This is the final article in a four-part series by Mayer Brown on the latest trends in digital transformation. Read part one here, part two here and part three here.

Companies are growing increasingly adept at ingesting, analyzing and monetizing data collected from a wide variety of internal and external sources. In doing so, they should not only address the legal and regulatory risks associated with data monetization but also protect and preserve value and competitive advantage.

Whether it's insurance companies pricing policies based on relevant data models or retailers optimizing inventory management based on sales data, companies across industries have historically gathered information and analyzed it to improve their business. Recently, there has been a dramatic rise in interest in finding ways to further monetize data and drive value for the business.

This trend appears to be driven primarily by three factors. First, the amount of data that is being collected has increased exponentially due, in large part, to the prevalence of smart and connected devices and equipment generating information. Second, companies are increasingly interconnected and, as a result, have access to not only the data they collect but the data that their new and existing business partners collect. And third, the tools that are available to aggregate and analyze data have improved substantially, including through artificial intelligence or other advanced analytics, and, importantly, have become more accessible.

As a result, companies are increasingly interested in, and focused on, ways to monetize the abundance of data to which they have or can reasonably obtain access. Some companies are focused on monetization through internal use—using analytics to get a better understanding of their products and their customers and ultimately find ways to reduce costs or increase revenue. Other companies are focused on monetization through external use—sharing data, or insights generated from data, with third parties for economic benefit or partnering with third parties to combine data and create new data-driven products.

Internal and external initiatives to monetize data raise at least three key issues. For technology-savvy lawyers, these issues are opportunities to help clients manage risks and realize value of the transactions.

Loss of Data Provenance

Data-driven products typically require accessible and structured data. Yet existing data is often unstructured and siloed in disparate systems or by various departments or business functions. Data scientists use data lakes to bridge this gap and consolidate existing data into a searchable pool, creating a single source of truth. Unfortunately, this approach may lead to loss of data provenance, or history about the origin of the data. Without adequate data provenance, it becomes difficult and therefore costly to assess the rights and restrictions associated with data stored in the data lake, to determine what commitments may be made with respect to such data, and to achieve compliance in the case of resulting data-driven products.

As an alternative, it may be strategically beneficial to create several smaller inter-connected data lakes, or at least impose tight access controls on the main data lake, with data provenance maintained for all ingested data. This approach helps ensure that data is used in a manner consistent with the applicable license restrictions, therefore reducing the risk of breach or infringement claims. Even then, the further afield from the original licensed use that the data goes, the harder it may be to comply, or assess compliance, with licensing restrictions. A lawyer can play a key role in the implementation stages to ensure the business is forward looking about maintaining data provenance.

Security, Privacy and Other Regulatory Risks

Partnership with a third party for the sharing and use of data comes with traditional contracting issues and risks, such as those relating to representations and warranties, compliance commitments, risk allocation provisions, and termination rights. But data-driven partnerships may change the balance of considerations in these known risk areas. For example, transferring data from an internal database to a third-party data lake may result in new cross-border transfers, potentially triggering data localization and export control restrictions.

Companies evaluating and implementing data monetization initiatives will also need to stay abreast of the rapidly evolving regulatory landscape regarding data and data use. New uses of data may subject the company to new regulatory frameworks, and existing uses may later become prohibited under law. As a data monetization initiative advances, it becomes harder (for operational, legal, strategic, and often optics-related reasons) to make changes to the approach, so lawyers should proactively review and assess foreseeable use cases and consider the necessary licenses, consents, and relevant regulatory issues for both present and future uses.

Value Leakage

Data is a valuable asset that often provides a competitive advantage. However, U.S. intellectual property laws were not designed to protect data and, therefore, are either difficult to apply or offer relatively weak protection, if any. As such, in addition to relying on applicable intellectual property laws (which may evolve over time), companies seeking to protect “ownership” rights in data should do so by contract when sharing data with third parties. This means scoping licenses narrowly and defining the field of permitted use carefully when transferring data to third parties. Counterparties will want to have broad rights to use such data, or insights derived from such data, whether to improve their own products and services or for other business purposes. When negotiating such rights, the licensor should take into account the strategic objectives and priorities for the particular data involved and the nature of the third-party relationship.

In addition, while some agreements clearly cover the licensing and use of data and, as a result, generally receive an appropriate level of scrutiny regarding these issues, many joint venture, strategic alliance, collaboration, service provider and other third-party agreements operationally involve the sharing of data, even though such sharing is not addressed or made sufficiently clear in the agreement. Sharing of data pursuant to the agreements without appropriate protections can result in a loss of ownership and control over the resulting use of such data. Technology lawyers should consider the data implications of each such third-party agreement.

Conclusion

Companies are growing increasingly adept at ingesting, analyzing and monetizing data collected from a wide variety of internal and external sources. In doing so, it is important that they involve legal support early and often to ensure that they are not only addressing the legal and regulatory risks associated with data monetization but also protecting and preserving value and competitive advantage as they partner with others in the data ecosystem.

To read this complete article visit Law.com (subscription required).

Visit us at mayerbrown.com

Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the "Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown JSM, a Hong Kong partnership and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.

© Copyright 2020. The Mayer Brown Practices. All rights reserved.

This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.