cybersecurity GROUP 1 1. Donald F.E. Malanga 2. Mikel Wabugo 3. Kenneth 4. Eunice Amoah Outline Introduction Concepts and definitions Prospects of protecting IP in data subjects Challenges of Protecting IP in data subjects Recommendation Conclusion Key reference Introduction
Globally, information is now a currency of the digital age.
Data about customers are becoming critical asset markets for big data. Emerging and fast-growing business models are increasingly depending on the availability of mass amount of data about customers and their behavioral patterns in order to collect and monitise them. However, recent debates have emerged on whether classical IP regime is still relevant in the new data-driven economy. Continue.. Therefore, this paper analyse the prospects of whether sets of personal data collected for commercial value can be accorded IP rights with a particular focus on: a. Trade secrets b. Database sui generis right The presentation is grounded on a review of extant literature and legal instruments such as EU General Protection and Regulations (2018), AU Cybersecurity and Data Protection (2014), TRIPs Agreement(WTO). The paper further examine how global cybersecurity threats could weaken the efforts of IP regime in the digital age. In the end, the paper highlights the possible challenges likely to emerge and concludes with some policy suggestions. Concepts and definitions Personal data Data subjects Data ownership Cybersecurity Intellectual property Trade secrets Personal data and Trade secrets Trade secrets refers to technical know-how and business information. Article 39 of TRIPS Agreement sets out standards for protection of trade secrets as IP rights based on three conditions: (i) secrecy (ii) commercial value, (iii) reasonable steps to keep the information secret. Therefore, customer information such as list of clients contacts, or data sets of customers’ behavioural information can be protected as business information. Both EU GDPR and AU convention on cyber security and data protection suggest that when processing data for commercial purposes, companies create sets of customer data. This information is intangible assets have economic value whose creation requires economic investments (IT infrastructure, human resources, and time investment). Hence, it may be a subject matter of IP rights inform of trade secrets. From privacy right perspective, data subject (customers) hold privacy rights over their data, while data controllers (companies processing data) act in a position of legal control over their processing. Therefore, it is clear to some extent that IP rights exist in these data sets. IP rights deal with data subjects’ privacy rights ( the right to object data processing and portability) However, when the concept of privacy and IP do not apply, determining the ownership of data becomes problematic. Personal data and database Sui generis right Database Sui generis right- A full property right which protects investment made by database producers in obtaining, verifying and presenting database contents, and adds to copyright protection of databases. Database rights arises if the investment is substantial which could qualitative or quantitative. Sets of data processed for commercial purpose appear to meet all the requirements for data protection. Therefore, it personal data can be accorded IP rights under database sui geeris right Challenges Privacy- has received more attention via EU GDPR (2018), UN’s Universal Declaration of Human Rights (article-12), AU convention on Cybersecurity and Data Protection (2014).UN’s UDHR regards privacy as human right. However, current lack of policy clarity around privacy has resulted some businesses using it as a competition tool. Some companies claim to offer better privacy safeguards than their competitors. Security (cybersecurity)- There is a desire that data is not publicly available to protect personal privacy or maintain competitive advantage. Competition. Since data are input to production and distribution of digital economy, the concentration on market power has raised competition due to rise in restriction of collection, storage and use of data. While competition policy guards are under development, policy makers do not fully conceptualize the digital market or what anti-competitive behavior look like in that regard. Taxation in the digital economy. In the physical economy, the source of goods, residents and citizenship are the bases governments use to assert the right tax. However, applying these concepts in digital economy has become a challenge, where online business transactions is the order of the day. How to track such transaction has become a problem. In addition, debates have emerged on whether taxes should be levied at the place of offer or in the place or country where the goods are purchased. Or who has the right to tax the value created from such transaction? IP or Digital IP. Under classical IP regime, any non-public data that an economic agent has and perceived to have economic value are deemed trade secrets. Yet, within the digital economy, trade secrets have become a means of protecting unpublished data. Trade secrets in classical IP regime are not IP right, but relational right in the sense that individuals do not have the right to intrude on or abuse another trade secret. In this regards, policy makers have not fully understood whether trade secrets adequately addresses or regulate all the issues that may arise in relation to data protection in the digital economy. Recommendations It is clear that IP is now a new battleground for ideas on how societies should deal with transformative changes caused by disruptive tech such as big data, IA, IoT, brockchain etc. The paper therefore offer the following policy suggestions: 1. Adopt technology- neutral open standards. IP rights are becoming overstretched, while IP laws are poorly structured. Using open standards will help create more breathing room for consumers and online platforms in situation where IP is overprotected. 2. IP should embrace flexibility and open access. In this time of big data, we need flexibility of IP laws and more open access. Literature indicates that IP overprotection leads to market barriers for start-up and SMEs and hinders international trade. 3. IP regime should recognise the social value of disruptive technologies such big data and resist protecting settled market players who benefit from the status quo. IP protection and data protection should not create barriers for new market entrants. 4. Global governance of IP and data should focus less on data ownership and more on data usage. Balancing data privacy against innovation is a challenge. We need guidelines for global governance framework and data architecture that integrate universal principals of fairness and sustainability to advance the growth and well- being of all countries and people. 5. In addition, countries should use legal and policy frameworks such as competition law, ant-trust law, contract law, consumer privacy protection, taxation law, and data protection laws to balance the effects of disruptive innovation and enable fair use between digital platforms and users. Conclusion In conclusion, it is evident that extending IP protection to personal data via trade secrets and database sui generis rights is possible. There is need to strike a balance to focus less on data ownership and more on data usage. However, weak regal instruments among countries as well as threats of cybercrime and theft of IP pose greater challenges particularly to developing countries. In developing countries, the majority of laws such as data protection laws, cyber security laws and indeed IP laws are not harmonized. This require greater regional and global cooperation efforts to achieve this. Key references African Union Convention on Cybersecurity and data protection (2014). https://au.int/sites/default/files/treaties/29560-treaty-0048_-_ african_union_convention_on_cyber_security_and_personal_data_protection_e.pdf European Union General Data Protection regulations (2018). https://au.int/sites/default/files/treaties/29560-treaty-0048_-_ african_union_convention_on_cyber_security_and_personal_data_protection_e.pdf WIPO Magazine (2019). Intellectual Property in a data-driven world. https:// www.wipo.int/wipo_magazine/en/2019/05/article_0001.html Trakman, L.,Walters, R., & Zeller, B. (2019). Is Privacy and Personal Data Set to Become the New Intellectual Property? International Review of Intellectual Property and Competition Law, UNSW Law Research Paper No. 19-70. http:// dx.doi.org/10.2139/ssrn.3448959 Victor, J. (2013).The EU General Data Protection Regulation: Toward a Property Regime for Protecting Data Privacy. Yale Law Journal 513, Available at SSRN: https:// ssrn.com/abstract=2317903 Banterle, F. (2016). The Interface between Data Protection and IP law: The Case of Trade Secrets and Database Sui Generis Right in Marketing Operations, and the Ownership of Raw Data in Big Data Analysis.In Bakhoum, M et al (Eds). Personal Data in Competition, Consumer Protection and Intellectual Property Law Towards a Holistic Approach? https://ssrn.com/abstract=3276710