IoT Data: Get the Right Rights

Buzz words change to reflect the technology du jour, but in the world of data-intensive technologies, the single element that all have in common is that they require sufficient rights to large, high-quality data sets to maximize their value.

Companies at all stages of maturity and across industries are beginning to grapple with this issue. To release the full potential of many of the latest technology developments, the data is key. The power of artificial intelligence (AI) will only be realized when reliable and accurate data sets of enough depth are available. Data sources are essential in the development of fraud detection, user authentication, and credit authorization in the financial services industry. Development of certain blockchain and Internet of Things (IoT) applications also rely heavily on access to accurate and reliable data. Visual search technologies as well as image and speech recognition technologies that augment products and services -- from autonomous vehicles to medical diagnostics and industrial application -- also require access and use of vast amounts of data.

When evaluating the next big data-centric technology trend, what will differentiate the big wins from satisfactory technology procurement and investment will often be rights to reliable, accurate and well-curated data sets. Accordingly, companies leveraging data through technology will benefit from taking the time to assess the sufficiency of their rights to the data they collect, use and share with others.

Dig Deeper

Privacy notices, policies and consents can be helpful to ensure proper transparency and secure consent from individuals. However, they alone are not enough, as they often do not secure all the required rights to data that a company may need to pursue its business objectives.  Also, they do not grant rights, and the individual whose consent is obtained may not be the only person or entity controlling rights to the relevant data.

Contractual restrictions, for example, may limit how a company can use and otherwise process data. Supply terms for tangible products may restrict collection, use and sharing of data (and sometimes even allocate ownership of data back to the product manufacturer). Contract terms also often apply to data collected through interfaces between software applications (referred to as application programming interfaces or APIs). APIs provide how data flows into AI applications. Terms of use for online and cloud services, including blockchain applications, also often constrain data rights. Notably, these terms can often be changed by the companies exposing the interfaces, or providing these solutions, websites and services, which makes planning difficult.

But even in the absence of any contractual terms, data processing activities may be restricted. Equipment owners may generate data in the use of their equipment that manufacturers wish to use, but that data may also relate to proprietary aspects of the equipment owner’s business that the equipment owner asserts belongs to it. On the flip side, if data is being collected through proprietary ports installed on equipment by the manufacturer, the manufacturer may view this data as its proprietary information and not available for others to collect, use and share unless authorized by them.

Determining who controls the rights often depends on a variety of fact-specific issues, such as the nature of the data, as well as where, how and from whom data is collected. The laws and regulations that apply may differ based on these factors. Companies need to ensure they have adequate rights to the data they process and can demonstrate to others that these rights exist and will endure.

Ethical Standards

While companies may not legally be required to comply with ethical standards, many are evaluating which ethical standards to adhere to as a matter of good business practice. Certain applications of AI, for example, might be perfectly legal but conflict with a company’s ethos or culture. They also might raise concerns from employees and shareholders. Ethical standards can help guide corporate decision-making when it comes to selecting which AI solutions to pursue and how to design them. Some companies are establishing corporate AI policies to guide these decisions.

As a result, executives are now beginning to appreciate how important non-legal ethical standards are to guiding their decisions about which data-centric applications and use cases to pursue. These ethical standards may bolster a company’s ability to protect its culture, build its brand, recruit talent, and align a company’s activities with its ethos.

While leveraging data requires some up-front effort to ensure adequate data rights and ethical use, the rewards can be substantial. Traditional non-technology businesses are identifying new ways to monetize data, and in the process, also are attracting new customers and improving their traditional products and services. Investors are also drawn to the potential value of data assets. Whether you are an executive searching for how best to employ new innovations that leverage data through technology, or an investor evaluating their value, one thing is becoming increasingly clear: All of us must now follow the data.

Stephanie Sharron is a partner in Morrison & Foerster’s Technology Transactions Practice. She focuses on helping companies leverage data through technology.