Hastings Law Journal
+(0)!
5
..0! -/%(!
No One Owns Data
Lothar Determann
+((+2/$%.* %/%+*(2+-'./ $7,.-!,+.%/+-30$./%*#.! 0$./%*#.(2&+0-*(
-/+"/$! 2+))+*.
6%.-/%(!%.-+0#$//+3+0"+-"-!!* +,!*!..3/$!2+0-*(././%*#.$+(-.$%,!,+.%/+-3/$.!!*!,/! "+-%*(0.%+*%*
./%*#.2+0-*(3*0/$+-%4! ! %/+-+"./%*#.$+(-.$%,!,+.%/+-3+-)+-!%*"+-)/%+*,(!.!+*//
2*#*#!(0$./%*#.! 0
!+))!* ! %//%+*
+/$-!/!-)** No One Owns Data8<=:;9<
1%((!/$7,.-!,+.%/+-30$./%*#.! 0$./%*#.(2&+0-*(1+(%..
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
[1]
Articles
No One Owns Data
LOTHAR DETERMANN
†
Businesses, policy makers, and scholars are calling for property rights in data. They currently
focus on the vast amounts of data generated by connected cars, industrial machines, artificial
intelligence, toys and other devices on the Internet of Things (IoT). This data is personal to
numerous parties who are associated with the connected device, and there are many others are
also interested in this data. Various parties are actively staking their claims to data, as they are
mining the fuel of the digital economy.
Stakeholders in digital markets often frame claims, negotiations and controversies regarding
data access as one of ownership. Businesses regularly assert and demand that they own data.
Individual data subjects also assume that they own data about themselves. Policy makers and
scholars focus on how to redistribute ownership rights to data. Yet, upon closer review, it is very
questionable whether data is—or should be—subject to any property rights. This Article
unambiguously answers the question in the negative, both with respect to existing law and future
lawmaking in the United States and the European Union, jurisdictions with notably divergent
attitudes to privacy, property and individual freedoms.
Data as such, that is, the content of information, exists conceptually separate from works of
authorship and databases (which can be subject to intellectual property rights), physical
embodiments of information (data on a computer chip, which can be subject to personal property
rights) and physical objects or intangible items to which information relates (a dangerous
malfunctioning vehicle to which the warnings on road markings or a computer chip relate).
Lawmakers have granted property rights to different persons regarding works of authorship,
databases, land, and chattels to incentivize investments and improvements in such items.
However, this purpose does not exist with respect to data.
Individual persons, businesses, governments and the public at large have different interests in
data and access restrictions. These interests are protected by an intricate net of existing laws,
which deliberately refrain from granting property rights in data. Indeed, new property rights in
data are not suited to promote better privacy or more innovation or technological advances, but
would more likely suffocate free speech, information freedom, science and technological
progress. The rationales for propertizing data are thus not compelling and are outweighed by the
rationales for keeping the data “open.” No new property rights need to be created for data.
†
Lothar Determann teaches computer, internet and data privacy law at Freie Universität Berlin,
University of California, Berkeley School of Law, and Hastings College of the Law, San Francisco, and he
practices technology law as a partner at Baker McKenzie LLP in Palo Alto. Opinions expressed in this article
are those of the Author, and not of his firm, clients or others. The Author is grateful for valuable input, research
and edits by Yoon Chae, Thomas Blickwedel, Paloma Pietsch and Shemira Jeevaratnam, as well as additional
suggestions from Prof. Eric Goldman, Santa Clara University School of Law, and Tony Bedel.
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
2 HASTINGS LAW JOURNAL [Vol. 70:1
TABLE OF CONTENTS
INTRODUCTION ................................................................................................... 3
I. DATA AND INFORMATION ............................................................................ 6
II. PROPERTY RIGHTS IN DATA ......................................................................... 7
A. OWNERSHIP AND PROPERTY RIGHTS ............................................... 7
B. REAL PROPERTY ............................................................................ 12
C. PERSONAL PROPERTY .................................................................... 13
D. TRADE SECRET .............................................................................. 14
E. PATENT .......................................................................................... 16
F. TRADEMARK .................................................................................. 17
G. COPYRIGHT .................................................................................... 18
H. U.S. STATE LAWS ON MISAPPROPRIATION AND EU
DATABASE DIRECTIVE ................................................................... 20
I.
