“If it falls under intellectual property, then the government can definitely claim right over such data sets,” declared a lawyer at MediaNama’s roundtable discussion on non-personal data held in November 2019, as participants deliberated if sharing non-personal data, with the government or with other private entities, would infringe on companies’ intellectual property rights.
(Note: The discussion was held under the Chatham House Rule; quotes have not been attributed to specific people. Quotes are not verbatim and have been edited for clarity and to preserve anonymity. Also note that this discussion took place before the PDP Bill, 2019, was made public.)
Is data ownership a useful concept?
Defining property rights over data: A speaker explained that ownership does not automatically translate into private property ownership and thus defining ownership becomes critical. “What are the rights? Is it the right of access? Are we worried about integrity of the data? Is our focus entirely on NPD [non-personal data] in the context of free flow? That if it is not proprietary, then technically we would want it to be through an open API available to all in a machine-readable format,” they said.
- A lawyer said, “It is not data per se that we have to look at in terms of ownership, but the manner in which the data is going to be used, in which it will be monetised, which is where the issues will start cropping up”. Citing the rejection of the ‘hot news’ doctrine by the Delhi High Court, they said that in the case of BCCI, it was not the ownership over the scores per se, but “ownership over the right to monetise the scores”.
IP rights are asserted over databases: A speaker pointed out, “There isn’t really a concept of IP [intellectual property] over a data point; individuals have some proprietary rights over how data is managed, over databases, but not over data itself.” If the aim is to put data in a public commons as a common property for a public good, “there need to be long debates about policy reasoning,” they said.
- European Parliament’s Database Directive recognises sui generis right: Citing the European Parliament’s Database Directive of 1996, an advocate explained that this allows an entity to have a sui generis (in and of itself, independent of other factors) over a database if it has “put in a substantial investment into the collection and creation of the database”. This does not include machine collection of data.
Value of data is derived from aggregation: “Data per se has no value individually; it is only when you collect data and start using it in different databases that value gets added,” said a lawyer at the discussion.
Defining reasons to limit IPR is a must: To limit someone’s property rights, you need to have clear and distinctive reasons for doing so; it is only after that that you can move to questions of risk involved, governing usage to protect communities from harm, etc, a speaker said. Another speaker said that regulated entities such as telecom companies already have to give data to the government for certain specific purposes. However, for the government to get access to data to “improve public policy making processes” needs very different kind of arguments because “you are infringing on intellectual property”. Before making any policy, all risks associated with it have to be evaluated, and they argued that public good might not be enough of an impetus to warrant that.
However, property rights, not IPR, might be a more useful formulation for protection: One lawyer in the room contested the idea that intellectual property rights protection is the best way of protecting data sets. “If we start looking at IP statutes [copyright, patent] as a means of finding/including data protection, it may not be the right way,” they said. However, the basic principles of property per se, that is, the exclusive right to own, to possess, to dispossess something might be a better way to “find a more balanced approach to how this non-personal data should go into a community data set, or should be made available to competitors, and in what manner it should be made available”, they said. Looking at the concept of public purpose, voluntary and mandatory acquisition of property by the government for certain purposes, would aid in that.
How the government can access the data it wants to
Indian government can force companies to share protected data sets for public services: Another lawyer in the room explained that under the Indian Copyright Act, “there is a provision called compulsory licensing under which government can force any copyright owner to provide that right and take it away from the copyright owner and use for the purposes it wants”. This is when the government believes there is “an overarching public purpose”, another advocate explained. On the question of whether the government could force companies to share the data sets, another advocate compared it to the Land Acquisition Act wherein the government can gain control over physical property for public purposes. “If we look at the public purpose for use of a particular data set, then possibly yes, the government can [force companies to share data],” they said.
IPR over data collected by public sensors can also be accessed by the government: With respect to ownership asserted over ambient data collected by sensors and IoT devices in public areas, or instrumentation in smart cities, or by GPS trackers on public transport — all of which serve a public good — the previous lawyer said that “if it can qualify under the level of creativity under Indian law, that is, if there is enough skill applied on it and it results in something which is more than mere law, and has some originality attached to it, it will be enough to get copyright protection under Indian law”. However, the government can issue a statutory license over it if the person is not ready to share the data with anyone and claim access over it for benefit of the public as well, they clarified.
Pune Smart City Pilot Project: “In Pune, they have a catalogue of public data coming from tools like traffic lights, air pollution, sensors trash cans and so on,” a participant said. This is an open data set, but its accuracy is not guaranteed. But, it’s possible to see which entities created the data, where they acquired it from, frequency with which it has through an API, you can also access the data. “The processes of monitoring, generating, storing, and consuming data have evolved to a significant extent,” they said. But the process of consuming data is not part of this exchange and it is an entirely offline process.
