Who Owns The Data From The IoT?

Uploaded on 2017-02-15 in NEWS-Cybersecurity News, FREE TO VIEW

With the internet of things becoming critical to many industries and consumers, questions surrounding data ownership are coming with increasing frequency. The answers aren't obvious.

Many organisations are beginning to convey their IoT data to third parties. Often this is motivated by a desire to monetise the data, sometimes for regulatory reporting reasons. These initiatives are bringing the issues of data ownership and licensing to the fore. Interestingly, there is no set schema for determining how ownership is assigned, much less how IoT data can be licensed properly. Here's an overview.

Data Ownership in the Western World

In essence, the owner of machine-generated data (MGD), which covers virtually all of the IoT, is the entity who holds title to the device that recorded the data. In other words, the entity that owns the IoT device also owns the data produced by that device.

However, it's not always clear that whomever has possession of the device and/or its output data actually "owns" it. When real-world constructs such as lease holdings come into play, it indeed gets complex and even murky.

Clinically speaking, data is owned by the titleholder. In this regard, data title is like a deed to real property. MGD may also contain metadata, which is akin to mineral and water rights.

Further, data may be owned by one party and controlled by another. Possession of data does not necessarily equate to title. Possession is control. Title is ownership. Referred to as usage rights, each time data sets are copied, recopied and transmitted, control of the data follows it. Conversely, transfer of ownership requires a legal mechanism to convey title.  

Legal Issues

It turns out that data by itself is not protectable under the American intellectual property regime; however, data title rights are similar to the rights afforded by a copyright.

Data title includes a bundle of usage rights that allow the titleholder to copy, distribute and create derivative works. Data within a database is like the words and images that compose a copyrighted book. The usage rights and title to the book are separable. The author of the novel retains title to the words and pictures that comprise the novel.

The author also owns the ability to authorise a publisher to publish books and distribute them. However, he or she does not control each reader's usage rights of the content once they are accessed by readers.

Similarly, an entity that holds title to data or a database holds the associated data ownership rights. If the data set is copied and transmitted elsewhere, the author relinquishes the usage rights.

The parties to a data transfer contract matter

There are two major classes of parties in this space. The first category includes corporations, data brokers and marketplaces, which exchange data among themselves. This is not typically exposed to tight government regulation.

The second category is composed of consumers who submit data to a vendor in exchange for a product or service. Agreements in the consumer space may be subject to government oversight. The result is that certain industries such as healthcare must comply with a network of statutes and agency rules.

On the other end of the spectrum is the give-and-take approach. Under this approach, the vendor may collect in-depth data from a sensor platform to optimize the user's experience. Here, the contract allows all data to be exchanged in return for incentives such as a curated service or discount. This approach conveys all data usage rights and data title once the end user opts in.

How data rights are being handled in agriculture

The US agriculture industry has embraced the use of sensors and machine-generated data to maximise production, and is also sophisticated in the way it handles data ownership interests.

The bottom line is that the farmer owns the data produced by his or her sensor platforms. Nevertheless, farm equipment manufacturers have developed a system of agreements with a high level of transparency to enable agricultural MGD to flow freely.

The complex world of vehicle-generated Data      

Automobiles are increasingly equipped with connected technologies and sensors that will create an unprecedented explosion in car-generated data. Stakeholders across several sectors from insurance to telecommunications, high tech and beyond, are poised to integrate these new data streams into their business models.

A unique feature of the automotive data market is the importance of consumer trust and sentiment. Consumers perceive all the data flowing from their car to be theirs. The effect is a strong expectation of receiving something in return.

In response to data-conscious users, automobile manufacturers craft their data exchange provisions that use a give-and-take approach. Similar to agribusiness data exchanges, there is an underlying presumption that the MGD captured after a purchase is owned by the entity who bought the car.

Regulators and industry groups agree that the car owner also owns the MGD. Like an insurance policy, the MGD ownership interests follow the car. This means that non-personal machine-generated data is treated differently from personal data, which follow the automobile's occupants.

Energy and the IoT

Consumer smart-grid device deployment is rising. However, there is a cultural barrier to complete data exchange integration. This is because smart grid devices are connected to the home, and users may be hesitant to attach a device that may provide insight into their energy habits and, by way of inference, their lifestyles. It is no accident that firms have implemented data collection practices that take a tiered approach to obtaining a license to data usage rights and then title to end user MGD. As IoT adoption grows, schemas and policies governing data ownership rights and conveyance may become standardised.

No Universal Answer

As evidenced by the preceding, IoT data ownership is a complex issue. As a rule of thumb, whomever holds title to the data producing platform, likely owns the data. 

Different industries and companies take different approaches to regulating the transfer of data control and title. The common denominator is well-crafted contractual language that both protects consumer interests and feeds a growing data ecosystem.

Computerworld:    

The Internet of Things Must Not Be Allowed To Turn Into The Internet of Trouble:

EU General Data Protection: A Milestone Of The Digital Age:

 

 

« Fallout In Russia : One Suspicious Death & Three Cyber Spies Arrested
Fake Microsoft Phishing Scam »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Paraben

Paraben

Paraben provides digital forensics solutions for mobile devices, smartphones, email, hard drives, and gaming system.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

My Data Recovery Lab

My Data Recovery Lab

We recover data from: HDDs, RAIDs, NAS, SSDs, USB Flash Devices, Desktop Computers, Mobile devices and other data storage media.

IGX Global

IGX Global

IGX Global is a provider of information network and security integration services and products.

SafeLogic

SafeLogic

SafeLogic provides strong encryption products for solutions in mobile, server, Cloud, appliance, wearable, and IoT environments that are pursuing compliance to strict regulatory requirements.

CyberSwarm

CyberSwarm

CyberSwarm is developing a neuromorphic System-on-a-Chip dedicated to cybersecurity which helps organizations secure communication between connected devices and protect critical business assets.

WiSecure Technologies

WiSecure Technologies

WiSecure Technologies aims to develop cryptographic products meeting requirements in the new economic era.

Trail of Bits

Trail of Bits

Trail of Bits combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

Fenix24

Fenix24

Fenix24 is an industry leader in the incident-response space. We ensure the fastest response, leading to the full restoration of critical infrastructure, data, and systems.

Quartz Network

Quartz Network

Quartz Network is a curated community for change-makers, up-and-comers, and professionals who are ready to grow, adapt, and thrive.

Cyber1

Cyber1

CYBER1 is a leader in cyber security advisory and solutions. We are uniquely placed to help customers achieve cyber resilience and thus, safeguard reputation and value.

Board of Cyber

Board of Cyber

Board of Cyber offers Security Rating: a fast, non-intrusive, continuous, 100% automated solution to evaluate the cyber performance of an organization.

SydeLabs

SydeLabs

At SydeLabs, our mission is to ensure the comprehensive security of your AI systems.

OpenZiti

OpenZiti

OpenZiti is the world’s most used and widely integrated open source secure networking platform. OpenZiti provides both zero trust security and overlay networking as pure open source software.

Cynclair

Cynclair

Cybersecurity is a complex beast. And we're the beast-tamers. Our team thrives on deciphering the latest threats, building cutting-edge defenses, and making your digital world much safer.

CQURE

CQURE

CQURE is divided into four main cybersecurity excellence areas: CQURE Consulting, CQURE Academy, CQURE Knowledge Sharing and CQURE Cyber Lab.