DATA PRIVACY .............................................................................. 22
J. SUMMARY ...................................................................................... 25
III. DATA ACCESS RIGHTS AND RESTRICTIONS UNDER CURRENT
L
AW ....................................................................................................... 26
A. RIGHTS TO DATA ACCESS, ERASURE, PORTABILITY AND USE
RESTRICTIONS ................................................................................ 26
B. COMPUTER INTERFERENCE LAWS ................................................. 26
C. RIGHT TO REPAIR STATUTES AND ENVIRONMENTAL AND
COMPETITION LAWS ...................................................................... 27
D. LAWS ON CONSUMER PROTECTION, PRODUCT SAFETY, IMPLIED
WARRANTIES AND SUSTAINABILITY ............................................. 28
IV. INTERESTS IN DATA AND LEGAL PROTECTIONS UNDER CURRENT LAW ... 28
A. CAR OWNERS ................................................................................. 29
B. DRIVERS AND PASSENGERS ........................................................... 30
C. OTHER TRAFFIC PARTICIPANTS ..................................................... 30
D. MANUFACTURERS .......................................................................... 31
E. ADD-ON SERVICE PROVIDERS ....................................................... 32
F. CAR DEALERS AND DISTRIBUTORS ................................................ 33
G. INSURANCE COMPANIES ................................................................ 33
H. LAW ENFORCEMENT AND GOVERNMENT INSTITUTIONS ............... 33
V. SHOULD NEW PROPERTY RIGHTS IN DATA BE CREATED? .......................... 34
A. CREATIVITY AND TECHNOLOGICAL ADVANCES ............................ 34
B. PROTECTING PERSONAL PRIVACY ................................................. 37
C. FREEDOM OF INFORMATION AND SPEECH ..................................... 38
D. GOVERNMENT USE OF DATA ......................................................... 39
E. COMPETITION ................................................................................ 39
F. SOCIAL JUSTICE AND FAIRNESS ..................................................... 40
G. NORMATIVE IMPLEMENTATION OBSTACLES ................................. 41
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 3
CONCLUSION ..................................................................................................... 42
Thoughts are free.
Who can guess them right?
They fly by me, like shadows at night.
No one can mute them.
No hunter can shoot them.
It remains for all to see:
Thoughts are free.
(German folk song)
1
I
NTRODUCTION
Connected cars, industrial machines, toys, and other devices on the Internet
of Things (IoT) generate vast amounts of data and information. The total amount
of stored data is expected to double every two years—meaning a 50-fold growth
from 2010 to 2020
2
—and reach 163 zettabytes by 2025.
3
Autonomous vehicles,
for example, can each generate as much as 4,000 gigabytes of data every day
4
on the vehicle’s performance and maintenance, location of the car, and various
aspects of the people in the car
5
with the help of today’s advanced sensors.
6
The explosive growth in the total amount of data will come from
technologies that were both historically inside and outside of cars, fueled by the
high level of forecasted interconnectivity of nearly all devices.
7
Existing in-
1. These are the lyrics of a German folk song. The lyrics in German are: “Die Gedanken sind frei, wer
kann sie erraten? Sie fliegen vorbei wie nächtliche Schatten. Kein Mensch kann sie wissen, kein Jäger erschießen
es bleibet dabei: Die Gedanken sind frei!” The original lyricist and composer are unknown, but the most popular
version was rendered by Hoffmann von Fallersleben in 1842. Die Gedanken sind frei, DEUTSCHLAND-LESE,
http://www.deutschland-lese.de/index.php?article_id=110 (last visited Nov. 21, 2018) (Ger.).
2. PETER FFOULKES, INSIDEBIGDATA GUIDE TO THE INTELLIGENT USE OF BIG DATA ON AN INDUSTRIAL
SCALE 2 (2017), https://insidebigdata.com/white-paper/guide-big-data-industrial-scale.
3. DAVID REINSEL ET AL., DATA AGE 2025: THE EVOLUTION OF DATA TO LIFE-CRITICAL 3 (2017),
https://www.seagate.com/files/www-content/our-story/trends/files/Seagate-WP-DataAge2025-March-
2017.pdf.
4. Patrick Nelson, Just One Autonomous Car Will Use 4,000 GB of Data/Day, NETWORK WORLD (Dec.
7, 2016, 7:39 AM), https://www.networkworld.com/article/3147892/internet/one-autonomous-car-will-use-
4000-gb-of-dataday.html.
5. MCKINSEY & COMPANY, CAR DATA: PAVING THE WAY TO VALUE-CREATING MOBILITY 8 (2016),
https://www.mckinsey.com/~/media/McKinsey/Industries/Automotive%20and%20Assembly/Our%20Insights/
Creating%20value%20from%20car%20data/Creating%20value%20from%20car%20data.ashx.
