Teisė ISSN 1392-1274 eISSN 2424-6050

2022, Vol. 124, pp. 55–66 DOI: https://doi.org/10.15388/Teise.2022.124.4

Data as a Tradeable Commodity: Propertization vs. the Concept of Exclusive Rights

Nataliia Filatova-Bilous
PhD in law, assistant professor at the civil law department
of Yaroslav Mudryi National Law University
77, Pushkinska, Kharkiv, Ukraine
Tel.: +380667677373
E-mail: filatovaukraine@gmail.com

This article purports to determine the legal nature of data (personal data and nonpersonal data) and to find out which approach (propertization or exclusive rights theory) may be used to arrange the trade of data. It begins with the analysis of the notion of data and their various types and goes on to analyze modern concepts and theory explaining who the data may be attributed to and on which grounds data may be transmitted and acquired. In this context two theories are considered: a so-called theory of propertization of data and the theory of exclusive rights. Based on this analysis the approach to the legal determination of the legal nature of data and rights to them is introduced.
Keywords: personal data, Big data, masses of data, commodification of data, theory of propertization of data, property right.

Duomenys kaip prekė: nuosavybės ir išimtinių teisių koncepcijos

Šiame straipsnyje siekiama nustatyti duomenų (asmens duomenų ir neasmeninių duomenų) teisinę prigimtį ir išsiaiškinti, koks metodas (nuosavybės ar išimtinių teisių teorijos) gali būti naudojamas prekybai duomenimis. Straipsnis pradedamas nuo duomenų sampratos ir įvairių jų rūšių analizės, toliau analizuojamos modernios koncepcijos ir teorijos, aiškinančios, kam gali būti priskiriami duomenys ir kokiu pagrindu jie gali būti perduodami ir įgyjami. Šiame kontekste nagrinėjamos dvi teorijos: duomenų nuosavybės teorija ir išimtinių teisių teorija. Remiantis šia analize, pristatomas požiūris į duomenų teisinės prigimties ir teisių į juos nustatymą.
Pagrindiniai žodžiai: asmens duomenys, didieji duomenys, duomenų masės, duomenų pritaikymas civilinei apyvartai, duomenų nuosavybės teorija, nuosavybės teisė.

__________

Received: 01/05/2022. Accepted: 22/06/2022
Copyright © 2022 Nataliia Filatova-Bilous. Published by Vilnius University Press
This is an Open Access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

Introduction

In the modern world data (including personal data) have got a new social and economic essence. Thanks to the collection and processing of data nowadays we can develop various mobile applications, technologies, map services, which provides a possibility for everyone to get an actual information on various issues. Processing of personal data nowadays is an integral part of various marketing strategies, like targeted advertisement, which increases the effectiveness of sales all over the world. Based on constant collection of data on the Internet users’ behavior (e.g., on search queries, time spent in social networks, web-pages accessed by a consumer) providers of online services can understand consumers’ preferences and thus offer to them exactly those goods and services which the consumers are really interested in.

Besides preferences for the trade, processing of data facilitates the development of the most innovative technologies making the revolutionary technological invents possible. In particular, the masses of data (or Big data) is a driving force for the development of the AI technology which is literally ‘fed’ with data for their further processing and analyzing so as to learn to make autonomous decisions without human intervention. That is why data are said to be a new fuel (oil) of the digital economy (Determann, 2018, p. 2).

All in all, in the modern world data have become a good which has a certain value which is often rather high. This has led to the creation of special ‘data markets’ which have professional actors, data brokers (Crișan, 2014, p. 837), who buy the masses of data from those who collect and process them (like social networks) and sell them to other market actors (like e-commerce shops, online platforms etc.). For this reason, economic theorists have elaborated the concept of ‘data commodification’, whereas in legal doctrine the theory of ‘data propertization’ has been developed purporting to explain the new phenomena of data trading by virtue of the old-school concept of ‘property’ and ‘ownership’ (Purtova, 2009, p. 508).

Being indisputably interesting, this theory nevertheless is criticized a lot, because it blurs the borders between personal immaterial rights which also cover the rights to personal data, on the one hand, and property rights, on the other. Besides this, the theory does not provide a certain answer to the question who should be considered as an owner of data: data subjects (i.e. persons whose personal data are collected) or persons who collects and processes data.

Another approach to understanding the legal nature of data and rights of various actors to data is based on the theory of exclusive rights which stems from the intellectual property doctrine (Bently, Sherman, 2008). Under this approach a data subject is considered as an owner of exclusive rights to the one’s personal data and just like in intellectual property (IP) law these rights are divided into two categories – moral and economic rights to data. Whereas moral rights to data are attributable to a data subject only, economic rights may be alienated and acquired by other agents. However, the rights of these “secondary” rightsholders will always be charged with the moral rights of the data subject.

