The smart revolution has extended beyond phones to cars, eHealth devices, wearable trackers, home devices, and even cities. IoT has taken over. For those yet unfamiliar, IoT is basically sensors able to capture data which can be analyzed and put to use by individuals or businesses for a variety of purposes, including the design of new policy.
Data can be static, but it can also provide vital information about individual and business operations. Here's the thing: who owns that data? Legal definitions require data ownership be defined by whoever has collected it into a database. That's Somjit Arnrit of AM Technologies' perspective.
Still, you've got to define this situation carefully. Privacy can't be defined without ownership being established in advance. This gets complicated when individual and commercial data crossover; then there's the nebulous issue of what information is generated through equipment used under lease. Contracts tend to define this. We're looking at a complex issue here, so let's dive in:
Define Information: More Than One Type of Data
There's personal data, and you may have liability as an organization in the United States if that data becomes available to hackers. It's called "PI", or "Personal Information", here's a guide to penalties if you're hacked. Definitely, a business needs to differentiate between what can be defined as proprietary data, and that which is PI.
Internationally, in 2018 the General Data Protection Regulation (GDPR) of the EU was passed, and businesses operating beyond national borders need to be aware. Portability and deletion rights are outlined under the 2018 GDPR agreement. However, anonymous data, aggregation, and de-identification make breach and data protection laws harder to pin down. Sometimes you've got info from individuals who simply can't be traced. Still, good tech people can collaterally figure out who is who in the data zoo, so there's controversy.
Contextualization of Data and Data Value
What's necessary is assigning data value and contextualizing associated info. If you're running an IoT network, there may be more than one stakeholder. An industrial plant will have third-party providers on-site, end-users, manufacturers, and public visits; all of which generate data.
Because all data has some level of value, data sharing and exchange options can be mutually beneficial. Trade a little data for something--you've likely already experienced this in your personal life. Online coupons exist if you just give up a little personal data voluntarily.
Well, in a commercial sense, this gets more complex. While before, companies who weren't savvy wouldn't even use all that data, legal restrictions as regards breaches and rulings by the GDPR have changed the game.
Now companies have to think about these things for compliance regulations. So where is this going? Varying tech professionals are trying to determine a way of assigning baseline value to data. As that happens, new protocols will be necessary for optimal operations and legal compliance.
Where IoT and Data Ownership Have Conflict
Accessing data is often going to require ownership permissions be established. Say you've got a car that's IoT enabled. It generates substantial data. There's probably some telemetry at play here: data being transmitted to the manufacturer for their developmental purposes.
There will be data generated by a smart car through IoT that the user doesn't actually have access to, but the manufacturer does. Third-party hardware is likely going to have difficulty interfacing with built-in telemetry, changing data the manufacturer collects.
There's definitely a disconnect between individual use and telematics data transmission. If you're running a fleet of vehicles as a business, this gets even more complex. If you've got multiple brands sending telemetry to manufacturers, that makes things even more complicated for your network. Also, that data can be useful for you as well as the manufacturer. So you can see why those known as Original Equipment Manufacturers (OEM) tend to be at cross-purposes with those using manufactured equipment.
Now OEMs prefer telemetric information transfer be enclosed within their own system; that's convenient for them. But if you own the vehicle, this may not be ideal for your company. However, OEMs have an argument regarding uniqueness, which telematics facilitate through data differentiating brands. What's the real difference between your Motorola Z smartphone and the new Google Phone? Honestly, services are the big difference, hardware for such devices is extremely similar. It's the same with many vehicles and other devices that are IoT-enabled.
The MGD Angle
Machine-Generated Data, or MGD, defines the majority of IoT-generated data. Whoever owns the device that makes information essentially owns that information. But the question of ownership is nebulous when you consider things like copyrights, trademarks, and proprietary engineering. Data generation may legally be defined as part of a company's unique product development.
If you really want to see things get complicated, introduce a lease. To put it in perspective if you own a device: data is owned by the titleholder of the device in question. Think of data title as paperwork demonstrating property ownership. If MGD contains metadata, think of that like water or mineral rights to a property.
Some properties don't grant owners such rights. Some do. Similarly, MGD may or may not include that information, depending on the device, its manufacturer, and their legal team. Put it this way: it's possible for one individual or group to own data, and for it to be controlled by someone else.
Data possession isn't legal license in the same way a "title" would be. Possession may play a part of overall data control, just as a tenant controls how their unit is decorated. But the landlord owns the unit. Control follows data being copied and spread, but ownership may require some sort of legal definition.
Legal Realities and What They Mean
PI may have a legal definition, but raw data is not protected by American law. That said, rights to ownership of that data through title have a certain similarity to copyright law.
Those who hold title can create derivative works, they can generate copies, and they can distribute the information to which they hold title. Think of information in a database like what's inside a book. While the author owns words and pictures inside, a publishing company may have distribution rights, and the ability to collect a certain amount of money from the sale of a given book.
An author gives publishers publication authorization and distribution rights. But the way a reader interacts with that information is beyond the author's control. If you have data title privileges, then you have data ownership rights. Should someone copy that data and use it somewhere else, those ownership rights don't follow their use of it.
Managing IoT Data Properly
Device title does not always represent data title. Owning data, or data possession also isn't data title. OEM devices will likely produce telemetry that OEMs have some control over, and leasing arrangements make everything even more complex. Read the fine print, and work with tech professionals who understand this burgeoning legal field for best access and usage outcomes regarding data ownership.