6. These sensors include global positioning systems (GPS), dedicated short-range communications
devices (DSRCs), light detection and ranging (LIDAR) sensors, cameras, infrared sensors, and radio detection
and ranging (RADAR) devices. UNIV. OF MICHIGAN, CTR. FOR SUSTAINABLE SYS., AUTONOMOUS VEHICLES
FACTSHEET (2017), http://css.umich.edu/sites/default/files/css_doc/CSS16-18. They play evermore important
roles in safety and technological advancements in vehicles and other connected devices today. See Lothar
Determann & Bruce Perens, Open Cars, 32 BERKELEY TECH. L.J. 915, 920–21 (2017) (“Consumers select the
make and model of automobiles with increasing focus on information technology feature: telematics, driver
assistance, autonomous driving, connectivity, entertainment, and various safety features.”).
7. The number of devices connected to Internet of Things (IoT) will soon exceed the number of people
on earth. G.V. Sam Kumar, Survey on Process in Scalable Big Data Management Using Data Driven Model
Frame Work, 5 INT’L J. INNOVATIVE RES. COMPUTER & COMM. ENGINEERING 4468, 4469 (2017).
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
4 HASTINGS LAW JOURNAL [Vol. 70:1
vehicle technologies, such as in-dash navigation systems, diagnostic systems,
and virtual assistants already generate data and will continue to do so at an
accelerated rate.
8
Features such as voice controls will be used for more
applications, while both video and audio will be recorded in more places.
9
Use
of biometric data will become more prevalent for authentication in various
devices, including cars and other IoT devices,
10
and technologies usually
reserved for healthcare, such as heart rate monitors, will likely be incorporated
into vehicles to assess the passengers’ health risks and ride comfort.
11
Various parties are actively staking their claims to data on the Internet of
Things, as they are mining data, the fuel of the digital economy. The data
generated is valuable to various persons and entities for different reasons,
including safety, risk assessments, compliance, preventive maintenance, market
intelligence, development of new business models, public policy, and law
enforcement, among others.
12
But much of the sought-after data will relate to
personal and private information of various individuals (for example, regarding
their health, travel history and speed, browsing history, and emails),
13
which
raises privacy concerns and questions of who may access and use the data
generated by the various connected things. These questions are often framed as
issues of data ownership or property rights in data in the popular press and
political discussions.
14
Businesses, politicians, and scholars assume the
existence of, or call for, the creation of property rights in data.
15
Yet, in the
8. See Matthew DeBord, Big Data in Cars Could Be a $750 Billion Business by 2030, BUS. INSIDER (Oct.
5, 2016, 3:00 PM), http://www.businessinsider.com/car-data-business-mckinsey-and-co-report-2016-10.
9. Lance Ulanoff, Nuance is About to Make Your Car a Lot Smarter, MASHABLE (June 22, 2017),
https://mashable.com/2017/06/22/inside-nuance-next-gen-in-car-voice-assistant/#FfZi85Ms1SqO; see also
MCKINSEY & COMPANY, MONETIZING CAR DATA: NEW SERVICE BUSINESS OPPORTUNITIES TO CREATE NEW
CUSTOMER BENEFITS 35 (2016), https://www.mckinsey.com/~/media/McKinsey/Industries/
Automotive%20and%20Assembly/Our%20Insights/Monetizing%20car%20data/Monetizing-car-data.ashx.
10. Matthew Crist, 5 Ways Biometric Technology Is Used in Everyday Life, M2SYS: BLOG,
http://www.m2sys.com/blog/guest-blog-posts/5-ways-biometric-technology-is-used-in-everyday-life (last
visited Nov. 21, 2018); Salil Prabhakar, Why Biometrics Are the Key to Driver Authentication in Connected
Cars, VENTURE BEAT (Feb. 7, 2017, 4:10 PM), https://venturebeat.com/2017/02/07/why-biometrics-are-the-
key-to-driver-authentication-in-connected-cars.
11. MCKINSEY & COMPANY, supra note 9, at 34.
12. David Welch, Your Car Has Been Studying You Closely and Everyone Wants the Data, Privacy &
Security L. Rep. (BNA) (July 12, 2016, 2:00 AM), https://www.bloomberg.com/news/articles/2016-07-12/your-
car-s-been-studying-you-closely-and-everyone-wants-the-data. Data enables future business models as
demonstrated by the convergence of car manufacturers, rental car companies, transportation businesses, ride
share ventures and other “mobility providers.”
13. See MCKINSEY & COMPANY supra note 5, at 7 (using a chart to discuss the types of applications that
consumer are willing to receive free service, in exchange for personal data).
14. E.g., Jeffrey Ritter and Anna Mayer, Regulating Data as Property: A New Construct for Moving
Forward, 16 DUKE L. & TECH. REV. 220, 226–27 (2018); Evgeny Morozov, To Tackle Google’s Power,
Regulators Have to Go After Its Ownership of Data, GUARDIAN (July 2, 2017, 7:05 PM),
http://www.theguardian.com/technology/2017/jul/01/google-european-commission-fine-search-engines.