Therefore, the aim of this research is to determine a legal nature of data (personal data and masses of data) and to find out which approach (propertization or exclusive rights theory) may be used to arrange the trade of data. For this purpose the article is divided into two parts: in the first part I provide an analysis of the notion of data and their various types, whereas in the second part I check the appropriateness of each approach to the data alienation and acquisition. Based on this analysis I come to the conclusion that for continental law legal tradition the second approach (the theory of exclusive rights) is more appropriate.

1. Notion and legal nature of personal data, anonymized data and Big data

1. 1. Personal data

Personal data are one of the main types of data and are of particular interest for the agents of digital economy. According to the Regulation of the European Parliament and of the Council 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) ‘personal data’ are determined as any information relating to an identified or identifiable natural person (‘data subject’). In its turn, an ‘identifiable natural person’ is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (GDPR, 2016, article 4).

Thus, the notion of personal data is defined rather broadly and encompasses both the data which directly identify a person (like a name, an identification number etc.) and the data which may be linked to a person indirectly (for instance, IP-address, phone number or the masses of other data capable of identifying the person). This approach to define personal data has been used not only in the EU Member States, but in the third countries as well. In particular, the same definition is provided in the Law of Ukraine on the protection of personal data (Law on personal Data, 2010).

Usually, personal data are considered as an attribute of a natural person (Nekit, 2020, p. 59). It is an information about a natural person, which is why generally it is considered to be inalienable (Marushak, 2009, p. 33). At first sight modern legislation on data protection is based on the same understanding of personal data. For instance, according to article 21 of GDPR the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. Besides this, according to article 17 of GDPR under certain conditions the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay.

However, GDPR does not contain a ban towards collection and transfer of personal data by data controllers based on agreements with other agents. The data may be processed if (i) a data subject has given the consent on such processing to the data controller (article 6 of GDPR) and (ii) the data subject has been provided with the information about the recipients or categories of recipients to whom the personal data have been or will be disclosed (article 15 of GDPR). Thus, personal data may be transmitted by data controllers to other agents, which evidences the alienability of personal data.

The fact that personal data are alienable and may be legally transmitted to third parties is expressly confirmed by other sources of law which have been recently adopted in the EU and the USA.

In the EU one of the most prominent examples is Directive (EU) 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the supply of digital content and digital services (Directive 2019/770). The scope of the Directive are contracts where the trader supplies or undertakes to supply digital content or a digital service to the consumer and the consumer pays or undertakes to pay a price. According to article 3 (1) of the Directive it shall also apply where the trader supplies or undertakes to supply digital content or a digital service to the consumer, and the consumer provides or undertakes to provide personal data to the trader, except where the personal data provided by the consumer are exclusively processed by the trader for the purpose of supplying the digital content or digital service in accordance with this Directive or for allowing the trader to comply with legal requirements to which the trader is subject, and the trader does not process those data for any other purpose. Thus, personal data may be considered as a counter performance (a kind of payment) in contracts with online service providers. This confirms the expression which one may often find in modern economic and legal literature: the less you want to be a product being sold, the more you must be willing to pay for the product yourself (Pazos, 2017, p. 295).

Unlike the EU, in the USA there are no federal laws concerning data protection issues, like the European GDPR. However, recently laws in the field of data protection have been adopted in certain states. The most prominent among them is California Consumer Privacy Act (ССРА). What is of a particular interest in this Act is the provision on “sell,” “selling,” “sale” of personal data which defines these terms as selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration (CCPA). Thus, CCPA goes even further in determining legal regime of personal data and considers it not only as a counter performance (a payment) in a contract, but also as a subject of the sales contract. Moreover, while Directive 2019/770 says about the possibility of transmission of personal data from a data subject to a data controller, CCPA focuses on the transmission between data controllers, i.e. persons who process personal data.

The approach to personal data as a commodity may also be recognized in the latest European proposal for regulation – Data Governance Act (COM(2020) 767). Although the Proposal does not provide a consistent legal regime for data as a tradeable commodity, it tackles certain issues of the conditions under which data may be shared, given access to or provided for a so-called ‘re-use’.

Hence, based on the analysis of legislation of various countries one may conclude that the approaches to understanding the essence of personal data have been significantly changed: while initially the data have been determined as an inalienable information related to a person having an immaterial nature only, nowadays the legislation not only does not deny the possibility to transmit personal data, but also directly allows transmissions of this kind and admits a monetary value of data, which is why data may be used as a subject or as a counter performance in a contract.

