More. . .

Valérie-Laure Bénabou, "Monetization of Data: A Legal Perspective"

Presented at the Legal Challenges of the Data Economy conference, March 22, 2019.

Transcript

VALERIE-LAURE BENABOU: Monetization of data, legal perspective. And the subtitle I added is not in the paper of the conference. It's sharing the data dividend. It's an idea. It's a work in progress. So please don't hesitate to tell me that whatever I will say to you today is not relevant, certainly not feasible, and completely lunatic. But still, I will try to explain.

First, so I think-- is this this? First, I want to recall that from a legal perspective, there is no such definition as what is a data. The definition is really blurred. You always have definition related to a specific regime-- personal data, public interest data, security data. Everything is potentially a data.

I've been working for the Ministry of Culture on the [FRENCH] lately. We have released a report on copyright, digital content, and data. But work, for example, might be considered as a data or as a database or a set of data. So it depends on the dimension with which you consider the element. Do you consider the work as a whole, or the parts of the information that are embedded in the work, or the information which is the work? So here, you have a data, potentially, even though it's treated as a copyrighted work.

We have many scholars trying to discuss various definition of what would be data. And there is a very interesting distinction that has been made by Rob Kitchin that distinguishes between data that are representative in nature, data that are implied, and data that are derived. Because on the same set of data you would have, for example-- let's take the copyright, because it's what I know the most-- the work, which would be the data representative in nature. And you would have, maybe, the implied data, which would be the metadata that designated the work; the authorship, which is an element of the work but is also an external data. And you would have also derived data, which are the usage data of this work, for example. So you have several layers when you are distributing a work, for example, of data that are encompassed in this distribution.

Data is not covered by a single text. And there might also be overlap between digital content-- such notion like information or works. We shall also, maybe, sometimes distinguish between the data in itself and the aggregate-- the data, the data set, the set of data, the database.

And we don't agree, also, on the function of the data. Data might be an asset. It may be considered as the result of a labor. It might be considered as an infrastructure. We have several reports addressing data lately and considering them from various perspective.

And this can be shown in, for example, the last development in the recent legal EU legislation. Some instruments are pending. Some are really already adopted, on the left. And you see-- so there are the GDPR that we all know. But there is also the regulation on the free flow of non-personal data. You have a regulation on the portability of online content services which addresses questions of data. You have the proposal-- directive on provision of digital content, who also is about data, and so on and so on. So we have no single entry to define what is a data according to the law.

And the problem is that the same data can be considered variously from various legal perspectives. And some legal regimes may be accumulating on the same set of data and may also be conflicting. So we have several models which might conflict. And we also have harsh discussion pending on what would be the proper answer, the proper legal tool to monetize the data.

And as you know, some people advocate very strongly in favor of an ownership model, which would be based on the IP system, where some are more focused on the technical control, which also leads to exclusivity-- less exclusive than just data holding through trade secret, which is a sort of de facto exclusivity. But once the data is released, it's been shared.

Then you have the data sharing contractual model. For example, we go to open data licenses between people that are willing to share data for free or for money. And we have data sharing legal obligation, like for we have an open data legislation in France where you are compelled to display some data and to share some data for research, for example. And this is not according your will that this data are shared, but because the law imposes that to you.

And lately, you can also consider data as commons. This is also a theoretical model, but many people, like--

[CLEARING THROAT]

--a famous woman, Nobel Prize, are advocating that we shall may be considered data as commons.

From exclusivity to inclusivity, this is the same. And in yellow-- well, in orange, you see where we have already legislation taking place. We can also consider these several conflicting models according to, what kind of control does it grant or would be granted by these different models?

So you would have models of control ex ante in the monopoly situation of IP, for example-- you have to has prior authorization to the older of the data set in order to have access to the data. And then you have the monetization taking place, like you license your IP rights. You would license your owner rights on the data. You can have also harmonization of the access to control without considering the monopolization of the data itself, but the fact that you are the only person in charge of controlling the access to-- so you make the monetization of the access. The same with the trade secret.