15. See Paul M. Schwartz, Property, Privacy, and Personal Data, 117 HARV. L. REV. 2055, 2094 (2004);
Lawrence Lessig, The Architecture of Privacy, 1 VAND. J. ENT. L. & PRAC. 56, 63 (1999); LAWRENCE LESSIG,
CODE AND OTHER LAWS OF CYBERSPACE 122–35 (1999); Kenneth C. Laudon, Markets and Privacy, COMM.
ACM, Sept. 1996, at 92, 101; Catherine M. Valerio Barrad, Genetic Information and Property Theory, 87 NW.
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 5
context of this debate there is much uncertainty and ambiguity regarding the
meaning of “data,” “information,” and “ownership;” little comprehensive
analysis regarding how existing property laws already cover data or exclude data
from protection; and relatively sparse considerations of legal and policy reasons
for not granting property rights to data.
This Article comprehensively examines and decidedly challenges
assumptions regarding the existence or policy reasons for ownership rights in
data and argues that data (1) exists separately from works of authorship,
databases, and media (see infra Part II); (2) is largely free from property rights
(see infra Part III); (3) is subject to a complex landscape of access rights and
restrictions (see infra Part IV); and (4) implicates various legal positions,
interests, and options for parties interested in the data that are regulated in a
considerate, nuanced, and balanced fashion under laws outside the property law
realm (see infra Part V). The Article then examines current policy discussions
around the creation of a right to data ownership (see infra Part VI) and concludes
that no one does or should be able to own data (see infra Part VII).
The legal standards and frameworks employed in the Article are discussed
from both U.S. and European perspectives to address the significant differences
in transatlantic data privacy and data base protection law.
16
To develop and
illustrate these theses, the Article refers to the landscape of interests in data
generated or processed by connected cars and other devices on the IoT, which
are driving current economic developments and policy discussions, including
calls from the German government for a statutory property regime assigning
rights to data from cars to auto manufacturers.
17
U. L. REV. 1037, 1062–63 (1993); Tom C.W. Lin, Executive Trade Secrets, 87 NOTRE DAME L. REV. 911, 968
(2012); Patricia Mell, Seeking Shade in a Land of Perpetual Sunlight: Privacy as Property in the Electronic
Wilderness, 11 BERKELEY TECH. L.J. 1, 11, 26–41 (1996); Richard S. Murphy, Property Rights in Personal
Information: An Economic Defense of Privacy, 84 GEO. L.J. 2381, 2381–83 (1996); James B. Rule, Toward
Strong Privacy: Values, Markets, Mechanisms, and Institutions, 54 U. TORONTO L.J. 183, 185 (2004); Herbert
Zech, “Industrie 4.0”—Rechtsrahmen für eine Datenwirtschaft im digitalen Binnenmarkt, GRUR, Dec. 2015,
at 1151, 1160 (Ger.); Karl-Heinz Fezer, Dateneigentum der Bürger: Ein originäres Immaterialgüterrecht sui
generis an verhaltensgenerierten Informationsdaten der Bürger, BEITRÄGE, Mar. 2017, at 99, 99 (Ger.); Václav
Janeček, Ownership of Personal Data in the Internet of Things, 34 COMPUTER L. & SECURITY REV. 1039
(forthcoming Oct. 2018). But see Pamela Samuelson, Privacy as Intellectual Property?, 52 STAN. L. REV. 1125,
1129 (2000) (“A property rights model for protecting personal data nevertheless presents many problems.”);
Louisa Specht, Ausschließlichkeitsrechte an Daten—Notwendigkeit, Schutzumfang, Alternativen: Eine
Erläuterung des gegenwärtigen Meinungsstands und Gedanken für eine zukünftige Ausgestaltung, COMPUTER
UND RECHT, May 2016, at 288, 296 (Ger.) (discussing exclusivity rights to data—need, scope, and alternatives).
16. See generally Paul M. Schwartz & Karl-Nikolaus Peifer, Transatlantic Data Privacy Law, 106 GEO.
L.J. 115 (2017) (discussing the differences in transatlantic data privacy law and the business reasons behind
those differences).
17. Bundesministerium für Verkehr und digitale Infrastruktur, “Eigentumsordnung” für Mobilitätsdaten,
https://www.bmvi.de/SharedDocs/DE/Publikationen/DG/eigentumsordnung-
mobilitaetsdaten.pdf?__blob=publicationFile (study of the German ministry for traffic and digital infrastructure
on whether data is or should be subject to property rights, concluding that property rights to data could be
beneficial to create markets for data and to reward production of data and “essential investments”); Gerrit
Hornung & Thilo Goeble, “Data Ownership” im vernetzten Automobil: Die rechtliche Analyse des
wirtsschaftlichen Werts von Automobildaten und ihr Beitrag zum besseren Verständnis der
Informationsordnung, COMPUTER UND RECHT REPORT, Mar. 2015, at 265, 272 (Ger.) (examining property rights
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
6 HASTINGS LAW JOURNAL [Vol. 70:1
I. DATA AND INFORMATION
In everyday parlance, the terms “data” and “information” are often used
synonymously,
18
referring to “facts about a situation, person, [or] event.”
