Who Owns The Data From The IoT?

Uploaded on 2017-02-15 in NEWS-Cybersecurity News, FREE TO VIEW

With the internet of things becoming critical to many industries and consumers, questions surrounding data ownership are coming with increasing frequency. The answers aren't obvious.

Many organisations are beginning to convey their IoT data to third parties. Often this is motivated by a desire to monetise the data, sometimes for regulatory reporting reasons. These initiatives are bringing the issues of data ownership and licensing to the fore. Interestingly, there is no set schema for determining how ownership is assigned, much less how IoT data can be licensed properly. Here's an overview.

Data Ownership in the Western World

In essence, the owner of machine-generated data (MGD), which covers virtually all of the IoT, is the entity who holds title to the device that recorded the data. In other words, the entity that owns the IoT device also owns the data produced by that device.

However, it's not always clear that whomever has possession of the device and/or its output data actually "owns" it. When real-world constructs such as lease holdings come into play, it indeed gets complex and even murky.

Clinically speaking, data is owned by the titleholder. In this regard, data title is like a deed to real property. MGD may also contain metadata, which is akin to mineral and water rights.

Further, data may be owned by one party and controlled by another. Possession of data does not necessarily equate to title. Possession is control. Title is ownership. Referred to as usage rights, each time data sets are copied, recopied and transmitted, control of the data follows it. Conversely, transfer of ownership requires a legal mechanism to convey title.  

Legal Issues

It turns out that data by itself is not protectable under the American intellectual property regime; however, data title rights are similar to the rights afforded by a copyright.

Data title includes a bundle of usage rights that allow the titleholder to copy, distribute and create derivative works. Data within a database is like the words and images that compose a copyrighted book. The usage rights and title to the book are separable. The author of the novel retains title to the words and pictures that comprise the novel.

The author also owns the ability to authorise a publisher to publish books and distribute them. However, he or she does not control each reader's usage rights of the content once they are accessed by readers.

Similarly, an entity that holds title to data or a database holds the associated data ownership rights. If the data set is copied and transmitted elsewhere, the author relinquishes the usage rights.

The parties to a data transfer contract matter

There are two major classes of parties in this space. The first category includes corporations, data brokers and marketplaces, which exchange data among themselves. This is not typically exposed to tight government regulation.

The second category is composed of consumers who submit data to a vendor in exchange for a product or service. Agreements in the consumer space may be subject to government oversight. The result is that certain industries such as healthcare must comply with a network of statutes and agency rules.

On the other end of the spectrum is the give-and-take approach. Under this approach, the vendor may collect in-depth data from a sensor platform to optimize the user's experience. Here, the contract allows all data to be exchanged in return for incentives such as a curated service or discount. This approach conveys all data usage rights and data title once the end user opts in.

How data rights are being handled in agriculture

The US agriculture industry has embraced the use of sensors and machine-generated data to maximise production, and is also sophisticated in the way it handles data ownership interests.

The bottom line is that the farmer owns the data produced by his or her sensor platforms. Nevertheless, farm equipment manufacturers have developed a system of agreements with a high level of transparency to enable agricultural MGD to flow freely.

The complex world of vehicle-generated Data      

Automobiles are increasingly equipped with connected technologies and sensors that will create an unprecedented explosion in car-generated data. Stakeholders across several sectors from insurance to telecommunications, high tech and beyond, are poised to integrate these new data streams into their business models.

A unique feature of the automotive data market is the importance of consumer trust and sentiment. Consumers perceive all the data flowing from their car to be theirs. The effect is a strong expectation of receiving something in return.

In response to data-conscious users, automobile manufacturers craft their data exchange provisions that use a give-and-take approach. Similar to agribusiness data exchanges, there is an underlying presumption that the MGD captured after a purchase is owned by the entity who bought the car.

Regulators and industry groups agree that the car owner also owns the MGD. Like an insurance policy, the MGD ownership interests follow the car. This means that non-personal machine-generated data is treated differently from personal data, which follow the automobile's occupants.

Energy and the IoT

Consumer smart-grid device deployment is rising. However, there is a cultural barrier to complete data exchange integration. This is because smart grid devices are connected to the home, and users may be hesitant to attach a device that may provide insight into their energy habits and, by way of inference, their lifestyles. It is no accident that firms have implemented data collection practices that take a tiered approach to obtaining a license to data usage rights and then title to end user MGD. As IoT adoption grows, schemas and policies governing data ownership rights and conveyance may become standardised.

No Universal Answer

As evidenced by the preceding, IoT data ownership is a complex issue. As a rule of thumb, whomever holds title to the data producing platform, likely owns the data. 

Different industries and companies take different approaches to regulating the transfer of data control and title. The common denominator is well-crafted contractual language that both protects consumer interests and feeds a growing data ecosystem.

Computerworld:    

The Internet of Things Must Not Be Allowed To Turn Into The Internet of Trouble:

EU General Data Protection: A Milestone Of The Digital Age:

 

 

« Fallout In Russia : One Suspicious Death & Three Cyber Spies Arrested
Fake Microsoft Phishing Scam »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Vertical Structure

Vertical Structure

Vertical Structure services include Security & Penetration Testing, Information Assurance, Bespoke Training Programs and Secure Hosting.

GreyCortex

GreyCortex

GreyCortex uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

Balbix

Balbix

Balbix BreachControl™ is the industry’s first system to leverage specialized AI to provide comprehensive and continuous predictive assessment of breach risk.

AimBrain

AimBrain

AimBrain tools detect and prevent fraud, faster and more accurately than ever before.

Syskode Technologies

Syskode Technologies

Sykode Technologies is a next-generation global technology company offering an integrated portfolio of advisory services, products and solutions in areas including AI, IoT and Cyber Security.

Crypto4A Technologies

Crypto4A Technologies

Crypto4A quantum-ready cybersecurity solutions significantly improve protection for Cloud, loT, Blockchain, V2X, government and military application deployments.

ReconaSense

ReconaSense

ReconaSense helps protect people, assets, buildings and cities with its next-gen access control and converged physical security intelligence platform.

Area 1 Security

Area 1 Security

Area 1 is the only Pay-per-Phish solution in cyber security. And the only technology that blocks phishing attacks before they damage your business.

DataExpert Singapore

DataExpert Singapore

DataExpert Singapore provide solutions and services in the areas of Digital Forensics, Data Recovery, Data Duplication, Data Degaussing & Wiping, Data Destruction, and IT Disposal.

Armo

Armo

Armo technology enhances any Kubernetes deployment with security, visibility, and control from the CI/CD pipeline through production.

AVEVA

AVEVA

AVEVA has a long history in providing Supervisory Control and Data Acquisition software for meeting complex and evolving automation requirements.

Intelequia

Intelequia

Intelequia SOC is the Security Operations Center your company needs. 24x7 monitoring, protection and automated response to cyber threats.

Redington

Redington

Redington offer products and services in solution areas including digital transformation, hybrid infrastructure and cybersecurity.

Catalyst Campus For Technology & Innovation

Catalyst Campus For Technology & Innovation

Catalyst Campus is a collaborative ecosystem to create community, spark innovation and stimulate business growth.

ITButler e-Services

ITButler e-Services

At IT Butler, our mission is crystal clear: we are dedicated to providing top-tier cybersecurity solutions and best-practice methodologies to secure and enhance your digital infrastructure’s resilienc

Cyro Cyber

Cyro Cyber

Cyro Cyber is a collective of some of the UK’s most experienced and savvy cybersecurity, information assurance, data protection, IT governance and compliance experts.