But you also have ex past control models like-- I will focus on those-- data portability and what I call data dividend, which would be pieces of legislation that compel the data processor to share the data or to retrieve the data or to give you back data that you have been processing with it. So here, you would have a situation like in the GDPR article 20 for the portability-- I will go back on that-- where personal data are being processed. But the person, the individual, may claim to have his data back in order to, maybe, bring his data somewhere else, for another service. And then you can see, is there here something like an economic value? This right to portability might be a way of monetizing data, also.

Whatever, I will be very straightforward on this-- I'm very skeptical on the possibility to copy-paste one existing model and to say, well, this is the answer for data. This is the legal regime that we should copy-paste. And many advocate for, as I said, the regime of data ownership. Many advocated against. As you might know, the regulation on free flow of data was really driven by this discussion. And at the end of the day, well, the ante property won, because there's no such thing as ownership of data in the free flow of data regulation.

You can also consider that maybe ownership would be not the exclusive right as we consider it from a civil law perspective, which is exclusive right, but another kind of ownership which would be more centered on sovereignty, meaning-- well, I call this ownership, but this is not ownership. This is a power of control that I have on data. And then you can see such elements of thinking in all the public reflection about, we shall keep control over our data, or localize our data on our territory in order to-- well, to avoid privacy breaches or whatever.

And then we have this so-called ownership which is not really an ownership, but it is a kind of control based on the sovereignty of our data. We shall maybe have a sui generis right or maybe be inspired by the intellectual property. As I said previously, I am very skeptical about the possibility to be inspired of the IP economy and the IP scheme, to transpose it to the data economy just because they are so different elements.

But I may be, here, trespassing my field of knowledge, because some economics element may contradict what I am saying. But most of the time, we have a right in IP which is grounded on national, legal monopoly that are granted by the will of the state to some person in counterpart of the benefit for the welfare-- whereas in the data economy, there is no such thing as reward monopoly. It's a de facto monopolization because of the economic power deriving from the possibility to aggregate data.

And I can go on. The licensing are not the same. There is no such thing as exceptions for the data economy, whereas in IP, there is a balance of the public interest and the private interest through the exceptions.

I just want to recall, maybe, this case, which is a little bit underestimated even though it seems to me very important-- the Ryanair case of the Court of Justice that, in 2014, the court was asked whether the database of Ryanair, which would not be protected through copyright or sui generis right-- database's sui generis right-- shall, nevertheless, the holder of this database comply with the exceptions that were granted in the database directive?

And the court say, well, no. No. Well, it would have had to comply with the exception if it were protected. But as it is not protected through an intellectual property right, then you don't have to balance any pro and cons. You just can have the most favorable access to your data for the processor. And the user-- it doesn't have any right to say, well, it's for research or it's for cultural purposes that I want to access to the data. This is not relevant in the data economy, because there is no such thing at the moment as public interest.

So if we think of copy-pasting things like copyright as a model for data economy, then we shall have this balance of interest that should be taken into account, which is not actually the case for the moment.

Well, as I said previously, everything is data-- overlap, conflicting legislation with various objectives. And you see in the legislation, you have the regulation on the free flow of data, for example. But even in the GDPR, you have two conflicting objectives. Then one is protecting the individuals, but one is enhancing the circulation of data.

How can you, in a single text, say that you will manage to do both protecting the individual and making the flow of data more easy? It's very complicated. And I guess we didn't manage to do that really carefully. So you have conflicting interests underlying the various discussion and the various texts.

It is my thinking that we need to move from this distributive approach to a general approach. At the left, you have a millefeuille. And then you can see the separate layers of the millefeuille, whereas here, you have a marble. And you cannot separate the white from the chocolate. So because it's all mingled, it's so entangled.

And when you talk about big data economy, well, actually, you talk about something which is different from the addition of the data-- the big data, as we say. We talk about the whole. And the whole is not limited to the mere sum of the parts of the whole.

