octobre 06 2022
Navigating Issues in the Data Monetization Journey
Companies are growing increasingly adept at ingesting, analyzing and monetizing data collected from a wide variety of internal and external sources. In doing so, they should not only address the legal and regulatory risks associated with data monetization but also protect and preserve value and competitive advantage.
Whether it’s insurance companies pricing policies based on relevant data models or retailers optimizing inventory management based on sales data, companies across industries have historically gathered information and analyzed it to improve their business. Recently, there has been a dramatic rise in interest in finding ways to further monetize data and drive value for the business. Further, based on Reports Publisher’s newly published report, the data monetization market size is expected to grow from USD 2.9 billion to USD 7.3 billion by 2029, at a Compound Annual Growth Rate (CAGR) of 19.5%.
This trend appears to be driven primarily by four factors. First, the amount of data that is being collected has increased exponentially due, in large part, to the prevalence of smart and connected devices and equipment generating information. Second, companies are increasingly interconnected and, as a result, have access to not only the data they collect but the data that their new and existing business partners collect. Third, the tools that are available to aggregate and analyze data have improved substantially, including through artificial intelligence (AI) or other advanced analytics, and, importantly, have become more accessible. And fourth, companies are increasingly moving or generating data in the cloud, which makes it more suitable for data analytics at scale, including AI.
As a result, companies are increasingly interested in, and focused on, ways to monetize the abundance of data to which they have or can reasonably obtain access. Some companies are focused on monetization through internal use—using analytics to get a better understanding of their products and their customers and ultimately find ways to reduce costs or increase revenue. Other companies are focused on monetization through external use—sharing data, or insights generated from data, with third parties for economic benefit or partnering with third parties to combine data and create new data-driven products.
Internal and external initiatives to monetize data raise at least three key issues. For technology-savvy lawyers, these issues are opportunities to help clients manage risks and realize value of the transactions.
Loss of Data Provenance
Data-driven products typically require accessible and structured data. Yet existing data is often unstructured and siloed in disparate systems or by various departments or business functions. Data scientists use data lakes to bridge this gap and consolidate existing data into a searchable pool, creating a single source of truth. Unfortunately, this approach may lead to loss of data provenance, or history about the origin of the data. Without adequate data provenance, it becomes difficult and therefore costly to assess the rights and restrictions associated with data stored in the data lake, to determine what commitments may be made with respect to such data, and to achieve compliance in the case of resulting data-driven products. For example, a company may not own all of the data that is made accessible to a third party IT provider for storage, hosting or for enriching such data. In the company’s agreement with such third party IT provider, the third party IT provider may seek to obtain ownership rights to any outputs it is creating using the data or the way it is repackaging the data in a bigger product. Such ownership provisions may expose the company to breaching the company’s licensing terms with the licensor of the data.
As an alternative, it may be strategically beneficial to create several smaller inter-connected data lakes, or at least impose tight access controls on the main data lake, with data provenance maintained for all ingested data. This approach helps ensure that data is used in a manner consistent with the applicable license restrictions, therefore reducing the risk of breach or infringement claims. Even then, the further afield from the original licensed use that the data goes, the harder it may be to comply, or assess compliance, with licensing restrictions.
Another approach that is becoming more common and may mitigate the risk of loss of data provenance is to replace data lakes with the implementation of a “data fabric,” in part through use of AI. Under this approach, rather than moving data into a single repository, companies stich together various existing environments (including cloud environments) and incorporate technology that addresses the risk of loss provenance through data governance, security and integration tools.
A lawyer can play a key role in the implementation stages to ensure the business is forward looking about maintaining data provenance.
Security, Privacy and Other Regulatory Risks
Partnership with a third party for the sharing and use of data comes with traditional contracting issues and risks, such as those relating to representations and warranties, compliance commitments, risk allocation provisions, and termination rights. But data-driven partnerships may change the balance of considerations in these known risk areas. For example, transferring data from an internal database to a third-party data lake may result in new cross-border transfers, potentially triggering data localization and export control restrictions.
Companies evaluating and implementing data monetization initiatives will also need to stay abreast of the rapidly evolving regulatory landscape regarding data and data use. New uses of data may subject the company to new regulatory frameworks, and existing uses may later become prohibited under law. As a data monetization initiative advances, it becomes harder (for operational, legal, strategic, and often optics-related reasons) to make changes to the approach, so lawyers should proactively review and assess foreseeable use cases and consider the necessary licenses, consents, and relevant regulatory issues for both present and future uses.
