Who Owns The Data From The IoT?

With the internet of things becoming critical to many industries and consumers, questions surrounding data ownership are coming with increasing frequency. The answers aren't obvious.

Many organisations are beginning to convey their IoT data to third parties. Often this is motivated by a desire to monetise the data, sometimes for regulatory reporting reasons. These initiatives are bringing the issues of data ownership and licensing to the fore. Interestingly, there is no set schema for determining how ownership is assigned, much less how IoT data can be licensed properly. Here's an overview.

Data Ownership in the Western World

In essence, the owner of machine-generated data (MGD), which covers virtually all of the IoT, is the entity who holds title to the device that recorded the data. In other words, the entity that owns the IoT device also owns the data produced by that device.

However, it's not always clear that whomever has possession of the device and/or its output data actually "owns" it. When real-world constructs such as lease holdings come into play, it indeed gets complex and even murky.

Clinically speaking, data is owned by the titleholder. In this regard, data title is like a deed to real property. MGD may also contain metadata, which is akin to mineral and water rights.

Further, data may be owned by one party and controlled by another. Possession of data does not necessarily equate to title. Possession is control. Title is ownership. Referred to as usage rights, each time data sets are copied, recopied and transmitted, control of the data follows it. Conversely, transfer of ownership requires a legal mechanism to convey title.  

Legal Issues

It turns out that data by itself is not protectable under the American intellectual property regime; however, data title rights are similar to the rights afforded by a copyright.

Data title includes a bundle of usage rights that allow the titleholder to copy, distribute and create derivative works. Data within a database is like the words and images that compose a copyrighted book. The usage rights and title to the book are separable. The author of the novel retains title to the words and pictures that comprise the novel.

The author also owns the ability to authorise a publisher to publish books and distribute them. However, he or she does not control each reader's usage rights of the content once they are accessed by readers.

Similarly, an entity that holds title to data or a database holds the associated data ownership rights. If the data set is copied and transmitted elsewhere, the author relinquishes the usage rights.

The parties to a data transfer contract matter

There are two major classes of parties in this space. The first category includes corporations, data brokers and marketplaces, which exchange data among themselves. This is not typically exposed to tight government regulation.

The second category is composed of consumers who submit data to a vendor in exchange for a product or service. Agreements in the consumer space may be subject to government oversight. The result is that certain industries such as healthcare must comply with a network of statutes and agency rules.

On the other end of the spectrum is the give-and-take approach. Under this approach, the vendor may collect in-depth data from a sensor platform to optimize the user's experience. Here, the contract allows all data to be exchanged in return for incentives such as a curated service or discount. This approach conveys all data usage rights and data title once the end user opts in.

How data rights are being handled in agriculture

The US agriculture industry has embraced the use of sensors and machine-generated data to maximise production, and is also sophisticated in the way it handles data ownership interests.

The bottom line is that the farmer owns the data produced by his or her sensor platforms. Nevertheless, farm equipment manufacturers have developed a system of agreements with a high level of transparency to enable agricultural MGD to flow freely.

The complex world of vehicle-generated Data      

Automobiles are increasingly equipped with connected technologies and sensors that will create an unprecedented explosion in car-generated data. Stakeholders across several sectors from insurance to telecommunications, high tech and beyond, are poised to integrate these new data streams into their business models.

A unique feature of the automotive data market is the importance of consumer trust and sentiment. Consumers perceive all the data flowing from their car to be theirs. The effect is a strong expectation of receiving something in return.

In response to data-conscious users, automobile manufacturers craft their data exchange provisions that use a give-and-take approach. Similar to agribusiness data exchanges, there is an underlying presumption that the MGD captured after a purchase is owned by the entity who bought the car.

Regulators and industry groups agree that the car owner also owns the MGD. Like an insurance policy, the MGD ownership interests follow the car. This means that non-personal machine-generated data is treated differently from personal data, which follow the automobile's occupants.

Energy and the IoT

Consumer smart-grid device deployment is rising. However, there is a cultural barrier to complete data exchange integration. This is because smart grid devices are connected to the home, and users may be hesitant to attach a device that may provide insight into their energy habits and, by way of inference, their lifestyles. It is no accident that firms have implemented data collection practices that take a tiered approach to obtaining a license to data usage rights and then title to end user MGD. As IoT adoption grows, schemas and policies governing data ownership rights and conveyance may become standardised.

No Universal Answer

As evidenced by the preceding, IoT data ownership is a complex issue. As a rule of thumb, whomever holds title to the data producing platform, likely owns the data. 

Different industries and companies take different approaches to regulating the transfer of data control and title. The common denominator is well-crafted contractual language that both protects consumer interests and feeds a growing data ecosystem.

Computerworld:    

The Internet of Things Must Not Be Allowed To Turn Into The Internet of Trouble:

EU General Data Protection: A Milestone Of The Digital Age:

 

 

« Fallout In Russia : One Suspicious Death & Three Cyber Spies Arrested
Fake Microsoft Phishing Scam »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

E-Tech

E-Tech

E-Tech has been providing system support and information technology consulting services including Internet and Network Security assessments.

Prolinx

Prolinx

Prolinx provide secure Data Centre hosting services and other fully managed security services for networks and information systems.

AVR International

AVR International

AVR educate, advise, analyse and provide professional, technical consultancy and support to ensure your business is safe, compliant and protected.

Brinqa

Brinqa

Brinqa is a leading provider of unified risk management and security analytics.to manage IT governance and technology risk.

Citicus

Citicus

Citicus provides world-class security, risk and compliance management software, plus supporting services.

Kobil Systems

Kobil Systems

Kobil is a pioneer in the fields of smart card, one-time password, authentication and cryptography.

ComCERT

ComCERT

ComCERT SA is an independent, private consulting company focusing in the assistance of its customers facing the dangers of cyber threats and security incidents.

Yaana Technologies

Yaana Technologies

Yaana is a leading provider of intelligent compliance solutions including lawful interception, data retention & disclosure, and advanced security analytics.

Tutamantic

Tutamantic

Tutamantic develops software that reduces security risks and weaknesses during the architectural and design stages.

Ntirety

Ntirety

Ntirety Managed Security Services offer enterprise businesses the advanced tools, processes, and support to ensure your infrastructure, networks, and mission-critical applications are secure.

Garner Products

Garner Products

Garner design, manufacture, and sell equipment that delivers complete, permanent, and verifiable data elimination.

Secure Technology Integration Group (STIGroup)

Secure Technology Integration Group (STIGroup)

Secure Technology Integration Group, Ltd. (STIGroup) is an innovative firm that provides CyberSecurity consulting, secure IT engineering, managed security services, and human capital solutions.

SyferLock Technology Corp.

SyferLock Technology Corp.

SyferLock is an innovative provider of next-generation authentication and security solutions.

Ministry of Information and Communications (MIC) - Vietnam

Ministry of Information and Communications (MIC) - Vietnam

The Ministry of Information & Communications of Vietnam is the policy making and regulatory body in the field of information technology and national information and and communication infrastructure.

Patriot Consulting Technology Group

Patriot Consulting Technology Group

Patriot Consulting's mission is to help our clients manage cybersecurity risk through secure deployments of Microsoft 365.

B2Bcert

B2Bcert

B2BCERT one of the top companies offering ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001, ISO 20000,CE Marking, HACCP, and other globally accepted standards and Management solutions.