TechNotes – Top 10 issues for data

“Data is the oxygen that fuels the fire of the Fourth Industrial Revolution. More data is being generated than ever before, with the global volume of data predicted to double between 2018 and 2022, and then double again between 2022 and 2025.”

World Economic Forum on Shaping the Future of Technology Governance: Data Policy

1. Data driving new technology: There is no doubt that, as the new oil, data is fuelling the development of new technology from AI to blockchain and connected devices, as well as personalised services and advertising, across all industries. The data that is newly created in the context of digitalisation of companies and automation of services, as well as pre-existing data that is collected and made accessible by an information management system, is valuable. Companies should consider monetising such data and to leverage a competitive advantage.

2. Protection of personal data: Large datasets often contain personal data, such as IP addresses, location data or unique device IDs. Collection, processing, use as well as transfer (processing) of such data will be subject to applicable data protection law, such as the General Data Protection Regulation (GDPR) in the EU. As a rule, a statutory permission or a valid consent from the data subject is required for legitimate data processing. As far as the transfer of personal data to a country outside of the European Union (eg the United States, China or Russia) is concerned, an adequate level of data protection has to be positively established in that country. Any company violating applicable data protection laws will face sanctions. In the case of the GDPR, the fine may be up to 4% of the total worldwide annual turnover or EUR 20 million (whichever is higher). Marriott and British Airways have already been hit by large fines.

3. Cybersecurity: The processing of data requires highly efficient (particularly in the context of Big Data), secure and constantly available (particularly in the context of cloud computing) IT systems. Numerous laws require compliance with specific data security standards, as well as obligations to notify data breaches promptly to the relevant authorities. Any failure to implement such requirements or to notify data breaches promptly may be sanctioned by supervisory authorities. Suitable IT outsourcing agreements with external providers, which take these issues into account as well as applicable data protection laws, are therefore key.

4. Protecting datasets: Datasets may attract IP protection in the form of database right and copyright. Companies will need to structure their internal data-related activities properly, to benefit from these IP rights. If these IP rights subsist, companies will be able to license them as part of their collaborations and generate revenue. In addition, the IP rights may be enforced against others to prevent an organisation’s databases from being misused. Companies also often use third party data to build larger datasets or create data with more variety. If companies are mining third party data without permission, they need to be careful that they do not infringe any third party IP rights and data mining is currently a legislative hot topic at the European level.

5. Data governance: Large datasets (eg in the context of Big Data) may be of immense value for a company. The better curated that data is, the better the data can be commercialised. Curating data, however, means processing data. If personal data (eg IP addresses, location data as well as unique device numbers) is processed, applicable data protection law has to be complied with. In general, we are increasingly seeing scrutiny by data protection authorities.

6. Competition Law: Companies with innovative business models, driven by large datasets or technologies to analyse data, will naturally become the target of acquisitions by incumbent players. The competition law authorities have expressed increasing concern about so-called killer acquisitions of data-rich start-ups, as the strategic use of the acquired data may limit market competition. Even acquisitions of relatively small targets are likely to be probed more thoroughly during any merger filing processes and thus face stricter scrutiny. Other investigations into companies that use data in order to leverage their market positions are ongoing in various jurisdictions, amongst others Germany and the UK.

7. The war for talent: Data scientists are highly sought after in the market, with the relevant qualifications and experience currently being a relatively rare commodity. Those with these specialist skills can demand high salaries and are often lured by the appeal of working for technology giants such as Google and Facebook, or by cutting edge start-ups at the frontier of big data technology. Retention and reward strategies need to be designed to encourage those with these sought-after skills to stay and not be lured away. As talent involved in key projects moves between firms, organisations will need to take steps to ensure that any proprietary know-how and trade secrets are properly protected.

8. Consumer protection: Regulators such as the German Federal Cartel Office are continuously reviewing online consumer websites for whom data is key, such as online comparison tools, identifying consumer protection issues, including but not limited to opaque advertisements and the influence of payments for online search ranking results. This may lead to further regulatory or legislative activity in the near future.

9. M&A: Players from all economic sectors want to gain access to the latest technologies and new business models, in particular if they are fuelled by huge amounts of data. Possible ways to do so are M&A, captive venture companies, collaborations or incubators, but also start-up as a service. Due diligence processes will identify any possible legal risks with the target company, such as data protection compliance or lack of data security. However, any data transfer from the target to the acquiring company during the M&A process (such as HR data) is subject to applicable data protection laws, which is often overlooked.

10. The new digital services tax: There is currently significant debate about the need to modernise the corporate tax system, particularly for highly digitalised businesses that derive significant value from user participation and their (freely provided) data. This has led to a number of European countries (eg France, UK and Italy) unilaterally introducing their own digital services tax regimes, causing political tension with countries like the US. As data starts to drive changes to how businesses operate, companies need to consider what the tax implications are based on the current and the possible future tax system in an increasingly fast-changing and uncertain environment.

The Big Data Race - Our latest global research which focuses on the key pillars to success in data commercialisation. Read more on the findings from our global benchmark survey and try our benchmarking tool to assess yourself against the market in relation to the success factors that we have identified.

Found this article useful? Read others in our TechNotes series