Data law and the ‘data-centric world’

This is Kemp Little’s first contribution to In-House Lawyer, and the firm is delighted to be involved in the IT, telecommunications and outsourcing area. The first topic, which the firm anticipates returning to in further editions this year, is data law and the ‘data-centric world’.

DATA-CENTRIC WORLD

As computer systems and, increasingly with the rise of internet-enabled delivery mechanisms, software becomes more fungible and commoditised, data itself becomes more critical as a corporate asset. Put another way, it is not just the pipes that are important, but what flows through them. Increasing platform standardisation, openness and connectivity all point up data’s growing importance for conferring differentiation and other competitive advantages – whether for the information’s timeliness, accuracy or comprehensiveness, or a combination of all three. The plumbing metaphor is also appropriate at another level: is data an asset, or is it a utility to be bought and sold like electricity?

In short, businesses are focusing on their, and others’, data as never before; and from a computing perspective, it really is appropriate to think in terms of the data-centric world. In turn, this prompts ideas about various legal areas where data is important, not just as disparate areas of black letter law but as a more cohesive, uniform whole.

Data is increasingly central to many business sectors:

  • The market data sector of the financial services industry is the poster child: the selling of trading and reference data about financial transactions and instruments was itself a $23bn business in 2009.
  • On 20 January 2011 Google, which states that its mission is to ‘organise the world’s information and make it universally accessible and useful’, reported 2010 fourth quarter revenues of $8.4bn, up 26% on the previous year.
  • Governments in general – and perhaps the UK government in particular – have huge databases of information about their citizens (tax, health, social security and criminal justice): for example, state-wide, aggregated, depersonalised data about clinical outcomes becomes of enormous value for healthcare providers. At a time of greater fiscal austerity, should governments be attempting to monetise their information, like their real estate?
  • The global air transport industry – a $600bn revenue sector supporting 30 million jobs – depends on data about air fares being made available to the widest global audience – whether through individual airlines’ websites or through aggregation and distribution directly, or indirectly through Global Distribution Systems (GDSs), to intermediaries like Expedia, the leading online service provider, and travel agents, and onwards to the individual or corporate passenger.1
  • Metadata – ‘data about data’ or ‘digital DNA’ – answers the questions ‘who, what, where, when’ about a document or resource. In the online world, it is most often included in web pages (as meta elements placed as tags in an HTML or XHTML document for example) to enable search engines to categorise them correctly. Metadata is therefore key to accessing and using internet resources.

LEGAL ASPECTS OF THE DATA-CENTRIC WORLD

It is probably no surprise that the law supports the right of those who generate data or information (and both terms are used here interchangeably) to sell it. The well-known British Horseracing Board (BHB) Ltd & ors v William Hill Organization Ltd [2005], which effectively eviscerated database rights as a major source of protection for real time data, spawned significant follow-on cases, in one of which, Attheraces Ltd & anor v The British Horseracing Board Ltd & anor Rev 2 [2007], it was argued that a data owner could not charge for data in the absence of intellectual property (IP) rights (paragraph 252).2 The judge, Etherton J, expressly rejected this, saying (at paragraph 285 of the judgment):

‘I agree with [the data supplier] that it is entitled, in principle, to impose a charge for use of its… data by, and for the benefit of, [users], whether or not [it] has IP rights in respect of the data, and, in particular, database rights under the Database Directive and the Databases Regulations or copyright, and irrespective of the extent of any such rights.

[The data supplier] has, in the data, a valuable commodity, for which it is entitled to charge. There is no authority to the contrary, including the BHB case.’

Instead, the debate is about what those rights are, how they arise, their extent and their limits, and what duties arise in relation to data and who they are owed to.

In the current economic climate, with its accent on controlling costs as much as growing revenues, the debate is becoming much sharper in the financial services and other sectors where data expenses represent a sizeable input. Data users are under market pressure to access the most valuable data as cheaply as possible, while data providers seek to maximise data revenues.

The combination of data’s increasing centrality with a tougher business environment is leading to growing pressures as data users and providers battle in the marketplace to command the best data at the best prices. Despite legal complexities, these pressures are leading to greater skirmishes, and are beginning to play themselves out in more direct and open legal confrontation.

DATA IN CONTEXT: SIX-LAYER STACK

As an analytical model to seek to unify this varied and complex legal subject, the box below adopts a six-layer stack to show data in its legal context.

  • At the bottom of the stack, the first two layers are the hardware and software elements of the computer platforms that process the data.
  • The third layer is often overlooked but nonetheless key: the system architecture – the structure, schemas, methods and strategies for the databases and data.
  • At the fourth layer, and central to the whole stack are the rights – IP and contractual – that arise in relation to data.
  • Above data, there is a layer called datasecurity and information management – where clients are currently being seen to be putting a lot of investment (on the buy-side) and sell-side sales effort.
  • At the top of the stack are the various kinds of regulation that may apply – for example, the general duties under privacy rules that apply to anyone processing personal data; the specific rules that regulators impose on particular sectors; and general competition law rules.

CURRENT LEGAL ISSUES

From the six-layer model, there are several legal issues that are currently being seen in practice, which unify around the data-centric world theme and which will be explored in future editions ofIHL:

  • Issue 1 – software as a service (SaaS)/cloud application services (cloud)The first issue is SaaS/cloud computing, an area where legal developments around data are at the centre.
  • Issue 2 – financial services and latency This will be looking specifically at the financial services sector to focus on data-related developments relating to latency – the constant quest for faster communications between two points that underlies the current frenzied innovations in algorithmic and high-frequency trading, direct market access and smart order routing.
  • Issue 3 – rights in dataIn some ways, the heart of data law is the IP and other rights that arise in relation to, and around, data – copyright, database right, confidentiality rights, patents, trade marks, and last but very much not least, contract rights. This area of law is rapidly developing at the moment and is a key area where market pressures are playing out.
  • Issue 4 – data security and managementChanging the view a little, data security and management aspects move increasingly up the corporate agenda, and future briefings will look at data through the security and management prism – the steps businesses should be taking from the legal point of view to ensure proper control of data generation, access and retention, and what to do in the case of data loss.
  • Issue 5 – regulation and competition lawFinally, representing the top layer of the model, the focus will be looking at the regulatory aspects of data:
    • privacy and data protection;
    • sector-specific regulation, for example in the financial services, aviation and healthcare sectors; and
    • competition law developments as competition law authorities increasingly get to grips with the exercise, or lack of, market power in fast-moving data businesses.

Notes

  1. Global Distribution Systems (GDSs) (also known as computer reservations systems) are large systems for storing and retrieving air fare data and processing transactions. The largest GDSs are Amadeus, Sabre Holdings, and (now under common ownership of Travelport) Galileo and Worldspan.
  2. For further reading, see ‘Database right and the ECJ Judgments in BHB v William Hill and the Fixtures Marketing Cases’, Kemp Little, March 2005 (http://www.kemplittle.com/html/stay-posted/events/corporate-counsel-forum/datalaw-1006.html), and ‘Database right after BHB v William Hill: enact and repent at leisure’, Kemp Little, July 2006 (http://www.kemplittle.com/PDFs/CCF_1006_DatabaseRight_DevelopmentsAfterBHBvWmHill%20_KL.pdf).