Intellectual Property | Ownership, access and use of data
How should ownership and access to data be safeguarded?
In this newsletter, ‘data’ is used in a wide sense, comprising both technical and commercial data. Ownership to data can arise in different manners, depending on what type of data it is. If data qualifies as a trade secret, it will be protected against unlawful appropriation and exploitation. Data may be classified as a trade secret if it is secret, has commercial value because of the secrecy, and if the holder of the data has taken measures to keep the data secret. Trade secrets are protected by the new Act on the Protection of Trade Secrets, which entered into force on January 1, 2021, as implemented from the Trade Secret Directive. Read our newsletter about the Act on the Protection of Trade Secrets here.
Some data may not meet the threshold for being considered a trade secret, but it is nevertheless important to regulate access to and use of the data. Both trade secrets and other data can be protected by contract (within certain limits). In practice, this is often done in two equally important manners. The first is to restrict the access to the data, both internally within the organization of the owner of the data, and externally. The second is to regulate by contract which rights those who do gain access have to use the data, for instance by entering into a non-disclosure agreement or including confidentiality provisions as part of another contract. Such a contract can also provide a traceable procedure for data sharing, in order to clearly define what data is covered by the agreement. In principle, data can be protected by contractual arrangements, regardless of whether it meets the threshold for being protected as a trade secret by law. However, care should be taken to avoid agreements that may have an adverse effect on competition and thus potentially violate Norwegian and EU competition law. In any case, it is important to note that in order for data to enjoy protection as a trade secret, it is a requirement under the Act on the Protection of Trade Secrets that reasonable steps have been taken to keep the data secret. Thus, careful consideration of all agreements concerning disclosure of data is key in this regard, and an important element in any sound intellectual property strategy.
The above approach is intended for data whose value can be maintained while keeping the disclosure restricted. For certain types of data, the value is, however, linked to it being disclosed. Examples may include reports, graphics or database compilations intended for open publishing. The open sharing of data is becoming more and more common, and can be a good tool for facilitating creative uses of data. Nevertheless, the owner of the data may want to retain some control over its use. These types of data may be protected by copyright law or by database protection, but some types of data may not enjoy any specific protection by law, or the protection that the law provides may not be sufficient for a specific purpose of a business. Regulating terms and conditions for use can provide additional protection, and are especially well suited for disclosure online because access can be conditioned upon accepting the terms and conditions.
How to avoid being accused of infringing upon the rights of others?
What about data that belongs to others? A company that illegitimately accesses and uses data belonging to another, may risk infringing upon the rights of others. Since the value of data increases, it is also increasingly more important to take appropriate steps against such infringement and to reduce the risk of it happening.
To reduce the risk of infringing upon the rights of others, all companies should carefully consider when to receive confidential data belonging to others, and upon what terms. Both enforcing and defending oneself against a claim of illegitimate use of data may give rise to challenging evidentiary questions since data sharing often takes an organic form, and may not leave tangible traces. Therefore, when restricting access and use, by way of agreements, law, terms of use, or other means, it is important to be clear and establish good routines for data sharing.
The legal framework
The applicability of the legal framework to ownership of data raises several questions, some of which lack clear answers. Some examples include whether the owner of data that is not protected by trade secret law can only regulate access to said data, or if the owner can still assert the ownership once the data is accessed and stop others from using said data. Further, the extent to which, and when, the different protections may be combined, should also be clarified, especially as relates to databases and trade secrets. There is a need for updating and clarifying the legal framework applicable to ownership, use and access to data.
The EU Commission published a communication for an intellectual property action on 25 November 2020, to support the role of IP in furthering the EU’s economy and update the legal framework. One of the observations made is that too many businesses and researchers, especially small- and medium businesses, do not make full use of the opportunities offered by IP protection. The Commission further noted that the EU data economy is expected to almost triple in value between 2018 and 2025, and will then represent 5.8% of the EU GDP in 2025. One of the goals set out by the Commission is to develop a solid framework for businesses to create, access, share and use data, which balances both the sharing of data and the protection of legitimate interests.
We believe this is a welcome message. A clear legal framework is one of the important prerequisites for furthering sharing, creation and maintaining of such data, and the resulting value-creation. In the meantime, it is of central importance for businesses to establish appropriate procedures and sound contractual frameworks for securing their values.