I quote here a sentence of Mattise I heard this week, which is, "one centimeter square of blue is not the same blue as the same blue painted in one meter square." So it's really interesting-- depending the dimension of the thing that you are taking into account, you shall have different perspective and have different regime.

I'm sorry, because I will take a French example, and maybe it's not very understandable for foreigners. But we have a concept which is universalite de droit or universalite de fait in French law. Like for the fonds de commerce, when you have a business, you run a business, we have a legal entity that is protecting the business called the fonds de commerce. And it is made of several different layers-- the trademark, the right to-- whatever. There are several elements-- the trademark, the customers, and so on. So many values that are aggregated in something which is considered as a whole and as a regime for the whole.

And this is possibility. There is a possibility to transmit the fonds de commerce, so this universalite de fait, per se, notwithstanding the specific regime applicable to the elements. So this would be the model, maybe, to think of, which is, think globally. What you see is an aggregate of things which, if you take them individually, they are not worth anything. But at the end of the day, it makes this. And everything is a data. Each piece is a data. But the whole result is also a data.

So we have, maybe, to take into account or to imagine a new regime which would be not conflicting, but not be limited by the conflicting regime of the past. Yesterday, we have had a small talk, but we have a problem there, because with the definition of personal data, which is very broad, once you have a personal data in a data set, everything shall be covered in this data set by the GDPR legislation of the protection of personal data because there is, in the data set, an element which is a personal data. So you have this viral application of the law that impede the possibility to treat the whole differently from the part.

So tell me, how much time do I still have? Because this was only the first idea.

[LAUGHTER]

Very quickly, I will make two proposals to discuss. I will launch two ideas about how to, maybe, benefit from the data economy and how to do it by just merely and quickly recalling that we are also evolving in a framework of platform economy. But we have been addressing that at large so far, so I don't need to recall what are the specificities of this platform economy and the bottleneck effect of the platform.

So how to benefit from this data economy? As I said previously, I don't think that exclusive property is needed, because we have here rival goods. We have a data that can be shared, and its emphasis there. Recall that we can share the data quite easily from a technical point of view and from an economic point of view, even if there might have problems as to the efficiency of sharing the data.

But the possibility of sharing is very envisageable. So you really have to take that into account. It's not something that you cannot share. And you can share with people without impeding the market of the person from whom you have the data. So the cost of sharing is not high, and the risk of sharing is maybe not higher, neither.

More than having-- I'm sorry. No, it's there. More than having an exclusive property, I think it would be better to think how to give control over the data through renting several prerogative to what I call the right holder, the data holder. I didn't say owner, because I want to say holder. So you hold the data. You have the data, meaning I have them de facto doesn't mean that I own the data.

So this is to make-- is it clear? Yeah? It's clear. So I can be a right holder without having an ownership. I can just have the situation where I hold something.

So the first prerogative is already existing. And it is my thinking that we maybe have, in various texts, something which is expressing a general principle, which is the prerogative of portability-- right maybe to portability.

I will go very quickly here. But if you look carefully in the last text that have been adopted, and I've been mentioning before, you see that this principle of portability is coming back several times. So you can find it in the GDPR article 20.

This is the right for the person to receive the personal data concerning him in a format which is structured, commonly used and machine-readable and have the right to transmit this data to another controller. So I can receive my data. I can get them back and bring them to some other processor of data. And I can do this, also, because the format in which my data have been restituted are compatible, interoperable-- which is cornerstone. If we don't have this requirement of open format data, I would say, we cannot share the data.

But you also have an expression of the portability idea or principle in the free flow of data regulation, article 6.1, paragraph 1, point A. The porting of data-- "The Commission shall encourage and facilitate the development of self-regulatory codes and conduct in order to contribute to a competitive data economy based on principles of transparency and interoperability." And then you see the link between porting of data and interoperability principle.

