Monday, May 11, 2020
One thing that hasn’t suffered from the COVID-19 pandemic is the big data analytics market — a development, however, that comes with a host of intellectual property (IP) and other legal issues.
“The pandemic has accelerated the development of worldwide data hubs to collect data, and the development of software tools to extract insights from data,” said Maya Medeiros in Norton Rose Fulbright LLP’s Vancouver office. “These insights can be used to find new ways to reduce disease spread, protect health-care workers and hasten new treatments and vaccines.”
Likely most familiar to the general public is Google’s new website, which shares location data it collects from smartphones in an effort to trace the effect of lockdown on population movements. Other data hubs collect clinical and research data, including COVID-19 Open Research Dataset, the most extensive coronavirus literature collection available for data and text mining, boasting more than 44,000 articles; and MiPasa, a joint effort of the World Health Organization and various technology companies that collects COVID-19 clinical and laboratory data.
Health datasets, in turn, can be combined with non-health datasets, such as the location and map datasets developed by Google and Esri, a mapping software company, to identify patterns and predictions about COVID-19 spread that assist in pandemic response. Data hubs can also incorporate software to generate analytics, export datasets and assist in the development of third-party applications.
But because data hubs are often available only on an “as-is” or “use at your own risk” basis, it falls on collaborators to manage risk.
“Where the terms of use make individual participants responsible for legal compliance, collaborators should ensure that they manage IP, contractual, regulatory and ethical risks that can hinder beneficial use of the data hub and the insights derived,” Medeiros said. “To this end, it’s important to have a governance framework in place that allows owners of the IP rights to give proper consent to the use of the data hubs and allows others to analyze and develop the information.”
For starters, such a framework should identify the creators and owners of the data, provide a mechanism for consent to the data’s use and ensure that only the actual owners of the data are contributing to the hub.
“Ensuring that only owners are contributors lessens the risk of future disputes over use of the data, the tools that result and any derived insights,” Medeiros said. “As well, if any data or software tools were included in a data hub without the permission of the owner, the use might be unlawful.”
The trend to global data hubs, however, complicates compliance.
“IP laws, privacy restrictions and consent rules can differ from jurisdiction to jurisdiction,” Medeiros said. “The contractual framework also gets a lot more complex.”
The complexity arises at the most fundamental levels.
“The degree to which different jurisdictions protect data can vary considerably,” said Mark Hayes of Hayes eLaw LLP in Toronto. “And what is protected may depend on the amount of processing involved.”
In general, the vast storage of data is not in and of itself protected, but Europe and North America do provide some levels of protection for data that has been analyzed, organized, verified or culled.
“To determine the extent to which a data hub is protected by copyright, then, we have to look at how the data is used, where it is used, where and how it is exploited, made available and communicated to the public,” Hayes said. “So, it’s a multifaceted analysis in terms of figuring out the degree of international protection available.”
Canada is “somewhere in the middle” on the spectrum of data protection.
“We have jurisprudence that points to copyright protection for certain data collections, like directories, but only where there is some element of creativity in the collation, organization or selection of the information,” Hayes said. “Telephone directories, then, are not likely protected, but Yellow Pages are likely protected.”
Canada, however, has nothing like the European Union’s Database Directive, which specifically gives protection to “a collection of independent works, data or other materials arranged in a systematic or methodical way and individually accessible by electronic or other means.”