1.2. Nonpersonal data, masses of data and Big data

Besides personal data, in digital economy data which are not directly or indirectly linked to a person are also widely collected and processed (so-called ‘nonpersonal data’). These are, for instance, data on geolocation, on traffic jams, generalized data on the users of a web-site (traffic and statistics of access) and anonymized data related to internet users. However, these data being separated from personal data do not have a significant economic value. This is confirmed by Organization for Economic Co-operation and Development (OECD) which mentions that data themselves have no intrinsic value and ‘their value depends on the context of their use’ as well as on how personal information can be extracted from them’ (OECD, 2015, p. 195).

Usually, nonpersonal data are processed and stored with personal data, forming so-called ‘Big Data’ or ‘masses of data’. Nowadays there is no legislative definition for Big data. However, in the legal doctrine it is defined as significant masses of data which come from various sources with a high speed. The scholars point out four basic features of Big data (so-called ‘four “v”): (i) volume meaning a significant volume of information; (ii) variety which means diversity of data; (iii) velocity meaning a high speed of changes in the composition of data and the possibility to process data on a real time basis; (iv) veracity meaning accuracy of data (Zarsky, 2017, p. 998–999; Saveliev, 2018, p. 122–123). What stems from this definition is that Big data may be both a combination of personal data and a combination of technical and other data about some events, situations and social or natural phenomena. Moreover, the term encompasses not only a combination of so-called ‘raw’ data about different subjects or objects, but also the results of processing of these data (Zech, 2018, 7, p. 3) (for example, a profile or a ‘portrait’ of Internet-user formed automatically based on the analysis of his or her personal data).

Big data have a significant economic value for a person who collects, processes, and controls them since in the digital economy the volume of data itself creates an additional economic value (Jurcys et al, 2020). Undoubtedly the controllers of masses of data are interested in their transmission to other persons for a reward. However, the legal nature of masses of data and the contracts which may be the basis for their transmission is still unclear. Scholars have expressed various opinions and proposals on this issue, none of which, unfortunately, is indisputable.

Some scholars consider Big data as a kind of service (‘data-as-a-service’ approach), since the data is rarely transmitted physically from one person to the other, and what is in fact given to the acquirer is a service of access to data (Zech, 2017). However, as other scholars correctly admit, this approach does not consider that usually Big data are not a subject of long-lasting contract relationships, which is typical for service contracts, but a subject of one-time transactions (Saveliev, 2020, p. 75).

It is often said that Big data may be regarded as a database which is protected under copyright law (Determann, 2018, p. 5). However, as is known, not every database may be an object of copyright protection, but only those databases which, by reason of the selection or arrangement of their contents, constitute the author’s own intellectual creation. Big data is not a direct result of intellectual creation: they are gathered and structured automatically, as a result of application of certain computer programs and technologies. Big data may not also be considered as the objects of sui generis rights under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, since Big data, as mentioned previously, has a feature of velocity, which means that these data are constantly supplied with new information and thus it is technically impossible to identify a moment when the database is completed and thus may have a legal protection.

Attempts to equate Big data to trade secrets or know-how are not productive as well (Radon, 2015; Canellopoulou-bottis et al, 2018). As has been pointed out in the legal literature, Big data does not have a feature of secrecy which is a core feature of trade secrets, since data subjects have a guaranteed right of access to information about them and some of these data may be available for public (e.g., an opened information in social networks, public registries etc.) (Saveliev, 2020, p. 80).

2. Approaches to understanding the legal nature of data for the purposes of their alienation

2.1. Theory of propertization

The theory of propertization of data originates in the context of economic analysis of law being widespread in the legal doctrine of the USA. Initially this theory purported to attribute property rights to personal data to data subjects. This approach had several reasons. First, unlike the European countries where data protection has always been an important legislative institute, in the USA only some issues of data protection have been regulated at the federal level, while a specific legislation on data protection has been adopted only in a few states. That is why the USA has always lacked legal certainty in questions of whom do personal data belong and how these data may be protected from the third parties’ interference (Purtova et al, 2010, p. 197). Secondly, tort law of the USA turned out to be ineffective in attempts to solve disputes concerning protection of personal data from their chaotic collection and processing. In the system of special delicts which is typical for common law there was a gap for cases concerning damages caused by unconsented collection or processing of data (Purtova, 2009, p. 509–512). Thirdly, the doctrine of ownership in common law jurisdictions is more flexible and unlike continental law is not limited to certain types of property – from the common law perspective even intangible assets may be said to be covered by the ownership rights (Janeček, 2018, p. 1040). These peculiarities allowed American scholars to adapt the doctrine of ownership to the atypical object for this doctrine – to data.

Later this theory has been also spread in Europe and was even used in political discussions. In particular, German ex-chancellor Angela Merkel in her public speeches mentioned: “because by using the date of the user it is possible to produce new products and applications … at that point, I believe, we need a lawmaking for copyright law, for ownership of data” (Ritter et al, 2018, p. 228). Meanwhile, the concept of ownership to data was proposed by the ex-chancellor in a different context – not as a reasoning for attribution property rights to data to the data subjects, but as a reasoning for attribution them to the secondary subjects – developers of software used to collect and process personal data. However, the idea of propertization of data has not been widely supported among European scholars because of the difficulties with the spreading of classical continental law doctrine of ownership to such an unusual asset as data (Zech, 2017).

