Regulating machine data: less is more for global growth

By Thaddeus Burns, Senior Counsel, Intellectual Property & Trade, General Electric Company

The exponentially growing importance of data derives from several interrelated technological trends in the digital economy, including the Internet of Things (IoT), machine learning, big data, machine-to-machine communication, artificial intelligence and cloud computing.

The IoT comprises a vast number of connected industrial systems that communicate and coordinate their data analytics and actions to improve industrial performance. Its key principle is the implementation of cyber-physical systems, i.e., networks of microcomputers, sensors and actors embedded in materials, devices or machines, connected through the Internet. For example, a single oil well equipped with 20-30 sensors can generate 500,000 data points every 15 seconds. According to estimates, over 26 billion devices will be connected to the Internet by 2020.

More broadly, the digital economy contributes significantly to the social, economic and environmental advancement of the world. First, IT solutions diffuse at unprecedented speed, permitting rapid deployment of technology to the poorest people in the world and improving access and participation opportunities. Second, digital technologies place people at the center of products and services, allowing for attractive offerings at reduced costs with improved sustainability and user-friendliness. Third, they enable new business models that enhance innovation and growth in a wide range of sectors.

In order to allow the digital economy to realize its enormous potential, it is crucial to devise an adequate policy framework, in particular one that encourages the free movement of data on a global scale. Policymakers throughout the world have been considering how to respond. A case in point is the European Union. In early 2017, the European Commission published Building a European Data Economy, a communication which outlines its Data Economy Package, the final building block of its Digital Single Market Strategy.

The communication aims to review the rules and regulations hindering the free flow of non-personal data. To this effect, it makes a number of important proposals to remove unjustified or disproportionate data location restrictions. In recent years, governments have been erecting borders in cyberspace, including in particular data localization requirements. These can take the form of rules that prohibit information from being sent outside the country, subordinate such data transfers to the prior consent of the data subject, require copies of information to be stored domestically, or provide for taxation of exported data. Many data localization requirements have an unclear justification or are overbroad.

The Commission also discusses legal issues pertaining to access to and transfer of non-personal machine-generated data. One of the concepts floated in the communication is the creation of a “data producer’s right” that would protect industrial data. As the Commission points out, neither the prevailing intellectual property (IP) regime, especially copyright, nor the sui generis right provided under the Database Directive (96/9/EC) allow for the protection of machine-generated raw data. Copyright covers only acts of authorship conducted by human beings, while the sui generis database right protects exclusively data structured in a “database.” The communication also underlines that the right should cover the data only at the syntactical (in terms of the structure and arrangement of contents of databases) – not the semantic – level, and that care should be taken to ensure that ideas and information remain free.

The Commission’s stated objective is to improve access to anonymous machine-generated and machine-to-machine data, thereby facilitating and incentivizing the sharing of such data. However, for a variety of reasons, it seems doubtful that the introduction of a sui generis property right is a plausible approach.

First, there seems to be no incentive problem – the standard economic justification for the establishment of a property right – with regard to the production and use of non-personal data. Technical protection measures allow data holders to exclude others or charge them a price for making data available. What is more, today access to machine-generated industrial data is governed primarily by contracts. These agreements are the outcome of negotiations between sophisticated parties who have a sound understanding of the data involved and how it will be generated, used, exchanged and accessed.

Current contract law and practices allow adaptation to the considerable variety of scenarios involving machine-generated data in business-to-business (B2B) dealings, including emerging business models and new technologies. Companies that create new products and services in fast-changing markets require flexibility to determine a solution that best fits their objectives. Ultimately, it is of key importance to maintain contractual freedom. Regulatory intervention would risk imposing a uniform approach that is unsuited to the varied and complex contracting needs at issue.

Second, creating a new layer of rights in machine-generated data would interfere with the two existing IP regimes in the area of data and information, namely copyright and database rights. For instance, insofar as a film shot with a digital camera would qualify as a machine-generated data subject, it would benefit not only from copyright but also from “data producer’s right” protection. As a consequence of such overlap, the “data producer’s right” would undermine statutory limitations and exceptions under laws governing copyright or database rights. For example, under current EU law, both copyright and database rights allow users to copy or extract data from databases for non-commercial research purposes. Unless the “data producer’s right” reproduced all relevant existing exceptions, it would compromise these important user freedoms. A case in point is the area of data mining: the currently debated Proposal for a Directive on Copyright in the Digital Single Market contains a mandatory exception to both copyright and database rights for text and data mining by non-commercial research organizations.

In addition, a new data right would erode the economic incentives embedded in IP rights. For example, the main rationale for the sui generis right is to further investment in the building of databases from pre-existing data and other materials. A parallel no-threshold right in machine-generated data would weaken this incentive.

Third, the proposal to introduce a new right for non-personal machine-generated data could result in considerable legal uncertainty for anyone creating and reusing data. For instance, according to the Commission the General Data Protection Regulation (GDPR) of 2016 “continues to apply to any personal data (whether machine generated or otherwise) until that data has been anonymised.” In practice, however, it is hard to distinguish between those cases involving data relating to persons from which an individual is not identifiable and those cases involving the processing of data whereby an individual is identifiable. In addition, personal data can be changed to non-personal data through the process of anonymization, and non-personal data can be transformed at some future point into personal data – to which all of the rules of data protection would be reapplied. This ongoing legal uncertainty for data controllers complicates the decision-making process as to the legal regime that applies. In particular, the proposed property right seems to undermine the new right of data portability (Article 20 GDPR) that the regulator conceived to support the free flow of personal data in the EU and foster competition between data controllers.

A further concern relates to big data, that is, the extraction of information through large-scale data analyses. Big data is premised on the idea that non-personal data is most valuable when utilized in large quantities. Exclusive rights over small amounts of data would hamper big data analyses as it would necessitate a multitude of data acquisitions from a host of different data owners.

In the EU’s public consultation process, which generated more than 300 responses from businesses and other organizations, the vast majority of respondents rejected the proposal to create ownership-type rights. Currently there is no sui generis right in industrial data, and the ongoing success of the data industry essentially draws on contractual agreements. Thus, it is difficult to perceive a clear policy rationale – such as an incentive problem – for an intervention on the part of the regulator. On the contrary, a new right of ownership could needlessly complicate the existing framework.

From a policy perspective, the key challenge is to guarantee that all countries benefit from the rapid dissemination of new technologies. Rather than instituting a new IP right, to unleash the digital economy’s enormous potential for more inclusive growth worldwide policymakers should embrace a legal and regulatory environment that allows for unhindered cross-border data flows on a global scale. Such an environment necessitates the absence of unjustified data location requirements as well as the implementation of clear and enforceable rules.