19
“Data” and “information” are also used interchangeably in various legal
contexts.
20
Likewise, this Article uses “data” and “information”
interchangeably, cognizant of different approaches to terminology in other
academic disciplines.
21
Information can be or relate to diverse things, such as memories, thoughts,
discoveries, insights, opinions, perceptions, fictions, or answers to questions.
22
Information can be stored in physical forms, such as human brains and data
servers, or physically expressed in books or on road markings. It can also be
communicated via smoke signals, blinking lights, measurable radio waves,
digital cable connections, or writings on a wall. But the informational content,
that is, data itself, exists separately from its context of a larger data base or work
of authorship or its physical embodiment. For example, the informational
and claims to data emanating from connected cars).
18. E.g., Data, MERRIAM-WEBSTER DICTIONARY, www.merriam-webster.com/dictionary/data (last visited
Nov. 21, 2018) (providing three definitions of “data” that all describe data as “information”).
19. E.g., Information, CAMBRIDGE DICTIONARY,
https://dictionary.cambridge.org/us/dictionary/english/information (last visited Nov. 21, 2018) (defining
“information” as “facts about a situation, person, event”).
20. In the United States, for example, the Fair Credit Reporting Act defines “medical information” as
“information or data, whether oral or recorded, in any form or medium, created by or derived from a health care
provider or the consumer . . . .” 15 U.S.C. § 1681a(i)(1) (2011). Under EU data protection laws, “personal data”
refers to “any information relating to an identified or identifiable natural person.” Regulation (EU) 2016/679 of
the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard
to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC
(General Data Protection Regulation), art. 4(1), 2016 O.J. (L 119) 1, 33 [hereinafter General Data Protection
Regulation].
21. Some data scientists use the term “data” to refer to discrete, objective facts or observations that are
unorganized, unprocessed and without any specific meaning, and the term “information” to refer to data that has
been shaped into forms that are meaningful and useful to human beings. Saša Baškarada & Andy Koronios,
Data, Information, Knowledge, Wisdom (DIKW): A Semiotic Theoretical and Empirical Exploration of the
Hierarchy and Its Quality Dimension, 18 AUSTRALASIAN J. INFO. SYS. 5, 7 tbl.1 (2013). Data can thus be
considered patterns with no meaning, whereas information refers to interpreted data that has meaning. Id. at 7;
see also Mireille Hildebrandt, Law as Computation in the Era of Artificial Legal Intelligence: Speaking Law to
the Power of Statistics, 68 U. TORONTO L.J. 1, 3 (2018) (citing Mireille Hildebrandt, Law as Information in the
Era of Data-Driven Agency, 79 MOD. L. REV. 1, 1–33 (2016)). For a discussion on further distinctions between
“data” and “information,” as well as their distinctions from “knowledge” and “wisdom,” see generally Saša
Baškarada & Andy Koronios, supra, and the illustrated discussion of definitions at
www.datenschutzbeauftragter-online.de/daten-information-definition/.
22. Information, DET INFORMATIONS-VIDENSKABELIGE AKADEMI, http://www.informationsordbogen.dk
/concept.php?cid=902 (last visited Nov. 21, 2018) (Ger.) (defining information as something that is “relative to
a present problem or issue,” such that what is “informative in one situation does not have to be in another”).
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 7
content of a smoke or light signal, photo or painting may convey a message that
“a dangerous machine is approaching,”
23
but this message exists separately from
its tangible manifestation (the smoke signal, photo, or painting), any creative
expression (the text or painting), and the physical means through which it is
perceived (the human eyes, ears, or brain).
Consequently, different persons could assert different rights and interests
in (1) informational content (for example that a dangerous machine is
approaching), (2) expression of information in words, symbols, paintings, or
other works of authorship, or compilations or data bases in which information is
organized creatively or functionally, and (3) physical manifestation of
information (for example the smoke signal, photo, or the painting on a wall), as
well as (4) the item to which the information relates (for example a
malfunctioning autonomous vehicle or other machine). Ownership and property
rights in these different aspects and embodiments of data or information are
explored under different property law regimes in Part III.
II.
PROPERTY RIGHTS IN DATA
A.
OWNERSHIP AND PROPERTY RIGHTS
“Ownership” generally refers to “[t]he right to exclusive use of an asset”
24
or “the full right to dispose of a thing at will.”
25
Ownership assigns a thing to a
person or legal entity and signifies that the object belongs to that person.