Theory of propertization of data is based on the assumption that only the ownership right may provide persons with the widest rights to data and help to overcome the modern problems of transmission and acquisition of data. For example, S. Hanzel stresses that an indisputable preference of the ownership regime over a contract-based regime for data alienation is an absolute (erga omnes) character of ownership and that this regime provides a data holder with the most complete bundle of powers over data. Thanks to this it becomes possible to overcome the problems of data alienation. Ownership to data allows their holders to protect their rights “against everyone”, and not only against certain persons with whom they have concluded a contract for collection and processing of data (Hazel, 2020, p. 1074–1078).

Ownership regime has also apparent preference over a tort law regime. First, tort law focuses on the protection of a data subject only after the infringement of his or her rights has occurred and is not able to prevent such infringements in the future. Secondly, in the field of data circumvention even the protection provided by the tort law turns out to have little effectiveness since it may be applied only against a violator. However, in practice it is very difficult to identify a violator in the sphere of data protection since data are transmitted from one person to the other very quickly (Purtova, 2009, p. 512).

Meanwhile, the theory of propertization despite its rationality and consistency leaves a lot of questions arising in practice unresolved.

First, it is very doubtful whether data per se may be objects of ownership considering their immaterial nature. On the one hand, the continental law legal tradition does not entirely deny that immaterial assets may be objects of ownership. For instance, in some jurisdictions it is expressly provided by the law that not only things may be the objects of ownership, but also property rights (in Roman law – res incorporales) may also be considered as the objects of ownership (Civil Code of Ukraine, article 316). However, data belong neither to things nor to property rights. Data may not be considered as a thing since only a material object falls under the definition of things. What about property rights, usually this notion encompasses property rights to the assets of another (like servitude, usufruct etc.), rights to claim (i.e. in personam rights stemming from contracts) and intellectual property rights (Commentary, 2010, p. 119). And what is important in this regard is that ownership regime may be applied not to every kind of property rights, but only to those which give their subjects an opportunity to acquire concrete things of material world in their ownership in the future (Shymon, 2012, p. 194). Data (both personal data and masses of various data) not only do not fit within any of the mentioned types of property rights, but also do not provide a possibility to acquire any concrete things of material world into the ownership a priori.

Secondly, considering personal data there is a kind of philosophic question: can an issue which is an immanent characteristic of a person be an object of someone’s ownership? According to the approach founded in a classic German philosophy by Georg Hegel, the ownership as a social and legal institute emerged as a response to the need to distribute material things usually being of a limited quantity. Therefore, ownership is an embodiment of human’s will in external material things (Sklovsyi, 2008, p. 48 citing Hegel, 1990, p. 90). Thus, the spreading of ownership regime to personal data apparently contradicts this classical argumentation of the nature of ownership.

Thirdly, the question of who may be considered as an owner of data and whether several persons may be considered as owners of data remains also without answer. Not only is this question the reason for critics of theory of propertization of data, but also a stumbling block even for those who support this theory since there is no unity in their views on this issue.

Some scholars are of the view that this question should be addressed according to the following rule: if the data may be linked to some person (i.e. if we are dealing with personal data), then the data belong to this person. On the contrary, if the data are anonymized, they may belong to a data controller or a data processor (Hazel, 2020, p. 1096). Therefore, this approach is based on the priority of the data subject’s rights over the rights of other persons, even if the latter make considerable efforts to collect and process the data. The reasoning for this approach is based on the provisions of GDPR. As H. Hanzel mentions, GDPR attributes ownership rights to data subjects since it: (i) provides them with the powers similar to the powers of an owner (to possess, to use, to erase data etc.); (ii) provides data subjects with absolute rights since according to GDPR all the data controllers and data processors culpable of damage to the data subject must compensate this damage; (iii) attributes personal data only to data subjects (Hazel, 2020, p. 1087).

Although this approach seems to have its rationale, it has a substantial flow: it does not explain why modern legislative acts (including GDPR) are based on the principle of inalienability of personal data and impossibility to waive from the rights to personal data. Indisputably, this contradicts the nature of the objects of ownership rights which may be freely aliened, destroyed, erased etc. by the owner. Having no explanation for this paradox, the scholars supporting the approach state that this is the example of an exception from the general rule, which, however, does not evidence the incorrectness of the approach in whole (Schwartz, 2004, p. 2060).

