Prospects and Challenges to Protect

Intellectual Property in Data Protection &

cybersecurity
GROUP 1
1. Donald F.E. Malanga
2. Mikel Wabugo
3. Kenneth
4. Eunice Amoah
Outline
Introduction
Concepts and definitions
Prospects of protecting IP in data subjects
Challenges of Protecting IP in data subjects
Recommendation
Conclusion
Key reference
 Introduction

 Globally, information is now a currency of the digital age.

 Data about customers are becoming critical asset markets for big data.
 Emerging and fast-growing business models are increasingly depending on the
availability of mass amount of data about customers and their behavioral
patterns in order to collect and monitise them.
 However, recent debates have emerged on whether classical IP regime is still
relevant in the new data-driven economy.
 Continue..
 Therefore, this paper analyse the prospects of whether sets of personal data
collected for commercial value can be accorded IP rights with a particular
focus on:
a. Trade secrets
b. Database sui generis right
 The presentation is grounded on a review of extant literature and legal
instruments such as EU General Protection and Regulations (2018), AU
Cybersecurity and Data Protection (2014), TRIPs Agreement(WTO).
 The paper further examine how global cybersecurity threats could weaken the
efforts of IP regime in the digital age.
 In the end, the paper highlights the possible challenges likely to emerge and
concludes with some policy suggestions.
 Concepts and definitions
 Personal data
 Data subjects
 Data ownership
 Cybersecurity
 Intellectual property
 Trade secrets
Personal data and Trade secrets
 Trade secrets refers to technical know-how and business information. Article 39 of TRIPS
Agreement sets out standards for protection of trade secrets as IP rights based on three conditions:
(i) secrecy (ii) commercial value, (iii) reasonable steps to keep the information secret. Therefore,
customer information such as list of clients contacts, or data sets of customers’ behavioural
information can be protected as business information.
 Both EU GDPR and AU convention on cyber security and data protection suggest that when
processing data for commercial purposes, companies create sets of customer data.
 This information is intangible assets have economic value whose creation requires economic
investments (IT infrastructure, human resources, and time investment). Hence, it may be a subject
matter of IP rights inform of trade secrets.
 From privacy right perspective, data subject (customers) hold privacy rights over their data, while
data controllers (companies processing data) act in a position of legal control over their processing.
 Therefore, it is clear to some extent that IP rights exist in these data sets. IP rights deal with data
subjects’ privacy rights ( the right to object data processing and portability)
 However, when the concept of privacy and IP do not apply, determining the ownership of data
becomes problematic.
 Personal data and database Sui generis right
 Database Sui generis right- A full property right which
protects investment made by database producers in
obtaining, verifying and presenting database contents, and
adds to copyright protection of databases.
 Database rights arises if the investment is substantial which
could qualitative or quantitative. Sets of data processed for
commercial purpose appear to meet all the requirements for
data protection. Therefore, it personal data can be accorded
IP rights under database sui geeris right
 Challenges
 Privacy- has received more attention via EU GDPR (2018), UN’s Universal Declaration of Human Rights (article-12), AU convention
on Cybersecurity and Data Protection (2014).UN’s UDHR regards privacy as human right. However, current lack of policy clarity
around privacy has resulted some businesses using it as a competition tool. Some companies claim to offer better privacy
safeguards than their competitors.
 Security (cybersecurity)- There is a desire that data is not publicly available to protect personal privacy or maintain competitive
advantage.
 Competition. Since data are input to production and distribution of digital economy, the concentration on market power has
raised competition due to rise in restriction of collection, storage and use of data. While competition policy guards are under
development, policy makers do not fully conceptualize the digital market or what anti-competitive behavior look like in that
regard.
 Taxation in the digital economy. In the physical economy, the source of goods, residents and citizenship are the bases
governments use to assert the right tax. However, applying these concepts in digital economy has become a challenge,
