Companies are growing increasingly adept at ingesting, analyzing and monetizing data collected from a wide variety of internal and external sources. In doing so, they should not only address the legal and regulatory risks associated with data monetization but also protect and preserve value and competitive advantage.
Whether it’s insurance companies pricing policies based on relevant data models or retailers optimizing inventory management based on sales data, companies across industries have historically gathered information and analyzed it to improve their business. Recently, there has been a dramatic rise in interest in finding ways to further monetize data and drive value for the business.
This trend appears to be driven primarily by three factors. First, the amount of data that is being collected has increased exponentially due, in large part, to the prevalence of smart and connected devices and equipment generating information. Second, companies are increasingly interconnected and, as a result, have access to not only the data they collect but the data that their new and existing business partners collect. And third, the tools that are available to aggregate and analyze data have improved substantially, including through artificial intelligence or other advanced analytics, and, importantly, have become more accessible.
As a result, companies are increasingly interested in, and focused on, ways to monetize the abundance of data to which they have or can reasonably obtain access. Some companies are focused on monetization through internal use—using analytics to get a better understanding of their products and their customers and ultimately find ways to reduce costs or increase revenue. Other companies are focused on monetization through external use—sharing data, or insights generated from data, with third parties for economic benefit or partnering with third parties to combine data and create new data-driven products.
Internal and external initiatives to monetize data raise at least three key issues. For technology-savvy lawyers, these issues are opportunities to help clients manage risks and realize value of the transactions.
Loss of Data Provenance
Data-driven products typically require accessible and structured data. Yet existing data is often unstructured and siloed in disparate systems or by various departments or business functions. Data scientists use data lakes to bridge this gap and consolidate existing data into a searchable pool, creating a single source of truth. Unfortunately, this approach may lead to loss of data provenance, or history about the origin of the data. Without adequate data provenance, it becomes difficult and therefore costly to assess the rights and restrictions associated with data stored in the data lake, to determine what commitments may be made with respect to such data, and to achieve compliance in the case of resulting data-driven products.
As an alternative, it may be strategically beneficial to create several smaller inter-connected data lakes, or at least impose tight access controls on the main data lake, with data provenance maintained for all ingested data. This approach helps ensure that data is used in a manner consistent with the applicable license restrictions, therefore reducing the risk of breach or infringement claims. Even then, the further afield from the original licensed use that the data goes, the harder it may be to comply, or assess compliance, with licensing restrictions. A lawyer can play a key role in the implementation stages to ensure the business is forward looking about maintaining data provenance.
Security, Privacy and Other Regulatory Risks
Partnership with a third party for the sharing and use of data comes with traditional contracting issues and risks, such as those relating to representations and warranties, compliance commitments, risk allocation provisions, and termination rights. But data-driven partnerships may change the balance of considerations in these known risk areas. For example, transferring data from an internal database to a third-party data lake may result in new cross-border transfers, potentially triggering data localization and export control restrictions.
Companies evaluating and implementing data monetization initiatives will also need to stay abreast of the rapidly evolving regulatory landscape regarding data and data use. New uses of data may subject the company to new regulatory frameworks, and existing uses may later become prohibited under law. As a data monetization initiative advances, it becomes harder (for operational, legal, strategic, and often optics-related reasons) to make changes to the approach, so lawyers should proactively review and assess foreseeable use cases and consider the necessary licenses, consents, and relevant regulatory issues for both present and future uses.
Data is a valuable asset that often provides a competitive advantage. However, U.S. intellectual property laws were not designed to protect data and, therefore, are either difficult to apply or offer relatively weak protection, if any. As such, in addition to relying on applicable intellectual property laws (which may evolve over time), companies seeking to protect “ownership” rights in data should do so by contract when sharing data with third parties. This means scoping licenses narrowly and defining the field of permitted use carefully when transferring data to third parties. Counterparties will want to have broad rights to use such data, or insights derived from such data, whether to improve their own products and services or for other business purposes. When negotiating such rights, the licensor should take into account the strategic objectives and priorities for the particular data involved and the nature of the third-party relationship.
In addition, while some agreements clearly cover the licensing and use of data and, as a result, generally receive an appropriate level of scrutiny regarding these issues, many joint venture, strategic alliance, collaboration, service provider and other third-party agreements operationally involve the sharing of data, even though such sharing is not addressed or made sufficiently clear in the agreement. Sharing of data pursuant to the agreements without appropriate protections can result in a loss of ownership and control over the resulting use of such data. Technology lawyers should consider the data implications of each such third-party agreement.
Companies are growing increasingly adept at ingesting, analyzing and monetizing data collected from a wide variety of internal and external sources. In doing so, it is important that they involve legal support early and often to ensure that they are not only addressing the legal and regulatory risks associated with data monetization but also protecting and preserving value and competitive advantage as they partner with others in the data ecosystem.
Marina Aronchik is a partner in Mayer Brown’s Chicago office, where she is a member of the Technology Transactions practice and the U.S. leader of Mayer Brown’s Global Chemical Industry Group. Marina advises leading companies on critical technology and sourcing agreements.
Rohith George is a partner in the Technology Transactions practice in Mayer Brown’s Palo Alto and San Francisco offices. Rohith is also a member of the firm’s Fintech and Insurtech practices.
Adam Cusick is an associate in Mayer Brown’s Palo Alto office.
“Reprinted with permission from the February 2, 2022 edition of Legaltech News © 2022 ALM Properties, Inc. All rights reserved. Further duplication without permission is prohibited.”
To read this complete article visit Law.com.