There is the opposite approach to determine the owner of data which considers data controllers as the owners of data. This approach is based on a juxtaposition of the fundamental human right to privacy, on the one hand, and the ownership right of businesses who acquired data as a result of their purposeful activity and contributions, on the other. In this context data subjects are considered as persons having inalienable immaterial rights to personal data, whereas the persons who collected and processed data are owners of the data (Janeček, 2018, p. 1045). The idea to consider only those persons who made some efforts to acquire goods as the owners of these goods is deeply rooted in the classical works of G. Lokk who stated that the things should belong to the one who made the efforts to acquire them (Sklovskii, 2008, p. 50 citing J. Lokk, 1988, p. 278). Since the issue on the distribution of rights to data now is being considered for the first time, there are rational grounds to apply the mentioned views of classical scholars.

Although this approach seems to be rather persuasive from the first site, it does not address a number of important issues. The main issue is on how do the rights of data controllers correlate to rights of data subjects. As mentioned previously, according to GDPR data subjects may receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (article 20). And according to CCPA consumers can ban the sale of their personal data, and the data processing business shall not sell them during at least 12 months and afterwards shall request the consumer for a consent for sale. Apparently, these kinds of limitations are not typical for ownership, which again makes theory of propertization of data doubtful in whole.

However, the main weakness of the theory of propertization is that the data have an immaterial nature and therefore may be endlessly copied and quickly transferred from one person to the other. That is why it is often said in literature that the ownership regime for data may be effective only if each data subject has a certain virtual ‘storage’ for data, for example, in a cloud. Only in this way a data subject will always be aware to whom exactly the one has given one’s data and on which conditions (Jurcys et al, 2020, p. 7). However, technically and practically this option nowadays is very unlikely to be deployed.

2.2. Exclusive rights theory

The theory of exclusive rights originates in intellectual property law. According to this theory the rights of authors to the results of their creation are exclusive, which means that: (i) the creation of some intellectual (creative) result and the rights to the one does not depend on the third persons; (ii) the third persons may not interfere or violate the rights of the author and the author may protect these rights against everyone who violates or attempts to violate his or her rights; (iii) the rights to the result of intellectual (creative) activity belong to a certain person, and other persons generally are excluded from the possibility to use this result (Kharitonova, 2008, p. 145).

Under a so-called ‘author’s right system’ which is typical for continental law countries all the rights to the results of intellectual (creative) activity have a dualist nature and are divided into moral and economic rights. Moral rights are those which have immaterial nature only (the right to claim authorship of the work and the right to object to any deformation or other modification of the work that would be prejudicial to the author’s honor or reputation) and generally belong to the author only. Meanwhile, economic rights (the right to use, the right to perform in public, the right to translate etc.) have an economic nature and may be aliened by the author to other persons (Sterling, 1998, p. 15–16).

The theory of exclusive rights seems more applicable to data, than the theory of propertization. Just like the results of intellectual (creative) activity (IP assets), data have immaterial nature: both data and IP assets are valuable not because of their possibility to be materialized, but because they are the shape of something unique. Following this logic, data like IP assets are not alienated themselves: what is alienable about them are the economic rights to them.

However, in order to determine the nature of these rights it is necessary to differentiate the types of data which belong to a certain person.

Personal data and the legal nature of rights to them indeed have much in common with the intellectual property rights. As mentioned above, rights to the IP assets are of a dualistic nature: there are moral and economic rights. Considering the way these rights may be distributed among different actors, in the legal literature two categories of subjects of IP rights are differentiated: primary and secondary subjects. A primary subject is always only a natural person, the author of an IP asset who has both moral and economic rights where the former are inalienable and the latter may be transferred. Secondary subjects are other persons (both natural persons and legal entities) whom the author has transferred his or her economic rights (Commentary, 2011, p. 26).

Based on the analysis of the newest legislation in the field of data protection it may be concluded that the subjects of rights to data are also differentiated into two categories: primary and secondary subjects. A primary subject of rights to data is always a natural person – a data subject. This person has inalienable rights: right of access to data, right to be forgotten, right to restriction of processing etc. Economic rights of data subjects are harder to determine. However, right to provide personal data as a payment for digital content (digital service) under Directive 2019/770 and the right to receive the personal data in a structured, commonly used and machine-readable format (article 20 of GDPR) have an economic nature and thus may be considered as economic rights. Secondary subjects of rights to personal data are data controllers under the GDPR terminology, i.e. persons who determine the purposes and means of the processing of personal data. These subjects may only have economic rights to data: right to store, alter, use, disclose, transmit, disseminate personal data etc.

The rights to nonpersonal data also have much in common with exclusive intellectual property rights. However, unlike rights to personal data, these rights can hardly be divided into moral and economic ones. Since there are no primary or secondary subjects of rights to nonpersonal data, the division of these rights turns out to be simply meaningless from the judicial perspective. It can only be said that initially the rights to nonpersonal data belong to the person who collected and processed them (or anonymized personal data). However, the rights of both the person who was the first to collect and process these data and who further acquired them (in particular, by virtue of a contract) are economic rights by their nature and encompass the right to transmit data, to provide access to data, to restrict the users from processing the data without a due legal reason etc.

