"The most valuable commodity I know of is information." That line, spoken by Gordon Gekko in the 1987 film classic, "Wall Street," is even more relevant today when considering business opportunities created by the Internet of Things (“IoT”). While the legal and business considerations surrounding IoT have been largely focused on the data captured by connected devices as utilized within the context of these connected devices, there is another opportunity that cannot be ignored … that the data itself is an asset that can be exploited for a profit, separate and apart from the devices and processes from which it was generated.
Conditions are ripe for data monetization as a byproduct of IoT. Connected devices can generate massive volumes of data. Data transmission, processing and storage costs are decreasing. Data analysis skills are increasing, and robust analysis and visualization tools are available. As the volume and variety of data continues to rise due to IoT, so do the opportunities to find value in it. Businesses are becoming increasingly aware that they may possess a new form of asset from this under-utilized data. The challenge facing these businesses will be how to maximize the potential of this data, and how to get this data and/or products based on the data to market.
As a business considers data monetization strategies, a fundamental question will be, "Do we actually have rights to this data?" Data gathered through IoT sensors and systems can pass through many hands. For example, (i) an end-user creates the data; (ii) a sensor manufacturer’s hardware collects the data; (iii) a software company’s software processes the data; and (iv) a service provider’s service aggregates that data. All of them may want to claim some rights over the data. Further complicating things is that IoT data has two components — raw data collected from connected sensors and systems, and also data derived from this raw data through subsequent processing. Ideally, there will be agreements between and among the persons and entities involved in the creation and processing of IoT data that allocate the rights and obligations of each party with respect to the IoT data. However, it is distinctly possible that such agreements will not exist or will not adequately anticipate the rights allocation issues, which could result in post hoc negotiations concerning data that one party wants and another would like to keep to itself. Businesses participating in an IoT data stream are advised to review agreements with hardware, software and servicing vendors in order to confirm that data rights are allocated as anticipated. Otherwise, a business may discovered that it has paid for a product and/or service, and then must pay again to get access to its data.
Assuming that there are no data ownership questions, data assets may qualify for protection under traditional intellectual property theories of copyright and trade secret. However, in each case there are challenges that the data asset owner must consider.
A copyright provides its owner with a bundle of exclusive rights in an original work of authorship for the duration of the copyright. These exclusive rights include the right to: reproduce copies of the work; prepare derivative works based on the work; distribute copies of the work; and publicly perform and publicly display the work. The exclusive rights conveyed through a copyright may be licensed collectively or individually.
A limitation on copyright protection that is important to a data asset owner, is that a work qualifies for copyright protection only if it possesses a minimal amount of creative expression. Thus, a mere collection of facts in a database cannot be protected by copyright. A party’s act of collecting information and compiling it into a database does not, by itself, confer copyright protection on the database. However, where a compilation of data contains a sufficient amount of creativity in how the data is selected, coordinated and arranged, the compilation as a whole may be copyrightable.
Fortunately, the threshold level of creativity for copyright protection of a compilation of data is low. Many compilations will qualify for copyright protecting by virtue of the compiler’s choices in the selection, coordination and arrangement of data.
With respect to trade secret protection for data compilations, the most common definition of a "trade secret" arises under the Uniform Trade Secrets Act, which has been enacted in every state except for Massachusetts, New York and North Carolina. The Uniform Trade Secrets Act defines a "trade secret" to be:
• "information, including a formula, pattern, compilation, program, device, method, technique, or process, that:
• derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and
• is the subject of efforts that are reasonable under the circumstances to maintain its secrecy."
• In other words, under the Uniform Trade Secrets Act a "trade secret" is information that is valuable because of its secrecy, and is also protected by efforts to maintain that secrecy. Many data compilations meet these standards. However, in order to preserve trade secret protection, the data compilation owner must take care to maintain secrecy. For example, the data compilation owner should limit the disclosure of the data to only those employees, suppliers, customer, business partners and licensees that are bound by enforceable confidentiality and nondisclosure obligations, and that have agreed to limited use of the trade secret data.
A data asset owner interested in pursuing a data monetization strategy that involves sharing data in raw or compiled form with another party, must carefully consider the provisions of a data monetization license agreement in order to preserve the value of the data asset.
Of principal concern should be the provisions of the data monetization license agreement that define the scope of the license and restrictions on use of the data. The agreement must, as unambiguously as is possible, specify those uses of the licensor’s data that are permitted and then prohibit all other uses. The agreement also must specify whether the license granted is exclusive or nonexclusive, and whether sublicensing is permitted or not. The agreement must specify any territorial or industry-specific restrictions. Where the data is protected by trade secret, the agreement also must include provisions obligating the licensee to preserve confidentiality, and provisions mandating data security safeguards, including physical, technical and procedural safeguards as appropriate.
Because the subject matter of the license is data, it is foreseeable that new data may be derived from the licensed data through subsequent processing. The data monetization license agreement should allocate rights to this new data between the licensor and the licensee. Ordinarily, this new data would be the property of the licensee. However, the licensor may wish to impose restrictions on the exploitation of derived data in order to preserve the value of the original data set, or may desire to receive ownership of or a license to the derived data in order to enhance the value of the original data set.
Of course, the license agreement must specify the payments or other consideration that will flow to the licensor. In addition, it is normally appropriate to include audit rights that will enable the licensor to verify that the data has been used within the scope of the license and, where compensation to the licensee is variable or contingent on the licensee’s activities, to verify that the licensor has been compensated in full according to the terms of the data monetization license agreement.
Risk allocation provisions should be given due consideration. Appropriate representations and warranties should be included. Limitations on the types of damages that can be awarded in the event of a breach should be included, and also caps on a party’s overall liability can be important.
The duration of the data monetization license agreement should be set forth clearly, along with circumstances that would justify contract termination as a remedy for a breach or as a result of other circumstances. The consequences of termination, particularly with respect to the licensed data, should be clearly articulated.
Finally, limitations on assignment and transferability of the data monetization license agreement must be specified. For example, the licensor may not want the licensed data to end up in the hands of a competitor through an assignment of the license agreement.
Tom Walsh is a member of Ice Miller’s Intellectual Property Group, and the Internet of Things Industry Group. Read more about IoT in Ice Miller’s IoT Smart Connections guide.
This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader should consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.