economy, Trade and Industry (METI) has also been producing important policy documents on their digital strategies. In May 2017, METI published Contract Guidelines on Data Utilization Rights, which confirm the importance of "proper contracts" to clarify how companies interact with industrial data (i.e., data that is not PII). The Guidelines emphasize that Japanese law does not recognize ownership of data except to the extent legally protected by copyright, trade secrets or similar existing statutes. As a result, contracts are recommended to more formally express the respective rights of the parties and model contract clauses are included in the Guidelines.

These national initiatives have been connected to larger, mutual agendas toward "digital trade," including addressing cooperation in a data economy as part of the negotiations of a comprehensive Economic Partnership and Free Trade Agreement between those countries and their economies. The Organisation for Economic Cooperation and Development has also been making active contributions toward the need to reform the legal infrastructure for digital information, with special emphasis on the need for "advanced governance frameworks" for the content of machine-to-machine communications.

The CIO's next steps

With each technology evolution during the last 40 years, one truth is consistently affirmed: Those who write the rules win the next battles. After all, new rules are always slanted to the strengths of those doing the writing. What should a CIO be doing to become part of the momentum and not be left playing by someone else's rules? Here are four key action items:

1. Identify your industrial data. Privacy reforms have distracted corporate resources away from focusing on non-PII, what can be called "industrial data." Creating separate inventories of your industrial data -- inbound sources, internal sources and external destinations -- is a vital first step. Most big data analytics require high-quality metadata and provenance. Are your primary data assets properly associated with such historical information?

2. Audit your existing contracts. Most contracts fail to address digital ownership; yet, nearly every business relationship now requires the constant flow of highly proprietary data. Confidentiality clauses just do not provide sufficient protection for digital relationships. CIOs should audit their existing contracts and evaluate how well their company's industrial data is being protected and, in turn, verify what rights the company has to use the industrial data acquired from others.

3. Create a culture of awareness. Most companies fail to recognize that industrial data has critical economic and functional importance. It is the information on which routine and extraordinary business decisions usually rely. CIOs must create awareness, particularly with legal counsel and other executive teams that structure joint ventures, supply chain sourcing, and similar business deals that the information exchanges created by the deals have critical value. Too often, the only concern is to assure the quality of information security. The drive toward data ownership requires so much more to be built into these deals.

4. Engage in writing the rules. Like the METI-published Contract Guidelines, many of the new rules for digital ownership are going to be authored from unexpected sources and new types of collaborations among the various stakeholders. CIOs need to engage their companies in existing initiatives within their industries, regions, or ecosystems and, if none exist yet, start a new initiative.

In 2017, we have witnessed a global acceleration toward crafting and adopting new rules that will control how companies can own the digital information assets under their control. The results that emerge will fundamentally shape how companies structure their rights to create, license, analyze, transfer, use, modify or destroy their data.

In 2016, KPMG International Cooperative published a report on the connected car that declared, "What's clear is this: Those who own the data win." No truer words exist for any industry, but writing the rules that define data ownership will best determine the next winners in the global digital economy.

The rules for digital ownership will also define how data analytics, innovation and market-based economies evolve. Now is the time that a CIO must recognize these issues and engage with the processes before competitors write the rules to their advantage.

Next Steps

Engineer regulatory mandates into mobile tech development

The business case for data governance

Ethics, legal issues hinder finance industry's artificial intelligence adoption

Dig Deeper on IT governance