Despite some differences between IP rights and rights to data, the nature of both rights seems to have much in common. Thus, the next step is to decide whether the rights to data may be considered as one of the institutes of IP law. In our opinion it is impossible for two reasons. First, as mentioned above, personal data and masses of data have a different legal nature and cannot be compared with databases, trade secrets, know-how and other IP objects. Thus, the rights to data may not be considered under current IP laws. Second, it is not possible to consider data and rights to them as a new institute of IP law. Data do not have features typical for the objects of IP law. They are not the result of intellectual or creative activity: personal data are the results of human social existence, and nonpersonal data are the result of automated or technical processes. Therefore, the issues of the nature of data and rights to them should be separately regulated at the legislative level. This regulation should be based on a presumption that data are special objects (sui generis) and the rights to them have an exclusive nature. The provisions on the rights to data should be placed in a separate part of civil codes or in separate legal acts concerning private law issues.

However, not all types of data may be covered with the concept of exclusive rights. Apparently data held by public sector bodies (statistic data, data from public registries etc.), since these data are generated at the expense of public budgets, should benefit society. As mentioned in the Proposal for Data Governance Act public sector bodies should comply with competition law when establishing the principles for re-use of data they hold, avoiding as far as possible the conclusion of agreements, which might have as their objective or effect the creation of exclusive rights for the re-use of certain data. Such agreement should be only possible when justified and necessary for the provision of a service of general interest. Thus generally data held by public sector bodies fall outside the scope of the exclusive rights theory, unless it is necessary to impose the exclusive rights regime on them from the perspective of public interest.

Conclusions

In the modern world data (including personal data, nonpersonal data, masses of data etc.) have a significant economic value and often become objects or a payment in various contracts. That is why it is important to determine the legal nature of data and rights to them both at the theoretical and legislative levels. The theory of propertization which nowadays is one of the most prominent in the world allows lawyers to consider data as a separate alienable object, whereas rights to data have an absolute nature. However, this theory is hardly compatible with the classical doctrine of ownership under continental law. That is why the exclusive rights theory which considers rights to data as the rights similar to IP rights seems to be preferable. However, this research is merely an attempt to address the issue of alienation of data. It is important to set a wider discussion on the matters raised in this article.

Bibliography

Legal documents

Сalifornia Consumer Privacy Act of 2018 (CCPA): Senate Bill No. 1121 of 24 September 2018 [online]. Available at: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1121

COM(2020) 767 final 2020/0340(COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on European data governance (Data Governance Act).

Directive 2019/770 of the European Parliament and of the Council of 20 May 2019  On certain aspects concerning contracts for the supply of digital content and digital services [2019], OJ 2 136/01.

Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 On the legal protection of databases [1996], OJ 2 77/20.

Pro zahyst personalnyh danyh [On Protection of Personal Data]: Zakon Ukrainy [Law of Ukraine] vid 1 chervnia 2010 r. № 2297-VI [online]. Available at: https://zakon.rada.gov.ua/laws/show/2297-17#Text (accessed 30.04.2022) (in Ukrainian).

Regulation of the European Parliament and of the Council 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [2016]. OJ 2 119/1.

Academic literature

Bently, L. and Sherman, B. (2008). Intellectual Property Law. 3^rd edn Oxford University Press.

Canellopoulou-Bottis, M., Bouchagiar, G. (2018). Personal Data v Big Data: Challenges of Commodification of Personal Data. Open Journal of Philosophy, 8(2), 206–215. https://doi.org/10.4236/ojpp.2018.83015

Crișan, C (2014). Big Data: The Beauty or the Beast. SSRN [online]. Available at: https://ssrn.com/abstract=2544723 [accessed 30 April 2022].

Determann, L. (2018). No One Owns Data. UC Hastings Research Paper, 70(265), 1–44. https://dx.doi.org/10.2139/ssrn.3123957

Hazel, S. H. (2020). Personal Data as Property. Syracuse Law Review, 70(4), 1055–1113.

Hegel, G. V. F. (1990). Philosophia prava [Philosophy of law]. Mysl (in Russian).

Hoeren, T. (2020). The New Californian Data Protection Law – In the Light of the EU General Data Protection Regulation. SSRN [online]. Available at: https://ssrn.com/abstract=3557964 [accessed 30 April 2022].

Janeček, V. (2018). Ownership of Personal Data in the Internet of Things. Computer Law & Security Review, 34(5), 1039–1052. https://dx.doi.org/10.2139/ssrn.3111047

Jurcys, P. et al. (2020). My Data, My Terms: A Proposal for Personal Data Use Licenses. Harvard Journal of Law & Technology, 33(Digest Spring), 1–14.

