Few days ago, a Bird&Bird team (Benoit Van Asbroeck, Julien Debussche, and Jasmien César) published a white paper about “Data Ownership” in the EU legal framework (available here).

The paper is issued within the Toreador Project (Trustworthy model-aware analytics data platform – a three-year big data research project funded by the EU Commission), and fits within the EU Commission’s strategy towards data.

The White Paper makes a thorough analysis of the EU acquis on data ownership. In sum, the paper affirms that:

1. no EU legislation directly regulating ownership in data exists;
2. a number of legislations provides other forms of protection to certain data. In particular the IP law area, namely: database rights; copyright; and trade secrets. However, none of these provides an adequate protection of ownership in data (e.g., sui generis right does not protect data as such; trade secrets require information to remain secret, etc.);
3. EU case-law does not acknowledge an ownership right in data, with minor exceptions at national level where Courts occasionally addressed the data ownership issue;
4. scholars are suggesting a new interpretation of current civil law provisions;
5. while the paper does not provide an extensive examine of data protection legislation, it suggests that personal data is not necessarily owned by individuals. Instead, an ownership right in personal data for data controllers can be recognised, although subject to the individuals’ control.

The paper concludes that the current legal framework does not sufficiently deal with all issues related to data. Indeed, the data ownership is complicated by the data value cycle which can involve numerous stakeholders (ISPs, IT providers, data providers such as marketplaces, data analytics service providers, data-driven services, etc.). Actors involved in the data value chain have no certainty as to the ownership of the data they process. Hence, the data ownership issue would require a new solution. The paper suggests creating a non-exclusive and flexible ownership right in datasets, with a data traceability obligation as a safeguard. 

Many points of this White Paper are in line with our view. In a paper presented in a conference about a holistic approach on personal data held by the Max Plank Institute in October 2016 (some slides are available here), I analysed the interface between IP rights (database sui generis right and trade secrets) and data protection rules. The latter in fact allow data controllers to exercise control over data, thus creating a semi ownership regime (though some scholars say it should be seen as a sort of licence on personal data granted by individuals). And I concluded that this interface produces an ownership regime on data, which can be strong although it cannot cover all situations. Residual areas are currently regulated by contract or by technology measures.

Property in data challenges civil law principles: information has public nature; property and IP rights are subject to the numerus clausus principle; and res incorporales are generally not included in property rights. Whether a new right on data should be created is debated (in a recent public consultation promoted by the EU Commission, here, the market answered “no”). We however agree that such possible new right should not be exclusive nor absolute. An exclusive right would risk blocking access to data. Access to data appears crucial in this data driven-economy. Big data requires data reuse, data enrichment, and access to multiple sources of raw information (in certain cases, we won’t be surprised to think about big data as essential facilities). At the current stage, it is impossible to predict where value will be created. Thus, a flexible approach to data is welcomed.

In this context, instead of a property rule, a liability rule appears more balanced. In other words, in certain cases the new right should entitle the data owner to receive payment for its data but would not allow him to exclude other from its access. This solution should be introduced for commercial uses of data only. Research uses should instead remain free, in line with the approach taken by the proposed Directive on copyright in the Digital Single Market (here).

Francesco Banterle