This is the first edition of the In-House Lawyer we have contributed to, and we are delighted to be involved in the IT, telecommunications & outsourcing area. Our first topic, which we anticipate returning to in further editions this year, is data law and the 'data centric world'.

The 'data-centric world'

As computer systems and, increasingly with the rise of Internet-enabled delivery mechanisms, software become more fungible and commoditised, data itself becomes more critical as a corporate asset. Put another way, it's not just the pipes that are important, but what flows through them. Increasing platform standardisation, openness and connectivity all point up data's growing importance for conferring differentiation and other competitive advantage – whether for the information's timeliness, accuracy, or comprehensiveness or a combination of all three. The plumbing metaphor is appropriate at another level also: is data an asset, or is it a utility to be bought and sold like electricity?

In short, businesses are focusing on their, and others', data as never before; and from a computing perspective, it really is appropriate to think in terms of the 'data-centric world'. In turn, this prompts starting to think about the various legal areas where data is important not just as disparate areas of black letter law but as a more cohesive, uniform whole.

Data is increasingly central to many business sectors:

  • the market data sector of the financial services industry is the poster child: the selling of trading and reference data about financial transactions and instruments was itself a $23bn business in 2009.
  • Google, which states that its mission is to 'organise the world's information and make it universally accessible and useful', on 20 January 2011 reported 2010 fourth quarter revenues of $8.4bn, up 26% on the previous year.
  • Governments in general – and perhaps the UK Government in particular – have huge databases of information about their citizens (tax, health, social security, criminal justice, etc.): for example, state-wide, aggregated, de-personalised data about clinical outcomes becomes of enormous value for healthcare providers. At a time of greater fiscal austerity, should governments be attempting to monetise their information, like their real estate?
  • the global air transport industry – a $600bn revenue sector supporting 30 million jobs - depends on data about air fares being made available to the widest worldwide audience – whether through individual airlines' websites or through aggregation and distribution directly, or indirectly through Global Distribution Systems (GDSs), to intermediaries like Expedia, the leading online service provider, and travel agents, and onwards to the individual or corporate passenger.
  • metadata - 'data about data' or 'digital DNA' - answers the questions 'who, what, where, when' etc. about a document or resource. In the Internet world, it is most often included in web pages (as meta elements placed as tags in an HTML or XHTML document for example) in order to enable search engines to categorise them correctly. So, metadata is key to accessing and using Internet resources.

Legal aspects of the 'data centric world'

It's probably no surprise that the law supports the right of those who generate data or information (and we use both terms here interchangeably) to sell it. The well-known BHB litigation which effectively eviscerated database right as a major source of protection for real time data spawned significant follow-on cases in one of which, Attheraces, it was argued that a data owner could not charge for data in the absence of IP rights. The judge, Etherton J, expressly rejected this saying (at paragraph 285 of the judgment):

'I agree with [the data supplier] that it is entitled, in principle, to impose a charge for use of its ... data by, and for the benefit of, [users], whether or not [it] has IP rights in respect of the data, and, in particular, database rights under the Databases Directive and the Databases Regulations or copyright, and irrespective of the extent of any such rights.

[The data supplier] has, in the data, a valuable commodity, for which it is entitled to charge. There is no authority to the contrary, including the [BHB] case'.

Rather, the debate is about what those rights are, how they arise, their extent and their limits; and what duties arise in relation to data and who they are owed to.

In today's economic climate, with its accent on controlling costs as much as growing revenues, the debate is becoming much sharper in the financial services and other sectors where data expenses represent a sizeable input: data users are under market pressure to access the most valuable data as cheaply as possible while data providers seek to maximise data revenues.

The combination of data's increasing centrality with a tougher business environment is leading to growing pressures as data users and providers battle in the market place to command the best data at the best prices. Despite legal complexities, these pressures are leading to greater skirmishing and beginning to play themselves out in more direct and open legal confrontation.

Data in context: the six layer stack

As an analytical model to seek to unify this varied and complex legal subject, we have adopted a six layer stack to show data in its legal context, as shown in the graphic below:

  • At the bottom of the stack, the first two layers are the hardware and software elements of the computer platforms that process the data;
  • The third layer is often overlooked but nonetheless key: the system architecture - the structure, schemas, methods and strategies for the databases and data;
  • At the fourth lawyer, and central to the whole stack are the rights – intellectual property and contractual – that arise in relation to data.
  • Above data, we have put a layer called data security and information management – where we are seeing clients putting a lot of investment (on the buy-side) and sell-side sales effort.
  • And at the top of the stack are the various kinds of regulation that may apply – for example, the general duties under privacy rules that apply to anyone processing personal data; the specific rules that regulators impose on particular sectors; and general competition law rules.

DATA IN CONTEXT – THE STACK OF RIGHTS: PLATFORMS, DATA, SECURITY AND REGULATION

Current legal issues

From the six layer model, we've drawn out a number of current legal issues that we're seeing in practice at the moment that unify around the 'data-centric world' theme and which we'll be exploring in future editions of the In-House Lawyer:

  • issue 1 - Saas/Cloud: the first issue is SaaS/cloud computing, an area where legal developments around data are at the centre;
  • issue 2 – financial services and latency: we'll be looking specifically at the financial services sector to focus on data related developments relating to latency – the constant quest for faster communications between two points that underlies the current frenzied innovations in algorithmic and high frequency trading, direct market access and smart order routing;
  • issue 3 – rights in data: in some ways, the heart of data law is the IP and other rights that arise in relation to, and around, data – copyright, database right, confidentiality rights, patents, trade marks, and last but very much not least, contract rights. This area of law is particularly rapidly developing at the moment and is a key area where market pressures are playing out;
  • issue 4 – data security and management: changing the view a little, data security and management aspects move increasingly up the corporate agenda, and we will look at data through the security/management prism – the steps businesses should be taking from the legal point of view to ensure proper control of data generation, access and retention, and what to do in the case of data loss; and
  • issue 5 – regulation and competition law: finally, representing the top layer of the model, we will be looking at the regulatory aspects of data:
    • privacy and data protection;
    • sector specific regulation, for example in the financial services, aviation and healthcare sectors; and
    • competition law developments as competition law authorities increasingly get to grips with the exercise, or lack of, market power in fast moving data businesses.

Footnotes

1. GDSs are global distribution systems (also known as CRSs, computer reservations systems), large systems for storing and retrieving air fare data and processing transactions. The largest GDSs are Amadeus, Sabre and (now under common ownership of Travelport) Galileo and Worldspan.

2. Case C-203/02, The British Horseracing Board Ltd and Others v The William Hill Organization Ltd; Case C-338/02, upheld by the UK CoA by judgment of 13 July 2005: see http://www.bailii.org/ew/cases/EWCA/Civ/2005/863.html. For further reading, see 'Database right and the ECJ Judgments in BHB v William Hill and the Fixtures Marketing Cases', Kemp Little, March 2005 (http://www.kemplittle.com/html/stay-posted/events/corporate-counsel-forum/datalaw-1006.html) and 'Database right after BHB c William Hill: enact and repent at leisure', Kemp Little, July 2006 (http://www.kemplittle.com/PDFs/CCF_1006_DatabaseRight_DevelopmentsAfterBHBvWmHill%20_KL.pdf ).

3. Attheraces v The British Horse Racing Board [2005] EWHC 3015 (Ch): see http://tinyurl.com/jkpd8. Attheraces won at first instance on the related competition law point about dominance and excessive pricing, but lost on this aspect in the CoA in February 2007: http://www.bailii.org/ew/cases/EWCA/Civ/2007/38.html#para252.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.