Kharytonova, O. I. (2008). Pravova Pryroda Prava Intelektualnoi Vlasnosti. Naukovi pratsi Odeskoi Natsionalnoi Juridichnoi Akademii, 144–151.

Lokk. J. (1988). Sochinenia v 3 tomah [Works in 3 volumes]. Moscow, vol 3 (in Russian).

Marushchak, A. I. (2009). Tsyvilni prava na informatsiiu [Civil Rights to Information], Chasopys tsyvilistyky, 3(12), 33–36 (in Ukrainian).

Nekit, K. H. (2020). Personalni dani ta industrialni dani yak ob’iekty prava vlasnosti: otsinka perspektyv [Personal Data and Industrial Data as Objects of Ownership: Evaluation of Perspectives]. Chasopys tsyvilistyky, 1(36), 57–64 (in Ukrainian).

OECD, Data Driven Innovation: Big Data for Growth and Well-Being (OECD 2015) 195.

Pazos, R. (2017). Personal Data as an Economic Good – Misleading Commercial Practices and Social Networks. How Deep Is Your Law? Brexit. Technologies. Modern Conflicts. Vilnius University Faculty of Law, 288–297.

Purtova, N. (2009). Property Rights in Personal Data: Learning from the American Discourse. Computer Law & Security Review, 25(6), 507–521.

Purtova, N. and Bouchagiar, G. (2010). Property in Personal Data: A European Perspective on the Instrumentalist Theory of Propertisation. European Journal of Legal Studies, 2(3), 193–208.

Radon, B. (2015). Trade Secrets Protection for ‘Big Data’: Personal Data as Trade Secrets in the European Union. SSRN [online]. Available at: https://ssrn.com/abstract=3012525 [accessed 30 April 2022].

Ritter, J., Mayer, A. (2018). Property in Personal Data: a European Perspective on the Instrumentalist Theory of Propertisation. Duke Law & Technology Review, 16(1), 220–277.

Saveliev, A. I. (2018). Napravleniia regulirovaniia Bolshih dannyh i neprikosnovennost chastnoi zhizni v novyh ekonomicheskih realiiah’ [Big Data Regulations and Privacy Protection Practices in New Economic Realities]. Zakon, 5, 122–143 (in Russian).

Saveliev, A. I. (2020). Grazhdansko-pravoviie aspekty regulirovaniia oborota dannyh v usloviiah popytok formirovaniia tsyfrovoi ekonomiki’ [Data Commercialization Regulation in the Era Of Shaping Digital Economy (Civil Law Aspects). Vestnik grazdanskogo prava, 20 (1), 60–92 (in Russian).

Schwartz, P. M. (2004). Property, Privacy, and Personal Data. HARV. L. REV, 117, 2055–2128.

Shymon, S. I. (2012). Mainovi prava v konteksti suchasnykh kontseptsii prava vlasnosti v tsyvilistytsi [Property Rights in Light of Modern Concepts of Ownership in Civil Law]. Chasopys Kyivskoho universytetu prava, 49(2), 192–195 (in Ukrainian).

Sklovskii, K. I. (2008). Sobstvennost v grazhdanskom prave [Property in Civil Law]. 4^th edn., Statut (in Russian).

Spasybo-Fateeva, I. V. (ed.) (2010). Tsivilnyi kodeks Ukrainy: naukjvj-praktychnyi komentar, tom 4 [Civil Code of Ukraine: Scientific and Practical Commentary, vol 4]. Straid (In Ukrainian).

Spasybo-Fateeva, I. V. (ed.) (2011). Tsivilnyi kodeks Ukrainy: naukjvj-praktychnyi komentar, tom 6 [Civil Code of Ukraine: Scientific and Practical Commentary, vol 6] Straid.

Sterling, J. A. L. (1998). World copyright law: protection of authors’ works, performances, phonograms, films, video, broadcasts, and published editions in national, international, and regional law. London, Sweet and Maxwell.

Zarsky, T. (2017). Incompatible: The GDPR in the Age of Big Data. Seton Hall Law Review, 47(4(2)), 995–1020.

Zech, H. (2016). Data as a Tradeable Commodity. In A. De Franceschi (Ed.), European Contract Law and the Digital Single Market: The Implications of the Digital Revolution (pp. 51–80). Intersentia. doi:10.1017/9781780685212.004.

Data as a Tradeable Commodity: Propertization vs. the Concept of Exclusive Rights

Nataliia Filatova-Bilous
(Yaroslav Mudryi National Law University)

Summary

The modern ‘digital’ economy is characterized by the transformation of the nature of data (personal data, nonpersonal data, and Big Data). While previously data used to be understood as merely a nonmaterial and even inalienable object, today data has become an alienable good and a kind of payment. That is why in modern economy the term ‘commodification of data’ has appeared, whereas in legal doctrine the theory of propertization of data, which considers data as a new kind of property, has taken its place.