Value Leakage
Data is a valuable asset that often provides a competitive advantage. However, U.S. intellectual property laws were not designed to protect data and, therefore, are either difficult to apply or offer relatively weak protection, if any. As such, in addition to relying on applicable intellectual property laws (which may evolve over time), companies seeking to protect “ownership” rights in data should do so by contract when sharing data with third parties. This means scoping licenses narrowly and defining the field of permitted use carefully when transferring data to third parties. Counterparties will want to have broad rights to use such data, or insights derived from such data, whether to improve their own products and services or for other business purposes. For example, companies may enter into agreements with cloud service providers or other IT providers for such providers to simply store the companies’ data. However, often these arrangements with such providers are good examples of the risk of value leakage because those type of agreements often include provisions that attempt to give rights to the providers to use the companies’ data or the way in which the data interacts with the providers’ service for the providers’ own purposes. For example, such contracts may include provisions such as “we may use the data that you provide to improve our products” or “the data that licensor provide us with will only be provided to provide licensor with support including purposes compatible with providing that support such as improvements to support or to the underlying services that licensor is obtaining.” While these provisions may seem innocuous, providers may interpret them broadly, including to allow providers to use the data to create new products from the data or the way in which the data interacts with their services (including competing new products). When negotiating such rights, the licensor should take into account the strategic objectives and priorities for the particular data involved and the nature of the third-party relationship.
In addition, while some agreements clearly cover the licensing and use of data and, as a result, generally receive an appropriate level of scrutiny regarding these issues, many joint venture, strategic alliance, collaboration, service provider and other third-party agreements operationally involve the sharing of data, even though such sharing is not addressed or made sufficiently clear in the agreement. Sharing of data pursuant to the agreements without appropriate protections can result in a loss of ownership and control over the resulting use of such data. Technology lawyers should consider the data implications of each such third-party agreement.
Conclusion
Companies are growing increasingly adept at ingesting, analyzing and monetizing data collected from a wide variety of internal and external sources. In doing so, it is important that they involve legal support early and often to ensure that they are not only addressing the legal and regulatory risks associated with data monetization but also protecting and preserving value and competitive advantage as they partner with others in the data ecosystem.
Reprinted with permission from the February 2, 2022 edition of the “Legaltech News”© 2022 ALM Global Properties, LLC. All rights reserved. Further duplication without permission is prohibited, contact 877-256-2472 or reprints@alm.com.
Whether it’s insurance companies pricing policies based on relevant data models or retailers optimizing inventory management based on sales data, companies across industries have historically gathered information and analyzed it to improve their business. Recently, there has been a dramatic rise in interest in finding ways to further monetize data and drive value for the business. Further, based on Reports Publisher’s newly published report, the data monetization market size is expected to grow from USD 2.9 billion to USD 7.3 billion by 2029, at a Compound Annual Growth Rate (CAGR) of 19.5%.
This trend appears to be driven primarily by four factors. First, the amount of data that is being collected has increased exponentially due, in large part, to the prevalence of smart and connected devices and equipment generating information. Second, companies are increasingly interconnected and, as a result, have access to not only the data they collect but the data that their new and existing business partners collect. Third, the tools that are available to aggregate and analyze data have improved substantially, including through artificial intelligence (AI) or other advanced analytics, and, importantly, have become more accessible. And fourth, companies are increasingly moving or generating data in the cloud, which makes it more suitable for data analytics at scale, including AI.
As a result, companies are increasingly interested in, and focused on, ways to monetize the abundance of data to which they have or can reasonably obtain access. Some companies are focused on monetization through internal use—using analytics to get a better understanding of their products and their customers and ultimately find ways to reduce costs or increase revenue. Other companies are focused on monetization through external use—sharing data, or insights generated from data, with third parties for economic benefit or partnering with third parties to combine data and create new data-driven products.
Internal and external initiatives to monetize data raise at least three key issues. For technology-savvy lawyers, these issues are opportunities to help clients manage risks and realize value of the transactions.
Loss of Data Provenance
Data-driven products typically require accessible and structured data. Yet existing data is often unstructured and siloed in disparate systems or by various departments or business functions. Data scientists use data lakes to bridge this gap and consolidate existing data into a searchable pool, creating a single source of truth. Unfortunately, this approach may lead to loss of data provenance, or history about the origin of the data. Without adequate data provenance, it becomes difficult and therefore costly to assess the rights and restrictions associated with data stored in the data lake, to determine what commitments may be made with respect to such data, and to achieve compliance in the case of resulting data-driven products. For example, a company may not own all of the data that is made accessible to a third party IT provider for storage, hosting or for enriching such data. In the company’s agreement with such third party IT provider, the third party IT provider may seek to obtain ownership rights to any outputs it is creating using the data or the way it is repackaging the data in a bigger product. Such ownership provisions may expose the company to breaching the company’s licensing terms with the licensor of the data.
