Demystifying the Complexities of Data Ownership

Enterprises are undergoing a digital transformation as they continue to explore new opportunities offered by connected technologies. However, they are also becoming increasingly reliant on data and driven by data gathering and analytics. The risks to sensitive data are expanding, leading to multiple questions relating to data rights and privacy that have to be unraveled. The fact that data is driving innovation is undeniable, innovators require very large quantities of data from a broad array of sources to push the envelope on emerging technologies like machine learning and AI.

In this digital age, data is collected ubiquitously. Personal data is collected each time you interact online, use a mobile device, via IoT devices in vehicles and homes, and from the various public and private sector services we utilize on a day to day basis. Due to this, data ownership can no longer be considered a niche issue. Enterprises are realizing that data ownership is gaining strategic importance.

What is Data Ownership?

Data ownership boils down to how the data was created and who created it. However, getting the precise definition of data ownership is not straight forward, the term itself is typically misleading. This fact is rooted in the basic concept of ‘ownership’, which can be construed as having legal title and full property rights to something. Going by that definition of ownership, then data ownership must mean having legal title to one or more specific articles of data. In reality, while the actual ‘owner’ of the data is responsible for the entire domain, it’s typically different people who ensure that all the details are accurate and updated.

Who Actually Owns the Data?

Is it the physical individual associated with the personal data, or is it the organization that has invested money and time in the collection, storage, processing, and analysis of the personal data. In an enterprise setting, the term ‘ownership’ generally assigns a level of accountability and responsibility for specific datasets. In this context, the ‘ownership’ bares no legal connotation but refers to other notions like assurance of data security and data quality. From a more legal standpoint, ownership-like rights are currently limited to trade secrets and intellectual property rights. However, none of them provide adequate protection of (ownership in) data.

Most legal professionals are of the opinion that data subjects should keep the ownership of the raw data they provide, while the data processor retains the ownership of ‘constructed data’ – obtained via manipulating the original data, and that can’t be reverse-engineered to extrapolate the raw data. The properties of data itself makes ownership an arduous proposition. Knowing this, regulators have instead chosen to enact simple restrictions on the use of data as opposed to labeling data as an individual’s property.

How Does Technologies Like Machine Learning Affect Data Ownership?

From voice assistants like Alexa and Siri, to self-driving cars, it’s no secret that Artificial Intelligence has come full circle in the last couple of years – largely due to big data and the advancements in computing required to process information and train machine learning systems. But even as we marvel at these technological advancements being driven by data, we cannot fail to consider how data ownership impacts both privacy, and machine learning initiatives.

It’s no secret that data ownership is slowly being solidified by the expansion of data democratization. Paradoxically, the democratization of data and the continuous iteration and development of machine learning applications muddles the concept of data ownership. Enterprises derive invaluable insights from machine-learning-driven models that utilize consumer data. From a data-ownership perspective, the trouble stems from the exact same point as the opportunity.

Creators of machine learning technologies should therefore resolve to integrate organizational and technical measures that implement data protection principles into the design of AI-based tools. Additionally, when it comes to data ownership and artificial intelligence, legal practitioners should remain circumspect to the reality that propriety rights in certain aspects of data may exist. In the context of AI, propriety rights may not protect the data itself, but its compilation, which may include database rights and copyrights regarding the ‘products’ of AI.

Data Governance Within the Enterprise

Data governance refers to the general management of the integrity, usability, security, and availability of the data utilized in the enterprise. The unparalleled rise in sources and volume of data has requisitioned enhanced data management practices for enterprises. Quality, governed data is crucial to effective and felicitous decision making. It’s essential for guaranteeing legal, regulatory and financial compliance.  The first step towards establishing a successful data governance process is clearly defining data for an enterprise-level integration. This lays the ground work for a complete audit trail of who did what to which data, making it simpler for the organization to trace if/where something went wrong. Data stewards should be appointed as part of the governance process, to oversee the entire framework.

Data privacy regulations like CCPA and GDPR have increased the need for enterprise-wide regulatory compliance. A well developed data governance framework facilitates several aspects of regulatory compliance, empowering business to readily classify data and perform process mapping and risk analysis.

Author: Gabriel Lando