Open data from utilities owned by the utilities: A person who runs an electricity data start-up said that their company acquired a lot of data from the utility. This data is not related to any individual, and the company cannot “trace it to a person or a community or a housing society”. As per this speaker, this data would be owned by the utility, and “since it is available to the public, it would qualify as an open data set, and we [the private company] have limited control over it”. However, monetising this data is dependent on the quality of data in terms of the granularity and whether it is available in real time. “If the data is two weeks old, it is less valuable than data which is real-time,” they explained. “There is really no way a utility can enforce any right or any claim over ownership unless they say that we are not going to provide you granular data or real time data, which might be more valuable than old data or something like that,” they said.
Power industry and data sharing: There is a lot of data sharing that occurs in the power industry in Europe and North America, a participant shared. This is because “the data is used to enable better functioning of markets as electricity has a time-of-day pricing”. India does not have that concept, but has power trading. “This is why the processes of data collection, sharing and consumption in order to monetise have improved,” they said. They also clarified that some data is shared by choice, but some data is shared on a mandatory basis to enable power trading. These decisions are made by the Central Electricity Authority.
‘Government is using privacy as an excuse to stifle transparency’: When it comes to government access to data, a speaker pointed out that transparency is very important. This was visible in the case of electoral bonds as well. “RTI activists use MIS data from NREGA, PDS and other schemes to track government welfare schemes, and to fin out about any leakages, scams, etc.,” they said.
Sharing data with private entities
“Value of data increases when it is shared and when it is extrapolated against other data sets,” a speaker remarked. Financial data is one such data set. It is this kind of data sharing that needs to be regulated, according to the participant. It also raised a question of whether such data sharing would be voluntary or mandatory, and who would bear the liability for ensuring its accuracy.
Sharing data with competitors is possible in certain circumstances: “Competition law says that when the competition has no hope of surviving in the market without that particular data or proprietary information, or the person who holds that data intends to create a monopoly, it is only in those circumstances that the data should be shared,” an advocate explained. Courts around the world have held to this. India, given its nascency in competition law, follows the European example. To prove grounds for data sharing, there’s a balancing act: the company/entity needs to show an objective justification of need and the IPR holder needs to show that they don’t intend to create a monopoly.
- A person associated with a start-up said that when it comes to data access and sharing, competitive concerns are important. “Can the person who has access to data protect their interests from a competing entity which also has access to the data or the entity, which is creating data?” they asked.
- Similarly, standard-essential patents (SEPs) on smartphones were hurdle a few years ago as it takes about 60,000 SEPs to make a smartphone.
- But, this is not justified: A person from a private company disagreed that data should be shared with the government or another entity. “I don’t think it’s justifiable to take data away from a cab aggregator to formulate better policy around public transportation. I don’t think it’s justifiable to take an e-commerce company’s data to enable a local rival. These are non-tariff barriers to entry and function,” they said.
Can sui generis databases be made accessible to the public, including competitors? A lawyer argued that certain categories of Indians could be given access to such databases for a fee. Taking the instance of the German Autobahn, which has a sui generis right over the toll data for people using the Autobahn, they said that researchers can access this data for a lower fee. Compensation is necessary for granting access, they argued. They said that it is possible to mandate that certain sui generis databases be made accessible to the public, including potential competitors, for a fee, but it is not possible to mandate that databases that fall under copyright/trade secrets be made accessible to the public.
- When vaccines were compulsorily licensed to competitors, the argument was based on the principle that “if the cost of access is too high, there is too much friction, then you can license it out into a common pool,” they explained. Health data is made available to competitors in emergency services.
Who bears the liability for publicly sharing data sets? A speaker responded by saying, “in the absence of regulatory certainty about how research data, or non-personal data, or community data can be treated, it makes no sense for large companies to incur the liability and potential harm that they will incur by putting the data out for good”.
Trade secret data is not a property right: A lawyer in the room clarified that in most jurisdictions, trade secrets’ data is not a property right unlike copyright, which is almost like a property right, but over intellectual property. Moreover, India does not have a law related to trade secrets. “But in relation to IP, you have limitations and exceptions for each type of property, such as fair use and fair dealing,” they said.
Read our coverage of the our discussion on Non-Personal Data in Delhi here. The discussion was held in New Delhi on November 28, 2019, with support from Amazon Web Services, Facebook and FTI Consulting.