You also find the portability on the regulation on cross-border portability-- the name of it in the title. So here, we have Nexus and the use of the content which is guaranteed by the regulation, which is the possibility to bring with me my services when I am moving from one country to another-- so my content, so my data.

And lately-- this is in the French law for the digital republic-- [FRENCH]-- --has embedded a provision which is a portability principle for the consumers. So it's a B2C approach, which is an obligation limited to the most important services. Not everyone is debtor of this obligation to comply with this right to portability.

I'm sorry, but it's very small written. But in a nutshell, it triggers something like a portability by design which would be a free functionality that the data processor has to provide a free functionality to the consumer for him to retrieval his files and all the data resulting from the use of the consumer account except those that were subject to a significative enrichment by the data processor. In other words, it means that not only this portability principle here grants you the right to bring back your data to you, but also to benefit from data that have been made or constructed or generated by the processor at the occasion of your data and to share them with you. And this is it.

So is it a right to portability that we shall generalize not in the B2C only, but in the B2B relation also? Once I put data somewhere and I share the data with someone who processed the data for me or with me, I will always have the right to go back, to get back my data whatever-- even if I-- the cloud system and I don't have any technical control over the data. So I will be guaranteed to have those data back.

But also, this right to portability would pose a question as to, in which format shall I have those data back in order to bring them in another service? And also, shall the processor erase the data after I have exercised my right, which is not sharing the data any more and having, maybe, a different situation? So will it be for free, or is it something that you would pay to get back your data? Whatever, you have many questions about this data possibility.

This example of application of data portability to IP content-- then we would have, for example, if I have my work I share on the platform and I exercise my right to portability, then I could ask at any moment to remove the work, and also the metadata on the work, from the platform to maybe choose another way of distributing this work. So this would be limited to this.

Grounding-- and it's nearly finished. grounding on this provision of the code de la consommation, you've seen that it goes further than only retrieval of my own data. It shares the data of the data processor. And this is my suggestion-- it might be irrealistic, but I share it with you-- which is, if we want to monetize-- and many people are really concerned by distributing their work content, whatever of data through data processors. They lose the control and they lose the relationship with the final client. They don't have the possibility to personalize the service because it's the platform that uses the data of usage and that hold those data and don't share them with the content holder, with the data holder.

So my suggestion is that we shall maybe think of an instrument that would force or might enhance this sharing of data that are essential data, but also maybe derivative data or implied data. Why? Because this would be in line with the co-petition use, because the value of this data is a result of a partnership, because there's no usage of data without a platform to collect it, but there's no usage of the data without object to use.

So it's like, I bring value. You bring value. And we share the dividend. That's why I call that the dividend-- like in a company when I bring my money and then you bring your work, and we share all together. And then if there are profits, we share the profit and we distribute the dividend. And this would be the possibility to share this data dividend.

This would be a possibility for the data holder to keep the relationship with the final customers and personalize my market. Also, to address a very complicated issue from a legal perspective, which is the distribution of liability. For example, when I have a problem of a delivery of a service and there is a mismatch or something doesn't work, you never know who is in charge of the quality of the service, of the quality of the data. Is it the distributor? Is it the content holder? Is it the data holder that is responsible for the harm caused by the bad service? And it will be also in line with the platform loyalty.

Is it OK? Is there a problem? It's my last slide. So don't worry.

So many questions, actually-- which scope? Until which level of data we could bring this right to dividend, right to share the data dividend? Which scope? The metadata, the breaking data, the non-breaking data, the data that are enriched by the processor-- to which extent, through which model?

Which model? Open data, France, legal obligation, whatever. And we would be the debtor, actually. Many, many question remaining, many obstacle. Is the aggregate breakable? Is it feasible to recoup the data? Is it possible economically speaking, technically speaking, and so on? Is it going beyond the protection of trade secret? And blah, blah, blah. So many, many questions that I will not address today. But I leave the floor to you and to my estimated colleague. I'm sorry.

PRESENTER: Thank you, Valerie.

Big data