26
We
also use the term “ownership” more broadly in everyday language with respect
to owning an ability or responsibility,
27
where one can “own up to” having done
something.
28
In U.S. law, ownership denotes property rights, referring to a “bundle of
rights allowing one to use, manage, and enjoy property, including the right to
convey it to others,”
29
as well as the rights of “exclusive use or monopoly over
the property owned.”
30
Similarly, German law defines “ownership” in reference
23. This informational content further comprises a factual assertion (for example, an animal is
approaching) and an assessment (for example, the animal is dangerous).
24. JOHN BLACK ET AL., A DICTIONARY OF ECONOMICS 381 (5th ed. 2017).
25. 3 THE OXFORD DICTIONARY OF BYZANTIUM 1545 (Alexander P. Kazhdan et al. eds., 1991).
26. See OXFORD DICTIONARY OF ENGLISH 1270 (Angus Stevenson ed., 3d ed. 2010) (defining “own” as
“[to] have (something) as one’s own; possess”).
27. Ownership, CAMBRIDGE DICTIONARY, https://dictionary.cambridge.org/dictionary/
english/ownership (last visited Nov. 21, 2018) (defining “ownership” as “the fact of taking responsibility for an
idea or problem”).
28. Own Up, CAMBRIDGE DICTIONARY, https://dictionary.cambridge.org/dictionary/english/own-up (last
visited Nov. 21, 2018) (listing the English definition of “own up” as “to admit that you have done something
wrong” and listing the American definition of “own up” as “to tell the truth or to admit that you are responsible
for something”).
29. Ownership, BLACK’S LAW DICTIONARY 1280 (Bryan A. Garner ed., 10th ed. 2009).
30. Ownership, 2 THE WOLTERS KLUWER BOUVIER LAW DICTIONARY 1931 (Stephen Michael Sheppard
ed., desk ed. 2012).
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
8 HASTINGS LAW JOURNAL [Vol. 70:1
to an owner’s ability to “deal with [a] thing at his discretion and exclude others
from every influence,” as long as it does not come into conflict with “a statute
or third-party rights.”
31
Correspondingly, “property” refers to “everything that is owned” or that
“may be the subject of ownership.”
32
Three main categories of property are real
property (land or real estate),
33
personal property (physical property other than
real property),
34
and intellectual property
35
(intangible property based on
ideas).
36
Property rights entail a set of rules that govern people’s access to and
control of property,
37
and the “bundle of rights”
38
that the owner can hold against
others, including (1) the right to possess, (2) the right to exclude,
39
and (3) the
31. BÜRGERLICHES GESETZBUCH [BGB] [CIVIL CODE], § 903 (Ger.), translation at https://www.gesetze-
im-internet.de/englisch_bgb/englisch_bgb.html (last visited Nov. 21, 2018) [hereinafter GER. CIV. CODE].
32. Property, THE LAW DICTIONARY (7th ed. 2002) (online at Lexis Advance); see also Property, FREE
DICTIONARY: LEGAL DICTIONARY, https://legal-dictionary.thefreedictionary.com/property (last visited Nov. 21,
2018) (defining “property” as “anything that is owned by a person or entity”).
33. Real Property, Real Estate, or Realty, THE LAW DICTIONARY (7th ed. 2002) (online at Lexis Advance)
(“Real property includes land and any interest or estate in land.”); see also Real Property, BLACK’S LAW
DICTIONARY 1412 (Bryan A. Garner ed., 10th ed. 2009) (defining real property as “[l]and and anything growing
on, attached to, or erected on it, excluding anything that may be severed without injury to the land”).
34. Personal Property, THE LAW DICTIONARY (7th ed. 2002) (online at Lexis Advance) (“Anything which
is subject to ownership and which is not a freehold in real property.”); see also Moveable Property, BLACK’S
LAW DICTIONARY 1412 (Bryan A. Garner, 10th ed. 2009) (defining movable property as “any movable or
intangible thing that is subject to ownership and not classified as real property”).
35. Intellectual property refers to “[a] category of intangible rights protecting commercially valuable
products of the human intellect.” Intellectual Property, BLACK’S LAW DICTIONARY 930 (10th ed. 2009). For a
discussion on how intellectual property, such as trade secrets, copyrights, patents, and trademarks, also qualify
as “property,” see Brian M. Hoffstadt, Dispossession, Intellectual Property, and the Sin of Theoretical
Homogeneity, 80 S. CAL. L. REV. 909, 936–42 (2007).