As an alternative, it may be strategically beneficial to create several smaller inter-connected data lakes, or at least impose tight access controls on the main data lake, with data provenance maintained for all ingested data. This approach helps ensure that data is used in a manner consistent with the applicable license restrictions, therefore reducing the risk of breach or infringement claims. Even then, the further afield from the original licensed use that the data goes, the harder it may be to comply, or assess compliance, with licensing restrictions.
Another approach that is becoming more common and may mitigate the risk of loss of data provenance is to replace data lakes with the implementation of a “data fabric,” in part through use of AI. Under this approach, rather than moving data into a single repository, companies stich together various existing environments (including cloud environments) and incorporate technology that addresses the risk of loss provenance through data governance, security and integration tools.
A lawyer can play a key role in the implementation stages to ensure the business is forward looking about maintaining data provenance.
Security, Privacy and Other Regulatory Risks
Partnership with a third party for the sharing and use of data comes with traditional contracting issues and risks, such as those relating to representations and warranties, compliance commitments, risk allocation provisions, and termination rights. But data-driven partnerships may change the balance of considerations in these known risk areas. For example, transferring data from an internal database to a third-party data lake may result in new cross-border transfers, potentially triggering data localization and export control restrictions.
Companies evaluating and implementing data monetization initiatives will also need to stay abreast of the rapidly evolving regulatory landscape regarding data and data use. New uses of data may subject the company to new regulatory frameworks, and existing uses may later become prohibited under law. As a data monetization initiative advances, it becomes harder (for operational, legal, strategic, and often optics-related reasons) to make changes to the approach, so lawyers should proactively review and assess foreseeable use cases and consider the necessary licenses, consents, and relevant regulatory issues for both present and future uses.
Value Leakage
Data is a valuable asset that often provides a competitive advantage. However, U.S. intellectual property laws were not designed to protect data and, therefore, are either difficult to apply or offer relatively weak protection, if any. As such, in addition to relying on applicable intellectual property laws (which may evolve over time), companies seeking to protect “ownership” rights in data should do so by contract when sharing data with third parties. This means scoping licenses narrowly and defining the field of permitted use carefully when transferring data to third parties. Counterparties will want to have broad rights to use such data, or insights derived from such data, whether to improve their own products and services or for other business purposes. For example, companies may enter into agreements with cloud service providers or other IT providers for such providers to simply store the companies’ data. However, often these arrangements with such providers are good examples of the risk of value leakage because those type of agreements often include provisions that attempt to give rights to the providers to use the companies’ data or the way in which the data interacts with the providers’ service for the providers’ own purposes. For example, such contracts may include provisions such as “we may use the data that you provide to improve our products” or “the data that licensor provide us with will only be provided to provide licensor with support including purposes compatible with providing that support such as improvements to support or to the underlying services that licensor is obtaining.” While these provisions may seem innocuous, providers may interpret them broadly, including to allow providers to use the data to create new products from the data or the way in which the data interacts with their services (including competing new products). When negotiating such rights, the licensor should take into account the strategic objectives and priorities for the particular data involved and the nature of the third-party relationship.
In addition, while some agreements clearly cover the licensing and use of data and, as a result, generally receive an appropriate level of scrutiny regarding these issues, many joint venture, strategic alliance, collaboration, service provider and other third-party agreements operationally involve the sharing of data, even though such sharing is not addressed or made sufficiently clear in the agreement. Sharing of data pursuant to the agreements without appropriate protections can result in a loss of ownership and control over the resulting use of such data. Technology lawyers should consider the data implications of each such third-party agreement.
Conclusion
Companies are growing increasingly adept at ingesting, analyzing and monetizing data collected from a wide variety of internal and external sources. In doing so, it is important that they involve legal support early and often to ensure that they are not only addressing the legal and regulatory risks associated with data monetization but also protecting and preserving value and competitive advantage as they partner with others in the data ecosystem.
Reprinted with permission from the February 2, 2022 edition of the “Legaltech News”© 2022 ALM Global Properties, LLC. All rights reserved. Further duplication without permission is prohibited, contact 877-256-2472 or reprints@alm.com.