The aim of this article is to determine the legal nature of data (personal data and nonpersonal data) and to find out which approach (propertization or exclusive rights theory) may be used to arrange the trade of data.

The analysis has affirmed that the theory of propertization of data is based on the economic analysis of law and has a rational background. However, the apparent flaw of the theory is that there are a lot of discrepancies between the theory and the classical doctrine of property law. In particular, from the perspective of the classical doctrine of property law nonmaterial and inalienable subjects may not be considered property and fall within the property law.

Hence, based on the results of the research the author resumes that the theory of propertization may not be considered as a methodologic basis of the legal framework for the transferability of data. Meanwhile, since the transferability of data has much in common with the transferability of the results of intellectual activity, it is correct to apply the concept of exceptional rights, but not the concept of property. Thus, individuals owning or acquiring data may be classified into primary and secondary data possessors, where the primary possessors have both material and nonmaterial rights to data, and the secondary possessors may have only material rights. Individuals who possess nonpersonal data (e.g., anonymized data) have material rights to them.

Duomenys kaip prekė: nuosavybės ir išimtinių teisių koncepcijos

Nataliia Filatova-Bilous
(Yaroslav Mudryi nacionalinis teisės universitetas)

Santrauka

Šiuolaikinei „skaitmeninei“ ekonomikai būdinga duomenų (asmens duomenų, ne asmens duomenų ir didžiųjų duomenų) prigimties transformacija. Anksčiau duomenys buvo suprantami tik kaip nematerialūs ir neperleidžiami objektai, o šiandien jie tapo perleidžiama preke ir tam tikra mokėjimo rūšimi. Todėl šiuolaikinėje ekonomikoje atsirado terminas „duomenų pritaikymas civilinei apyvartai“, o teisės doktrinoje įsitvirtino duomenų nuosavybės teorija, pagal kurią, duomenys laikomi naujos rūšies nuosavybe.

Šio straipsnio tikslas – nustatyti duomenų (asmens duomenų ir ne asmens duomenų) teisinę prigimtį ir išsiaiškinti, kokia koncepcija (nuosavybės ar išimtinių teisių teorijos) gali būti taikoma prekybai duomenimis.

Atlikta analizė patvirtino, kad duomenų nuosavybės teorija gali būti pagrįsta ekonomine teisės analize ir turi racionalų pagrindą. Tačiau akivaizdus šios teorijos trūkumas yra tas, kad tarp jos ir klasikinės nuosavybės teisės doktrinos yra daug neatitikčių. Visų pirma, pastarosios požiūriu nematerialūs ir neperleidžiami daiktai negali būti laikomi nuosavybe ir patekti į nuosavybės teisės taikymo sritį.

Taigi, remdamasi tyrimo rezultatais, autorė daro prielaidą, kad nuosavybės teorija negali būti laikoma metodologiniu duomenų perdavimo teisinės sistemos pagrindu. O kadangi duomenų perdavimas turi daug bendra su intelektinės veiklos rezultatų perdavimu, būtų teisinga taikyti ne nuosavybės, o išimtinių teisių koncepciją. Taigi asmenys, kuriems priklauso duomenys arba kurie jų įgyja, gali būti skirstomi į pirminius ir antrinius duomenų turėtojus, pirminiai duomenų turėtojai turi ir turtines, ir neturtines teises į duomenis, o antriniai duomenų turėtojai gali turėti tik turtines teises. Asmenys, kurie turi ne asmens duomenis (pvz., anoniminius duomenis), į juos turi tik turtines teises.

Nataliia Filatova-Bilous – a qualified and experienced lawyer in the area of private law with scientific and practical experience. For 6 years’ she has been delivering lectures and training law students in Ukraine. Since 2017 has been working as a licensed attorney in the area of civil, commercial and tax law. A legal researcher with a number of publications addressing, in particular, legal aspects of e-commerce, consumer protection in the digital era, protection of users of online transaction platforms and liability of platform operators. Nataliia Filatova-Bilous – kvalifikuota ir ilgametę mokslinę bei praktinę patirtį sukaupusi privatinės teisės srities teisininkė. Jau šešerius metus ji skaito paskaitas ir moko teisės studentus Ukrainoje. Nuo 2017 m. dirba advokate civilinės, komercinės ir mokesčių teisės srityje. Teisės mokslininkė yra parengusi nemažai publikacijų, kuriose visų pirma nagrinėjami el. prekybos teisiniai aspektai, vartotojų apsauga skaitmeninėje eroje, internetinių sandorių platformų naudotojų apsauga ir platformų operatorių atsakomybė.