What is a Data License Agreement?
Data License Agreements are generally written legal contracts between owners of data and parties seeking to use those data. In most cases, they will simply involve a grant of rights from the party which owns the data (the licensor) to the party who will use the data (the licensee). But there are many different types of data license agreement, with various clauses and amendments to reinforce the key elements which are key to that relationship.
The purpose of a Data License Agreement is to draw a line around the relationship between two parties, and in particular to afford the licensee clarity about what they are entitled to do with the data , and thereby hopefully prevent the licensee from any wrongdoing. The downside, from the data owner’s point of view, is so often the perceived freedom of the licensee is curtailed, and that the licensee is otherwise off-limits, at least until a new relationship is agreed.
The legal landscape for a Data License Agreement may include trade secrets laws, torts such as negligence, books of statutes such as the Copyright, Designs and Patents Act 1988 or even standards from industry bodies, but above all it is the terms of the agreement itself which will take precedence and form the basis for any future litigation.
Key Components of Data License Agreements
Data license agreements, like most license agreements, typically include an enumeration of the terms and conditions that will govern the relationship between the parties. Terms and conditions will generally include any prohibitions on transferring or assigning the license to third parties and sets out an indemnification clause, which defines what will happen if either of the parties has a breach of the agreement and what the consequences will be to the party in breach of the data license. Often a term of years is set out which establishes when the data license will be effective and how frequently it will be renewed. Sometimes the term of years is indefinite, though that is less common than the limited period data license agreement.
There often is some specific language in the data license agreement which is intended to protect the data protection interests of the licensee and limit how the software can be used to infringe on the privacy rights of individuals through the use of the license. In order to encourage compliance with the license, the data license agreement will often have procedures for the licensee to self-report on its own compliance and procedures for enforcement and termination by the licensor of any breaches that are uncovered with mandatory reporting requirements imposed on the licensee for any breaches in a time certain.
Many data license agreements also have provisions for licensing fees or royalties which must be paid to the licensor for the use of the data. In some cases, this might be a one-time fee to get started and then thereafter, there is no licensing fee required or the fee might only be to initially acquire the data. In some cases, a royalty license fee might be paid either based on the number of end users or the amount or volume of data that is extracted from the license. There might also be a provision for the licensee to pay a contingency or maintenance fee in effect for as long as the licensor agrees to maintain the data license to ensure that the licensee is aware that there is a continuing obligation to pay the fee to continue to have the data license in full force and effect.
Finally, a data license agreement often has the option for the licensor to be notified of any changes that the licensee makes in its collection, use or disclosure of data that is subject to the data license agreement. The notification requirement can assure the licensor that there are not changes that would undermine the protection afforded to individuals as a result of the data license agreement.
Types of Data License Agreements
Data license agreements can be categorized into various sub-types based on the extent of the rights granted by the data owner to the data licensee. The most common forms of data licenses are exclusive and non-exclusive licenses, as well as limited licenses.
Exclusive data licenses provide the data licensee with all of the rights to the data that would otherwise belong to the data owner and reserve to the data owner none of the rights of the data. Pragmatically, exclusive licenses generally reserve to the data owner an option to be the first licensed party in case the data is ever licensed to any third party. The right of first negotiation may be a good idea if the purpose of the exclusive license is for the data owner to be allowed to reap the benefits of a long-term relationship with their data when it becomes more valuable over time, such as where the data owner and licensee are establishing new technologies together.
Exclusive licenses are advantageous to licensees because they prevent the data owner from being able to grant further rights or "participate" in the data independently of the exclusive license. The analogy for this is similar to the patent license analogy in that the data owner cannot competewith the licensee.
However, if the data is not particularly valuable then the costs to both parties of negotiating over an exclusive license may be unwarranted. Consequently, the parties may decide to limit the scope of the exclusive license, or limit the exclusive license to certain fields of use. For example, the license may completely exclude the data owner from using the data, but may permit the data owner to use the data for certain agreed purposes. The right of use may also be limited as to geography or to the field of use. A limited license creates a strong motivation by the licensee to develop a commercial market for the data, because the licensee now has the ability to realize all of the profits from its commercialization of the data.
A non-exclusive data license provides the licensee with certain specified rights in the data, but leaves open to the data owner the right to use the data however and whenever it wishes. The non-exclusive nature of the license simply means that other parties may be allowed to access the data as well.
Non-exclusive data licenses offer significant advantages to both licensors as well as licensees. Since the non-exclusive data license prohibits neither the parties nor third parties from independently engaging in the data development efforts that fall within the scope of the data license, there is no need for the parties to be concerned about addressing any potential "field of use" restrictions, and neither party will have the same incentive to engage in takeover or "land-grab" incentives that often occur between parties in interactions involving negotiated exclusive licenses. Ideally, a non-exclusive license relationship should be a win-win relationship, because the parties can focus strictly on the intended scope of the license, instead of wasting time and resources negotiating over unrelated restrictions or obligations.
Common Data License Legal Issues
The interplay of two separate pieces of legislation further complicate data licensing in California: CCPA and the Federal Driver’s Privacy Protection Act. The new California law was not intended to extend privacy protections to data collected in the course of motor vehicle records protection. However, the driver’s privacy law, originally enacted in 1994, gives some consumers rights concerning the use and disclosure of their personal information collected by state DMVs. For example, a DMV cannot disclose personal information from motor vehicle records unless such disclosure is permitted under the DPPA and/or the CCPA. This issue will impact the updating of agreements as states begin the enactment process.