36. See What is Intellectual Property, WORLD INTELL. PROP. ORG., http://www.wipo.int/about-ip/en/ (last
visited Nov. 21, 2018) (“Intellectual property (IP) refers to creations of the mind, such as inventions; literary
and artistic works; designs; and symbols . . . .”); see also David Favre, Living Property: A New Status for
Animals Within the Legal System, 93 MARQ. L. REV. 1021, 1025–1026 (2010) (“The standard discussion of
property today lists three basic categories of property—real property, personal property, and intellectual
property. . . . Intellectual property is a product of a human mind.”).
37. Jeremy Waldron, Property and Ownership, STAN. ENCYCLOPEDIA PHIL. (Sept. 6, 2004),
https://plato.stanford.edu/entries/property/.
38. Other theories for defining property include (1) the exclusivity theory, which holds that exclusivity
rights are the sole requirement for property, and (2) the integrated theory, which states that exclusivity is not
enough and looks at how the asset is acquired, used, and disposed. Michael Risch, Why Do We Have Trade
Secrets?, 11 MARQ. INTELL. PROP. L. REV. 1, 16–18 (2007). In contrast, this Article prefers the bundle of rights
theory to address ownership and property rights in data, as it provides more flexibility for addressing data
ownership under different property law regimes. See id. at 18 (“The middle ground is . . . ‘Hohfeldian’ bundle
of rights.”).
39. J. E. Penner, The “Bundle of Rights” Picture of Property, 43 UCLA L. REV. 711, 713 (1996) (“[T]he
‘incidents’ of ownership . . . [includes] the right to possess, the right to use, the right to capital, the liability to
execution, the immunity from expropriation, and so on.”); Property Rights, 2 THE WOLTERS KLUWER BOUVIER
LAW DICTIONARY 2237 (Stephen Michael Sheppard ed., desk ed. 2012) (referring to property rights as “the
rights of ownership, possession, and use of lands, things, and ideas, including intellectual property”); RICHARD
A. EPSTEIN, TAKINGS: PRIVATE PROPERTY AND THE POWER OF EMINENT DOMAIN 35–104 (1985) (explaining
that the “bundle of rights” approach has become the standard starting point for an inquiry into the nature of
property); Kaiser Aetna v. United States, 444 U.S. 164, 176 (1979) (“[T]he owners has somehow lost one of the
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 9
right to transfer.
40
Among the three, the right to exclude is described as “one of
the most essential sticks in the bundle of rights that are commonly characterized
as property.”
41
Contracts, torts, competition, and penal laws can also convey exclusion
rights, but not a complete bundle of rights that amounts to ownership. Contracts
can mimic all rights typically conferred by property laws, but create rights and
obligations only between contracting parties and named beneficiaries.
Companies often agree in contracts that one party shall own certain data. But,
such an agreement binds only other contracting parties and not anyone else, and
can thus not convey actual property rights. Torts, competition, and penal laws
can generally prohibit data access or use except by authorized persons and thus
create de facto exclusion rights.
42
But, torts, competition, and penal laws are
limited to prohibitions and do not convey rights to possession, access, use, and
alienability to the authorized person who is exempt from the prohibitions; such
laws are intended to prohibit conduct that is harmful to society, business
integrity, or individual freedoms and stop short of creating property.
Governments grant ownership and property rights primarily for utilitarian
or economic incentive reasons.
43
Property rights are therefore granted to
most essential sticks in the bundle of rights that are commonly characterized as property—the right to exclude
others.”).
40. Tom W. Bell, “Property” in the Constitution: The View from the Third Amendment, 20 WM. & MARY
BILL RTS. J. 1243, 1250 (2012) (“Unless ‘property’ comes with a limiting adjective, then, it covers anything of
value subject to an owner’s exclusive rights of use and transfer.”); Thomas W. Merrill, Property and the Right
to Exclude, 77 NEB. L. REV. 730, 730 (1998) (“Of course, those who are given the right to exclude others from
a valued resource typically also are given other rights with respect to the resource—such as the right[] . . . to
transfer it . . . .”).
41. Kaiser, 444 U.S. at 176; see also Merrill, supra note 40, at 730 (“[T]he right to exclude others is more
than just ‘one of the most essential’ constituents of property—it is the sine qua non.”). The United States
Supreme Court has also focused on the right to exclude in its interpretation of the Fourth Amendment of the
Constitution. See Thomas K. Clancy, What Does the Fourth Amendment Protect: Property, Privacy, or
Security?, 33 WAKE FOREST L. REV. 307, 353 (2009); see also United States v. Jones, 565 U.S. 400, 405 (2012)
(discussing that the Court’s Fourth Amendment jurisprudence used to be tied to common-law trespass, but that
its later cases have deviated from that exclusively property-based approach).
42. For example, laws like the U.S. Computer Fraud and Abuse Act and other computer interference laws,
unfair competition laws, data privacy laws, trade secret laws and database protection laws create a de facto
exclusion right.
