In our previous publication, we discussed how a business’ data can be protected by characterizing it as intellectual property and protecting it as such. One of the most common ways to protect business data in a commercial context is through license agreements that impose contractual controls on the scope of protection of such data, as well as any related or derived data that may come into existence through its use and processing throughout the commercial relationship.
The creation of new data derived from a licensor’s business data may result in a substitute to, and/or reduce the market for its products or services. Therefore, it is important for licensors to clearly set out terms relating to derivative data in order to protect the licensor’s rights or control over such data and maintain its commercial value. From a licensee’s perspective, it is also important to ensure the rights granted in a license agreement appropriately address the licensee’s intended use of the data. As such, there are several terms in license agreements that may be heavily negotiated. The following are some non-exhaustive practical tips that businesses transacting with data should consider when licensing their data to third parties.
Definition of original vs derived data
As previously noted, it is important to clearly define original data as distinct from derived data. One way to do so in a manner that reduces the substitutability of the data (i.e., to the licensor’s benefit), is to define derivative data as data from which the licensor’s original data cannot be reverse engineered. Alternatively, the definition of derived data can be defined as data that cannot serve as a commercial substitute to the original data. Additional layers of distinction should be introduced carefully, taking into account the nature of the data (i.e., personal, medical, engineering, etc.) and how heavily it will be modified or co-mingled with other data sets.
Rights to derivative data
Copyright protection, which can apply to original compilations of data, subsists automatically upon the creation of any literary, dramatic, artistic or musical work and the author is generally the first owner of such proprietary rights, unless there is an agreement to the contrary. Since the authorship of derivative data can result in new rights where the licensee can be considered the sole author of such derivative works, license agreements should clearly address who is the intended owner and copyright holder of these derivative works to prevent any ambiguity and disputes down the line.
Scope of the license grant
The most important part of any license agreement pertaining to data (and any derivatives therefrom) is the scope of the license granted to the licensee, which should be set out as clearly and plainly as possible. Licensors generally wish to negotiate a more limited license, whereas licensees generally seek to negotiate a broader scope with as few limitations as possible. The scope of the license can be limited as follows:
- Exclusivity – licenses may be exclusive or non-exclusive. Where the data being licensed is a compilation, the license should generally be non-exclusive.
- Territorial restrictions – the agreement may limit the scope of the license to a specific geographic region, and this may be particularly beneficial if the licensor wants to limit the geographic scope due to business factors or foreign laws.
- Permitted uses – use may be permitted for specific purposes only (i.e., a project or specific business purpose).
- Sublicensing – a licensor may designate whether the licensee is permitted to further sublicense the data to others.
Beyond its scope, a good data license should also address the manner of delivery, maintenance, and control of the licensed data, as well as any applicable data security policies, practices and protocols imposed upon it, particularly where the data comprises or embodies personal or sensitive financial, technical, or commercial information.
Licensors may set out whether the licensee may create or use derivative data and other restrictions to using their data. Another way to limit the possibility that business data will lose its value and allow a licensee to gain a competitive edge is to formally restrict the licensee’s ability to reverse engineer, disassemble, decompile, adapt or otherwise attempt to derive or gain access to the data or methods used to compile the data. Furthermore, a licensor may restrict a licensee’s ability to modify, copy or create derivative works of the data and generally seek contractual acknowledgments and covenants from a licensee regarding data ownership, consent to an injunction in case of breach and even liquidated (i.e., fixed) damages clauses should a licensee breach these valuable obligations.
Privacy and cyber-security considerations
There are various privacy concerns surrounding derivative data, as derivative data creates additional pools of risk. The ability to aggregate collected data may be important to the licensor or licensee – e.g., to track industry trends. However, this creates privacy concerns relating to the breach of confidentiality or contractual obligations with third parties because the data is no longer in its original form but could still be considered personal information, which can potentially be accessed by unauthorized third parties and threat actors. This risk can be mitigated by anonymizing the data, and the license agreement can impose obligations and standards in that regard.
In the next publication, we will discuss relevant considerations for derivative data in the M&A context, including risk allocation and indemnities.