Legal Issues for Data Professionals: A New Data Licensing Model

Setting the Stage: Data as a Business Asset

This column presents a new model for licensing and sharing data, one that I call the “Decision Rights Data Licensing Model” (or the “Decision Rights Model,” in a shorter form) and one that has been met with acceptance in commercial transactions. The Decision Rights Model addresses current business and legal needs in licensing data in today’s environment. It’s a landscape where data has catapulted into a new business asset class, where as an asset class, it has distinctive features that distinguish it from traditional asset classes, and where conventional business and legal methodologies used with older classes do not readily address the business and legal risks and opportunities presented when commercializing data and protecting a company’s right to control the use of its data are necessary.

The Four Applications (or Use Cases) for the Decision Rights Data Licensing Model

The Decision Rights Data Licensing Model has four applications.

  • First, it applies when a company licenses its data to third parties for commercial use.
  • Second, it applies when a company enters a joint development agreement.
  • Third, it applies to the internal sharing of data between a company’s business units.
  • Fourth, it applies when data is shared between or among separate legal entities in a family of related companies. At the onset, I would like to thank Gwen Thomas for her insights and contributions in developing this model, especially in connection with the third application.

A Predicate Problem: Defining the Scope of Data Use Rights in Terms of a Business Field of Use

The legal objective for licensing data is to define the scope of use. A common way to do this is for one party to grant rights in a particular industry field of use. However, defining the scope of use as a field of use creates practical and legal problems. For example, when both parties are in the same field of use (such as “agriculture” or “healthcare”), using the field of use as the scope of use is often not workable because it does not provide precise boundaries. The party that is licensing the data (the “licensor”) would be giving away significant rights to the party receiving the grant of data rights (the “licensee”) in the same industry because by granting rights in the field of use, the licensor could be limiting its own rights in its own field of use. In extreme cases, the licensor could preclude itself from using its own rights in its own field of use. Similarly, it could limit its rights to use its own data in a manner that would equate to compromising its existing or future business.

Dividing a business field of use into subfields often does not work. For example, a licensee will want broad rights to use the data in a subfield that aligns with its scope of business, but that scope of business overlaps with the licensor’s business. If the scope of licensed rights were broad, here again, the license could limit the licensor’s own use of its own data in its own business because its own use would carry significant restrictions. In addition, if the licensee’s scope of business would define the subfield of use to contain many companies in similar business, then granting rights to the licensee could, as a practical matter, materially prevent the right to license the data to other companies in the same field, even when the licensing company would use the data for different purposes. 

How Does the Decision Rights Data Licensing Model Work?  

In place of defining the scope of license rights in terms of a field of use, the Decisions Rights Model defines data rights in terms of the decisions that can be made using the data. The set of decisions is defined with a precision that is not possible when using field of use or subfields of use. “Decisions” are a means to establish the scope of rights. Because data derives its meaning from context, decisions are a way to provide the context and the limitations to that context.

The First Application: External Licenses 

The following example is a simplified hypothetical of how the Decision Rights Data Licensing Model could work. Assume a healthcare institution wants to prevent or improve the treatment of childhood malnutrition. It would be beneficial to obtain data from a hospital with a large pediatrics practice to obtain data from a large number of children with a large number of medical conditions. Using the Decision Rights Model, the hospital would license pediatric data to the malnutrition institution with the scope of license rights defined as the right to make decisions limited to determining malnutrition factors. Machine learning could identify previously unknown correlations. The decision rights include the right to test these correlations for identifying medical treatment.

Under the Decision Rights Model, the hospital would retain the right to license the same pediatric data for other purposes, including the right to license it to a pharmaceutical company, with the pharmaceutical company having rights to make decisions necessary to assemble a cohort for a clinical trial. Thus, the hospital can license the same data multiple times for different purposes with purposes defined as rights to make a set of defined decisions.

The Second Application: Shared Use of Data   

The model can also be used when two companies enter a joint development agreement where each company has data useful to the other, and the joint development project includes sharing data. Company A can license its data to Company B for the limited purposes of improving a particular device of Company B. Company B would license data from the device, or about the operation of the device, to Company A so that Company A could improve its technology that generates the data that is useful to Company B. Put another way, Company B’s rights are the rights to make decisions to improve its device. In this way, the companies share data and are prohibited from disclosing it outside of the joint development engagement.

The Third Application: Internal Use of Data  

The model applies to internal use of data as well as licenses to third parties. In the internal use scenario, the model converts from an external agreement into a set of internal corporate policies, setting boundaries around the business unit’s use scope. Using the Decision Rights Model in this way is the means to ensure that the receiving business units do not use the data in a manner that violates the regulatory regime to which the company is subject. It is also a means to enforce company data use policies. In addition, it is a way to control which employees have access to the data and for what purposes.

The Fourth Application: Sharing Data Between Separate Legal Entities in the Same Corporate Family

The fourth application is when data is shared between two companies that are separate legal entities but part of the same corporate family. This results in a hybrid combination of the first and third applications. In the fourth application, there will be licensing agreement(s) between or among the companies as formal legal documents. The subject of the license will cover the limited uses to which the receiving companies may use the data.

Conclusion

In addition to using the Decision Rights Data Licensing Model to define the scope of use, the model is also a way to ensure that the licensee or receiving company complies with applicable regulatory requirements to protect the licensor against regulatory sanctions. A risk in retaining personally identifiable information beyond its useful life in the organization is as follows: in the event of a database breach, that information will be disclosed and used to calculate fines and damages in litigation and costs of providing identity theft protection. All of this can be avoided if the decision rights license requires purging that data at the end of its commercial life. It cannot be hacked if it is not there.

Share this post

William A. Tanenbaum

William A. Tanenbaum

William A. Tanenbaum is a data, technology, privacy, and IP lawyer, and a partner in the 100-year old New York law firm Moses Singer. Who’s Who Legal says Bill is a “go-to expert” on “the management of and protection of data across a variety of sectors.” It named him “one of the leading names” in AI and data, and ranked him as one of the international "Thought Leaders in Data." Chambers, America’s Leading Lawyers for Business, says Bill has “notable expertise in cybersecurity, data law, and IP,” has a “solid national reputation,” and “brings extremely high integrity, a deep intellect, fearlessness, and a practical, real-world mindset to every problem.” Bill is a member of the DAMA Speakers Bureau and the Past President of the International Technology Law Association. He is a graduate of Brown University (Phi Beta Kappa), Cornell Law School, and the Bob Bondurant School of High-Performance Driving. Follow William on LinkedIn.

scroll to top