Legal Issues for Data Professionals

The catapulting of data to become a new class of business assets and the rapid evolution of generative and non-generative AI requires the integration of data and law for success in today’s business environment. This new TDAN column covers this integration, and, in particular, addresses the legal issues that data professionals need to know to add value to their company’s operations and strategic initiatives. To aid in this perspective, the column will explain how lawyers think about the same issues that data professionals think about – legal issues that underlie many of the goals that data organizations need to address to give them ongoing strategic importance in their companies. The overall goal is to show the synergy between law and data required to build data-driven, analytics-based, and AI-enabled businesses.

Some background about the lawyer who writes this column and the topics it will cover: I am the partner-in-charge of the AI & Data Law practice at the 100-lawyer, 100-year-old firm Moses Singer LLP in New York. I am honored to be named a “Global Thought Leader in Data” by Who’s Who Legal and to serve as both the editor of the annual legal publication Chambers Global Practice Guide: Artificial Intelligence and the chair of the annual conference Data Law: A New Legal Field. The data law practice at our firm is not a stand-alone department but is instead an integrated, cross-disciplinary practice with lawyers in all our departments. That is because data applies to all industries, in some ways that are common to all and in other ways that are specific to different industry sectors. My column will reflect this approach and address the following issues among others:

  • Corporate policies for data internal data use (including data sharing between business units)
  • Intellectual property protection, regulatory compliance, licensing, and sharing data with parties in one-to-one transactions and in multi-party data ecosystems
  • Acquiring data from third parties
  • Confidentiality issues that arise from using customer and business-party data
  • Privacy, data protection, security, and negotiating technology agreements including when data use requires digital transformation

Building in regulatory compliance is easier than retrofitting it. Advanced planning for how data will be used in business transactions with other companies is of similar importance.

Because AI depends on data, I will also focus on generative AI and predictive AI (or non-generative AI), which includes machine learning. In a ChatGPT world, the quality of curated data in non-public large language models will become increasingly important as companies approve business use cases for generative AI.

It is a lawyer’s responsibility to help clients apply best practices (ideally best-of-breed practices) and know where common practices fit common scenarios, but not the specific one facing each company. It is also a lawyer’s responsibility to identify risks, not to prevent companies from using data but to enable companies to use the data while eliminating or mitigating the risk in doing so. Lawyers identify risks data professionals may not know they have. Moreover, because data is a new field of law, lawyers need to be innovative in creating legal structures in contracts to allow two or more parties to achieve their goals. For example, there are significant challenges attempting to apply the legal techniques traditionally used with other classes of business assets (such as intellectual property, real property, and corporate physical assets) to data as a business asset class. Because the old legal techniques do not fit well, lawyers and their clients need to develop new ways of handling the business and legal issues that arise, and in so doing, invent new legal structures that meet the specific attributes of data that differentiate data from other business assets. To take one example, using software agreements as a template for data transactions will not always work because the IP rights for software do not align with data, the concept of software deliverables and acceptance testing is not a good fit, and the representations and warranties are both over and underinclusive. A future column will expand on this by identifying the risks and opportunities that lawyers address when data is a key asset in mergers and acquisitions, divestitures, joint ventures and joint development agreements, and data may even be the reason for doing the transaction. The legal structure of corporate structures will need to change when data is the asset. I will base this column on the following understandings of data:

  • Fundamentally, data turns into information, information turns into insights, and insights turn into actionable business plans, actionable business plans turn into measurable results, results generate more data, and the process repeats.
  • The meaningfulness, usefulness, and ultimately, the value created by data depend on the specific context. As the context changes, so does meaningfulness. A corporate transaction with a new business purpose creates a new context for the data, and thus, a new value derived from data.  Data derives value from its context. The same data in different contexts has different value.
  • Data can be a corporate change agent. Internal operations or new strategic initiatives where data is important have multiple internal stakeholders with different goals and expectations, and some are often in conflict. When data is a change agent, a company’s organization will often have to work with the IT organization as well as with outside outsourcing providers and other vendors and consultants. Projects where data is a change agent are often subject to C-suite scrutiny, and this is both an opportunity and a cautionary note for data professionals.

In addition, the new Internet Solid protocol developed by Sir Tim Berners-Lee and MIT is designed to provide individuals with crated control over who uses their data and for what purposes, and is an example of where data professionals play a business role in the development of new business models for data use.

As noted above, data is a new field of law. Learning about the new legal issues that arise and understanding that this is a dynamic area is important to data professionals and the contributions they make to the success of their organizations.

Share this post

William A. Tanenbaum

William A. Tanenbaum

William A. Tanenbaum is a data, technology, privacy, and IP lawyer, and a partner in the 100-year old New York law firm Moses Singer. Who’s Who Legal says Bill is a “go-to expert” on “the management of and protection of data across a variety of sectors.” It named him “one of the leading names” in AI and data, and ranked him as one of the international "Thought Leaders in Data." Chambers, America’s Leading Lawyers for Business, says Bill has “notable expertise in cybersecurity, data law, and IP,” has a “solid national reputation,” and “brings extremely high integrity, a deep intellect, fearlessness, and a practical, real-world mindset to every problem.” Bill is a member of the DAMA Speakers Bureau and the Past President of the International Technology Law Association. He is a graduate of Brown University (Phi Beta Kappa), Cornell Law School, and the Bob Bondurant School of High-Performance Driving. Follow William on LinkedIn.

scroll to top