where online business transactions is the order of the day. How to track such transaction has become a problem. In
addition, debates have emerged on whether taxes should be levied at the place of offer or in the place or country where
the goods are purchased. Or who has the right to tax the value created from such transaction?
 IP or Digital IP. Under classical IP regime, any non-public data that an economic agent has and perceived to have economic
value are deemed trade secrets. Yet, within the digital economy, trade secrets have become a means of protecting
unpublished data. Trade secrets in classical IP regime are not IP right, but relational right in the sense that individuals do
not have the right to intrude on or abuse another trade secret. In this regards, policy makers have not fully understood
whether trade secrets adequately addresses or regulate all the issues that may arise in relation to data protection in the
digital economy.
Recommendations
 It is clear that IP is now a new battleground for ideas on how societies should deal with transformative changes
caused by disruptive tech such as big data, IA, IoT, brockchain etc. The paper therefore offer the following
policy suggestions:
1. Adopt technology- neutral open standards. IP rights are becoming overstretched, while IP laws are poorly
structured. Using open standards will help create more breathing room for consumers and online platforms in
situation where IP is overprotected.
2. IP should embrace flexibility and open access. In this time of big data, we need flexibility of IP laws and more
open access. Literature indicates that IP overprotection leads to market barriers for start-up and SMEs and
hinders international trade.
3. IP regime should recognise the social value of disruptive technologies such big data and resist protecting settled
market players who benefit from the status quo. IP protection and data protection should not create barriers for
new market entrants.
4. Global governance of IP and data should focus less on data ownership and more on data usage. Balancing data
privacy against innovation is a challenge. We need guidelines for global governance framework and data
architecture that integrate universal principals of fairness and sustainability to advance the growth and well-
being of all countries and people.
5. In addition, countries should use legal and policy frameworks such as competition law, ant-trust law, contract
law, consumer privacy protection, taxation law, and data protection laws to balance the effects of disruptive
innovation and enable fair use between digital platforms and users.
 Conclusion
 In conclusion, it is evident that extending IP protection to personal data via
trade secrets and database sui generis rights is possible.
 There is need to strike a balance to focus less on data ownership and more on
data usage.
 However, weak regal instruments among countries as well as threats of
cybercrime and theft of IP pose greater challenges particularly to developing
countries.
 In developing countries, the majority of laws such as data protection laws,
cyber security laws and indeed IP laws are not harmonized. This require
greater regional and global cooperation efforts to achieve this.
Key references
 African Union Convention on Cybersecurity and data protection (2014).
https://au.int/sites/default/files/treaties/29560-treaty-0048_-_
african_union_convention_on_cyber_security_and_personal_data_protection_e.pdf
 European Union General Data Protection regulations (2018).
https://au.int/sites/default/files/treaties/29560-treaty-0048_-_
african_union_convention_on_cyber_security_and_personal_data_protection_e.pdf
 WIPO Magazine (2019). Intellectual Property in a data-driven world. https://
www.wipo.int/wipo_magazine/en/2019/05/article_0001.html
 Trakman, L.,Walters, R., & Zeller, B. (2019). Is Privacy and Personal Data Set to Become
the New Intellectual Property? International Review of Intellectual Property and
Competition Law, UNSW Law Research Paper No. 19-70. http://
dx.doi.org/10.2139/ssrn.3448959
 Victor, J. (2013).The EU General Data Protection Regulation: Toward a Property Regime
for Protecting Data Privacy. Yale Law Journal 513, Available at SSRN: https://
ssrn.com/abstract=2317903
 Banterle, F. (2016). The Interface between Data Protection and IP law: The Case of
Trade Secrets and Database Sui Generis Right in Marketing Operations, and the
Ownership of Raw Data in Big Data Analysis.In Bakhoum, M et al (Eds). Personal Data in
Competition, Consumer Protection and Intellectual Property Law Towards a Holistic
Approach? https://ssrn.com/abstract=3276710