Who Owns The Data From The IoT?

With the internet of things becoming critical to many industries and consumers, questions surrounding data ownership are coming with increasing frequency. The answers aren't obvious.

Many organisations are beginning to convey their IoT data to third parties. Often this is motivated by a desire to monetise the data, sometimes for regulatory reporting reasons. These initiatives are bringing the issues of data ownership and licensing to the fore. Interestingly, there is no set schema for determining how ownership is assigned, much less how IoT data can be licensed properly. Here's an overview.

Data Ownership in the Western World

In essence, the owner of machine-generated data (MGD), which covers virtually all of the IoT, is the entity who holds title to the device that recorded the data. In other words, the entity that owns the IoT device also owns the data produced by that device.

However, it's not always clear that whomever has possession of the device and/or its output data actually "owns" it. When real-world constructs such as lease holdings come into play, it indeed gets complex and even murky.

Clinically speaking, data is owned by the titleholder. In this regard, data title is like a deed to real property. MGD may also contain metadata, which is akin to mineral and water rights.

Further, data may be owned by one party and controlled by another. Possession of data does not necessarily equate to title. Possession is control. Title is ownership. Referred to as usage rights, each time data sets are copied, recopied and transmitted, control of the data follows it. Conversely, transfer of ownership requires a legal mechanism to convey title.  

Legal Issues

It turns out that data by itself is not protectable under the American intellectual property regime; however, data title rights are similar to the rights afforded by a copyright.

Data title includes a bundle of usage rights that allow the titleholder to copy, distribute and create derivative works. Data within a database is like the words and images that compose a copyrighted book. The usage rights and title to the book are separable. The author of the novel retains title to the words and pictures that comprise the novel.

The author also owns the ability to authorise a publisher to publish books and distribute them. However, he or she does not control each reader's usage rights of the content once they are accessed by readers.

Similarly, an entity that holds title to data or a database holds the associated data ownership rights. If the data set is copied and transmitted elsewhere, the author relinquishes the usage rights.

The parties to a data transfer contract matter

There are two major classes of parties in this space. The first category includes corporations, data brokers and marketplaces, which exchange data among themselves. This is not typically exposed to tight government regulation.

The second category is composed of consumers who submit data to a vendor in exchange for a product or service. Agreements in the consumer space may be subject to government oversight. The result is that certain industries such as healthcare must comply with a network of statutes and agency rules.

On the other end of the spectrum is the give-and-take approach. Under this approach, the vendor may collect in-depth data from a sensor platform to optimize the user's experience. Here, the contract allows all data to be exchanged in return for incentives such as a curated service or discount. This approach conveys all data usage rights and data title once the end user opts in.

How data rights are being handled in agriculture

The US agriculture industry has embraced the use of sensors and machine-generated data to maximise production, and is also sophisticated in the way it handles data ownership interests.

The bottom line is that the farmer owns the data produced by his or her sensor platforms. Nevertheless, farm equipment manufacturers have developed a system of agreements with a high level of transparency to enable agricultural MGD to flow freely.

The complex world of vehicle-generated Data      

Automobiles are increasingly equipped with connected technologies and sensors that will create an unprecedented explosion in car-generated data. Stakeholders across several sectors from insurance to telecommunications, high tech and beyond, are poised to integrate these new data streams into their business models.

A unique feature of the automotive data market is the importance of consumer trust and sentiment. Consumers perceive all the data flowing from their car to be theirs. The effect is a strong expectation of receiving something in return.

In response to data-conscious users, automobile manufacturers craft their data exchange provisions that use a give-and-take approach. Similar to agribusiness data exchanges, there is an underlying presumption that the MGD captured after a purchase is owned by the entity who bought the car.

Regulators and industry groups agree that the car owner also owns the MGD. Like an insurance policy, the MGD ownership interests follow the car. This means that non-personal machine-generated data is treated differently from personal data, which follow the automobile's occupants.

Energy and the IoT

Consumer smart-grid device deployment is rising. However, there is a cultural barrier to complete data exchange integration. This is because smart grid devices are connected to the home, and users may be hesitant to attach a device that may provide insight into their energy habits and, by way of inference, their lifestyles. It is no accident that firms have implemented data collection practices that take a tiered approach to obtaining a license to data usage rights and then title to end user MGD. As IoT adoption grows, schemas and policies governing data ownership rights and conveyance may become standardised.

No Universal Answer

As evidenced by the preceding, IoT data ownership is a complex issue. As a rule of thumb, whomever holds title to the data producing platform, likely owns the data. 

Different industries and companies take different approaches to regulating the transfer of data control and title. The common denominator is well-crafted contractual language that both protects consumer interests and feeds a growing data ecosystem.

Computerworld:    

The Internet of Things Must Not Be Allowed To Turn Into The Internet of Trouble:

EU General Data Protection: A Milestone Of The Digital Age:

 

 

« Fallout In Russia : One Suspicious Death & Three Cyber Spies Arrested
Fake Microsoft Phishing Scam »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clearpath Solutions Group

Clearpath Solutions Group

Clearpath Solutions Group expertise covers virtualization and data storage technologies, networking, security and cloud computing.

Cybercom Group

Cybercom Group

Cybercom offers strategic advice, testing & quality assurance, security solutions, system development, integration, management and operation services.

CS Group

CS Group

CS Group offers a complete range of security solutions from consultancy to security maintenance and from secure infrastructure design to security governance.

ComTrue Technologies

ComTrue Technologies

ComTrue Technologies provides artificial intelligence solutions and information security solutions.

Nexcom International

Nexcom International

Nexcom operates six global businesses - IoT Automation, Intelligent Digital Security, Internet of Things, Intelligent Platform & Services, Mobile Computing Solutions, Network & Communications.

Nubeva Technologies

Nubeva Technologies

Nubeva provide a breakthrough TLS Decrypt solution with Symmetric Key Intercept to gain the visibility needed to monitor and secure network traffic.

SecureTech360

SecureTech360

SecureTech360 is a cybersecurity and IT consulting firm whose principals have extensive experience in Cybersecurity and Information Technology.

NGN International

NGN International

NGN International is a full-fledged systems integrator and managed security services provider established in 2015 in Bahrain.

Battery Ventures

Battery Ventures

Battery partners with talented founders and teams building category-defining businesses at all stages of growth.

LaScala

LaScala

LaScala is an IT Managed Services provider delivering technical, security, and compliance solutions with dedication, compassion, and agility.

Blue Cloud Softech Solutions

Blue Cloud Softech Solutions

Blue Cloud Softech propels inspiring digital transformations. We provide AI products, cybersecurity, healthcare technology, and cloud solutions.

AKIPS

AKIPS

AKIPS develops the world's most scalable network and infrastructure monitoring software, delivered as a turn-key software appliance.

CrashPlan

CrashPlan

CrashPlan delivers secure, continuous endpoint backup and recovery for businesses of all sizes.

IntelliBridge

IntelliBridge

IntelliBridge supports our nation’s most critical missions by solving complex technology, intelligence, and mission support challenges.

CNNECT

CNNECT

CNNECT are specialists in cloud, collaboration and cybersecurity, constantly evolving the way in which we understand, advise and deploy these technologies

Cygence

Cygence

Cygence is a cyber security consultancy providing independent expertise and tailored security solutions.