In addition to the California laws, some other states also have laws that would impact data sharing agreements. For example, similar to the law in California, Nevada prohibits certain dealers from making any disclosure of certain types of personal information contained in a consumer report unless the consumer gives prior written consent. These dealers include: any person that has a Federal Trade Commission or state of adhesive tape rule violation; any person who knew or had reason to know that the consumer report would be used for an impermissible purpose; any person who knew or should have known that the consumer report was not confidentially obtained; and any licensee of specific parts of Nevada’s consumer reporting system such as repossessors and locksmiths . The Nevada law is more stringent than federal laws that only require disclosure under certain circumstances.
Aside from the laws, license agreements typically have negotiation points concerning usage and security of data. That is like negotiating rights to deliver a pizza vs. delivering a pizza, which is the right to exercise a function covered by license, should it be negotiated.
Some common issues include:
What happens if the data is used in a manner that violates an agreement? Commonly, the licensor will demand the licensees cease use (possibly demand return of data) and provide an explanation of how the misuse occurred. If the licensor believes that the licensee is not in compliance with an agreement, or has created liability for the licensor under law, the licensor may demand wavier of liability and indemnity.
Vicarious liability may also arise from licensee’s delegation of acts to a third-party subsidiary or contractor. In this situation, the licensor may seek to amend the agreement to state that the licensee is fully responsible for compliance by the third-party.
There are also conflicts between U.S. laws and foreign laws. In EU jurisdiction, for instance, the GDPR states that subjects have a right to damages for violations of the regulation, and to cease processing of their data (subject to waiver). When a U.S. company licenses data from a source that is subject to any of the EU regulations, the U.S. company needs to be careful that they do not implicate U.S. courts into having jurisdiction over EU violations.
Best Practices in Data License Negotiations
When negotiating a data license agreement, there are some best practices that can promote clarity, compliance and ultimately, commercial success. Both sides should consider the extent of their intellectual property rights in the subject data, and the value of the data. Where there are fundamental differences in those assessments, parties may agree to waive exclusivity, competitiveness or other rights that would otherwise apply, in exchange for commercial consideration. Consistency in data licensing agreements is also important, where possible and appropriate, as it may remove some negotiation friction and facilitate adherence to agreed terms by an informed licensee. In addition, both licensors and licensees (and their legal representatives) should bear in mind that changes to the subject data or to the systems that capture, process or otherwise exchange those data do not always invalidate data agreements, and should be dealt with in accordance with the provisions of the data license agreement. For example, where there are changes to data processing systems, licensees should ensure that they continue to receive data in usable forms (and as required by the license agreement), and, conversely, data providers may also be obliged to ensure that they deliver data in usable forms.
While not all provisions in SME data licensing agreements may be necessary or appropriate, some particular terms should be included, including:
- repetitive and/or large volume data requests should be fulfilled in a timely manner, to avoid interruptions to licensees’ business operations;
- payment provisions should be clear and concise, and amounts and currency should be related to the relevant location of the parties, and other material factors;
- licenses and obligations to pay for data should be clearly delineated, with the use of separate schedules or annexes; and
- confidentiality provisions should remain true to their name (i.e., referring only to confidential information), and should not cover non-confidential information, including data in the public domain.
While concepts such as big data and artificial intelligence have proven indispensable to numerous industries, some analytics may be more commercially sensitive than others, and certain elements remain subject to intellectual property laws and licensing agreements. Data licensing offers many beneficial uses, including in the areas of artificial intelligence and machine learning, and while most negotiations are commercial in nature, those over data licenses may potentially and inadvertently implicate data privacy considerations, including the General Data Protection Regulation (GDPR). The GDPR (and national laws implementing the GDPR) continues to be the leading force on data protection, and continues to transform the data landscape within Member States of the European Union, and has also influenced other legislative frameworks, such as the California Consumer Privacy Act.
Future Trends in Data License Agreements
As data becomes an ever more valuable commodity, it is no doubt that the trend of data license agreements will grow. The Model Data License Agreement issued by the International Chamber of Commerce in 2016 may become even more widely used for the licensing of any type of information, moving past content and into a wider range of commercial information agreements (for example, a license agreement with an online shopping platform). As the answers to the two questions outlined above move toward a consensus industry consensus, this Model Data License Agreement may move toward being more widely accepted and used.
Technological advancements, including continued improvement of artificial intelligence and machine learning, may also affect the future of data license agreements . For example, artificial intelligence may be able to analyze data faster, more accurately, and at a lower cost than a human could. But with each advantage that artificial intelligence provides, there is a risk that it can be used to infringe the privacy of the data subjects whose data was collected. Without proper safeguards, artificial intelligence could potentially be used to violate collecting or using data, and without adequate attention to contractual protections, could be monitored or terminated.
While manufacturers of artificial intelligence are beginning to anticipate the dangers that these technologies pose on privacy, their practical real-world impact may not be fully known. These need to be anticipated in all future data agreements, including data license agreements.