Corporate: Driving New Value with Data

In 2023, data moved beyond serving as just an “important currency” in the marketplace and evolved into a truly transformative asset class. With this transformation, data requires increased attention and concern by its owners and controllers. Companies are increasingly building, creating derivative works, collecting data, and even focusing on acquiring data through accretive transactions. As a result, stakeholders must understand and address the nuanced legal matters associated with developed or acquired data, which run the gamut from how to actually acquire particular data rights under applicable laws to managing restrictions related to use of tools, such as data analytics and artificial intelligence.

Companies should strongly consider the intellectual property protection of data under applicable regimes and statutes. Given the number of statutes and regulations to navigate, the global nature of companies’ activities makes this more challenging than ever. As laws and best practices develop at a breakneck pace, owners of data face the additional challenge of tracking and keeping up with evolving data base rights and copyright schemes in a myriad of countries where the data is developed, acquired, or even ultimately transferred.

Companies should also take stock of the legal obligations of the parties under company agreements that impact a company’s and counter-party’s use of data that is subject to such agreement. Data may be considered a pre-existing work or background technology in a company agreement. If this is the case, as between the parties to the agreement, most often all rights, title, and interest in and to the data remains with the party supplying the data (whether as an owner or licensee from a third party). The parties should ensure the character of the data to highlight whether personal data is contained in the applicable data sets and whether data protection laws have and are being followed.

But the inquiry cannot end with just that previous assessment. Each party’s rights need to be carefully understood. Some questions to consider include the following: What rights does a counter-party in your agreement have to use the data, or to combine the data with other data sets? And who owns any derivatives that result from any activity with respect to the data? Any third parties who have access to, or are involved in, outsourced activities related to the data need to have their obligations and rights in the data outlined in separate written agreements that are consistent with the obligations of the primary agreements. In addition, it is important to understand what rights survive the termination of any agreement.

When working with third parties with company data or in acquisitive transactions, there are also a number of legal concerns to consider for companies that own or are acquiring data sets. A few of the key issues include an analysis of the data and related cybersecurity risks, security of all applicable IT systems that are involved, antitrust concerns, foreign investment concerns (CFIUS), and even analysis of
the ethical use of data. Companies focusing on these issues will likely be in the best position to extract the most value from these assets now and in the future.