Regulating Data Ownership in AI-related Agreements

September 14, 2023 Intellectual Property

Over the past decade, the development and deployment of artificial intelligence (AI) technologies have become increasingly prevalent. AI has the potential to revolutionize industries, enhance productivity, and improve decision-making processes. However, as AI systems rely heavily on data to train and operate effectively, the issue of data ownership has emerged as a significant challenge when negotiating AI-related agreements, i.e., contracts that govern the use, development, licensing, and/or deployment of AI-based technologies and services.

There are many kinds of AI-related agreements. Some common types are Development and Consulting Agreements, Partnership and Collaboration Agreements, Software Licence Agreements, Service Level Agreements, Non-Disclosure Agreements and End-User Licence Agreements. The specific terms and conditions of these agreements can, of course, vary widely depending on the purpose of the agreement, the needs of the parties, the complexity of the AI technology involved, and the legal requirements of the jurisdiction in which the contract is enforced.

There is, however, an important question of principle which often arises irrespective of the specific purpose and the details of the contract: The issue of data ownership. AI depends on data at every stage of its lifecycle, from training and testing to real-time operation and continuous improvement. Furthermore, the data used or generated by an AI system can often contain information that gives the holder a competitive advantage. The ability to control data is, thus, an important factor for many companies investing in the development and/or use of AI technologies or services.

Negotiating and drafting a contract that adequately addresses the issue of data exploitation rights can sometimes be very difficult for both parties. A contributing factor to these difficulties is often that the parties focus too much on ownership. It is not uncommon for both parties to be unaware that data, as such, cannot be owned. Under Swedish and European law, data (information) is not property, i.e., an object that can be owned to the exclusion of any other person’s legal claims. Admittedly, some of the key rights arising from ownership of property (such as physical control, the right of personal use and the right of deciding whether someone else can use the object) can sometimes be exercised with respect to data. This applies in particular if the information is contained in or forms part of an intellectual property (IP) object (e.g., a copyrighted work, a patented invention or a proprietary database). However, this is not always the case. On the contrary, it is quite common that individual data, and especially machine-generated data, are not protected by IP rights (although individual data may, depending on the circumstances, be considered a trade secret and thus protected against unlawful acquisition, use and disclosure). 

When negotiating and drafting commercial contracts, one should try to use terms and concepts that reflect the content of the of the applicable law. This will reduce the risk of unnecessary misunderstandings and disputes. A contractual term which states that one party “owns” a certain data object, which later turns out to be mere information and which does not fulfil any IP protection requirements, may cause difficult interpretation problems. This is particularly true where the agreement provides for a transfer of ownership. While the ownership of IP (where appropriate) and possession of trade secrets should be regulated, in the case of data it may be more apposite to focus on exploitation rights and provisions on confidentiality. Doing so also will also make it easier for the parties to maintain protection for valuable data under applicable law on trade secrets.

An excessive focus on ownership also risks leading to entrenched positions in negotiations. In an AI development project, for example, the customer will often pay development costs and provide valuable data for the training of the system. Such a customer may want to claim exclusive rights to the system, including all data. It may also be important for the customer that its competitors do not get the opportunity to use the AI system, that the customer’s data are not disclosed to third parties, and that the customer is entitled to develop the system, for example by modifying it for other purposes using different training data. For the supplier, on the other hand, it may be important to ensure flexibility and freedom to develop the AI technology in its own operations, to secure the rights to the software, systems and know-how used in the development of the AI system, and to be able to provide similar technical solutions to more customers in certain business areas.

To resolve such issues, on closer analysis of the parties’ respective needs and motivations, the contractual terms may be drafted to focus more on exploitation rights, periods of use and confidentiality obligations, in selected fields, rather than on absolute exclusivity or ownership. Even if the agreement states that one party owns all or most of the IP rights (where applicable), this does not in principle prevent the other party from being granted a licence. A good understanding of the parties’ commercial needs will generally improve the chances of reaching a balanced agreement. For example, if the customer’s main concern is the loss of data control and the supplier wants to provide more customers with usage rights to the AI system, the supplier can hopefully ensure that the training data etc. provided by the customer will not be disclosed to new customers. The supplier’s confidentiality undertakings can also include obligations on data protection measures, protocols for data breaches and provisions on liquidated damages in the event of the supplier’s breach of contract.

For similar reasons, when contractually regulating the use and confidentiality of data, it is important for the parties to know, or try to anticipate, what data will be collected, used, and generated in the context of training, testing, validation and/or operation of the AI system. Sometimes, the data comes from multiple sources, including proprietary databases, third-party vendors, and user-generated data. The evolving nature of data and AI systems poses additional challenges. As AI systems continuously learn and adapt, new data is often collected and integrated into the system over time. This complexity can make it difficult for contracting parties to appropriately allocate rights, obligations, and potential liabilities in AI-related agreements.

In summary, to navigate the challenges surrounding data ownership and control in AI-related agreements, clear contractual provisions are essential. Parties involved in AI-related agreements should engage in open and transparent discussions early in the negotiation process. Collaborative efforts to define data rights, including any restrictions on use, transfer, monetization, and disclosure, can foster trust and reduce the risk of disputes down the line. A legal counsel with expertise in IP law, trade secrets, and data regulation can provide valuable guidance.