We live in a technologically driven world where data is king. Most of us can’t read our morning email, check voice messages, or scan the scores to see how our favorite teams did without first having to divulge some bit of information about ourselves.
- Just to use our smartphones, most of us scan our faces or use a fingerprint (all forms of personal data).
- The web browsers we use to navigate the internet track what we read, what we buy, where we’ve been.
- Cameras surveil our movements at busy intersections, through public spaces, and in most business.
- Every ecommerce transaction requires some form of personal information, whether it’s a name, address, or credit card number.
“Our lives seemingly revolve around personal data and its dissemination, collection, and manipulation,” explains Eric Ludwig, founder and lawyer for Ludwig APC, a US-based full-service business, technology, and intellectual property law firm. “With so much information available, individuals and companies involved in the intellectual property space must become more aware of their rights, responsibilities, and obligations.”
Practically any business operating today encounters personal data, from the information it collects to fulfill the simplest of online purchases, to the aggregation of personal data in a database or retrieval system for banking, entertainment, healthcare, and other uses. It’s when a company uses its software, systems, and processes to transform the data that questions of intellectual property and personal data privacy arise.
The European General Data Protection Regulation (GDPR) went into effect in May 2018 to expand the privacy rights of individuals in the EU, namely by regulating how companies could process and handle their personal information.
Essentially, the GDPR ensures transparency in what data companies can collect and what they can do with it. On the flipside, it allows individuals to see what data a company has collected, receive for digital copies, and even request its erasure.
While there’s not yet an equivalent to the GDPR in the United States (where privacy protections rely on numerous de-centralized state and federal regulations), any company that collects and processes the personal data of an individual located within the EU must comply, regardless of where the company is located.
Clearly, with the pervasive nature of the Internet all but doing away with the notion of geographic borders in relation to accessing information and engaging in ecommerce online, many US companies—even if they don’t actively do business in Europe—attract web traffic from individuals located in the EU, thus subjecting them to the provisions of the GDPR.
GDPR and other privacy laws also affect the ability of IP owners to investigate potential infringement activities.
Gone are the days when a company could easily look up someone suspected of an IP infringement online through a domain registry service (such as WHOIS) or through the search of a social media profile or other directory. Access to much of that information is now private or restricted, which adds layers of complexity to investigation and enforcement efforts.
Questions of Ownership
While it’s generally understood that individuals are the ones who ultimately own or control their “personal data,” there are a great number of compelling arguments for the ownability of data that has been processed or manipulated in some proprietary way to add value to it (such as for market and political intelligence, entertainment purposes, the study of consumer habits, healthcare recommendations, and so on).
Certainly, the Facebooks and Googles of the world would contend that they “own” aspects of the data they collect and shape (and if not the actual data itself, at least access to it), as would any number of other individuals and companies involved in the upstream and downstream collection of and/or manipulation of personal data.
Where Do We Go from Here?
It’s December 2020 and we sit on the threshold of a new decade. With the advancement of robotics, artificial intelligence, facial recognition, and other yet-to-be-named technologies, it’s clear that questions about data privacy and data ownership rights will be with us for some time. No doubt, like all questions related to intellectual property, the answers will come down to finding a balance between individual rights and society’s desire to promote innovation and advancement.