43. See ROBERT P. MERGES ET AL., INTELLECTUAL PROPERTY IN THE NEW TECHNOLOGICAL AGE 11 (6th
ed. 2012) (“Utilitarian theory, and the economic framework built upon it, has long provided the dominant
paradigm for analyzing and justifying the various forms of intellectual property protection.”); see also Peter
Horsley, Property Rights Viewed from Emerging Relational Perspectives, in PROPERTY RIGHTS AND
SUSTAINABILITY: THE EVOLUTION OF PROPERTY RIGHTS TO MEET ECOLOGICAL CHALLENGES 87, 89–90 (David
Grinlinton & Prue Taylor eds., 2011) (“Property rights encourage property holders to develop their property,
generate wealth, and efficiently allocate resources based on the operation of the market.”); Eric A. Posner & E.
Glen Weyl, Property Is Only Another Name for Monopoly, 9 J. LEGAL ANALYSIS 51, 51 (2017) (“Property rights
of all sorts—in real estate, in shares of corporations, and in radio spectrum, to take three diverse examples—
give the owner a monopoly over a resource. It is conventional to think that this monopoly is benign. It gives the
owner an incentive to invest in improving the property because she receives the entire payoff from its use or
sale. This aligns social and private incentives for investment in property.”). Other theories for justifying property
rights are the natural rights perspective, as advanced by John Locke in Two Treatises on Government, and the
personhood justification, as developed by Georg Wilheim Freidrich Hegel in Philosophy of Right. For further
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
10 HASTINGS LAW JOURNAL [Vol. 70:1
incentivize creations or improvements of property, such as farm land (real
property) and chattels (personal property),
44
as well as various intangibles,
45
including works of authorship (copyrights),
46
brands (trademarks), and
inventions (patents).
47
For these types of creations, in which the real value lies
in their intangible aspects, governments grant property rights to reward and
incentivize the creators and inventors by allowing them to monetize their
creations and exclude their competitors (or make them license the rights for a
fee or rent).
48
discussions on the natural rights perspective, see Donna M. Byrne, Locke, Property, and Progressive Taxes, 78
NEB. L. REV. 700, 705–15 (1999); Carol M. Rose, Possession as the Origin of Property, 52 U. CHI. L. REV. 73,
73 (1985) (analyzing the flaws in Locke’s theory that “original owner is one who mixes his or her labor with a
thing and, by commingling that labor with the thing, establishes ownership of it”); and Waldron, supra note 37,
at 10 (comparing Locke’s theory of property rights with David Hume’s theory of rights). For further discussions
on the personhood justification, see Margaret Jane Radin, Property and Personhood, 34 STAN. L. REV. 957, 971–
77 (1982).
44. See GER. CIV. CODE, supra note 31, § 953 (stating that property rights are granted to the owner of the
thing, for example in § 99, fruits of property belong to the owner of the original property); CAL. CIV. CODE § 658
(West 2018) (generally granting property rights in crops to the owner of the land).
45. See Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the
Enforcement of Intellectual Property Rights, para. 1, 2004 O.J. (L 157) 45, 46 (“The protection of intellectual
property is important not only for promoting innovation and creativity, but also for developing employment and
improving competitiveness.”); Directive 2004/48/EC of the European Parliament and of the Council of 29 April
2004 on the Enforcement of Intellectual Property Rights, para. 2, 2004 O.J. (L 157) 45, 46 (“The protection of
intellectual property should allow the inventor or creator to derive a legitimate profit from his invention or
creation. It should also allow the widest possible dissemination of works, ideas and new know-how. At the same
time, it should not hamper freedom of expression, the free movement of information, or the protection of
personal data, including on the Internet.”).
46. See, e.g., CAL. CIV. CODE §§ 654–1422 (West 2018); 17 U.S.C. §§ 101–1332 (2012); GER. CIV. CODE,
supra note 31, §§ 903–1011; Urheberrechtsgesetz [UrhG] [Act on Copyright and Related Rights], Sept. 9, 1965,
BGBL. I at 1273, last amended Sept. 1, 2017, BGBL. I at 3346, translation at https://www.gesetze-im-
internet.de/englisch_urhg/englisch_urhg.html (Ger.) [hereinafter German Copyright Act].
47. 35 U.S.C. § 101 (2012) (“Whoever invents or discovers any new and useful process, machine,
manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor,
subject to the conditions and requirements of this title.”); Patentgesetz [PatG] [Patent Act], Dec. 16, 1980, BGBL.
I at 1, last amended Sept. 1, 2017, BGBL. I at 3346, translation at
http://www.wipo.int/wipolex/en/text.jsp?file_id=401424 (Ger.) (“Patents shall be granted for any inventions, in
all fields of technology, provided that they are new . . . .”). The four major economic justifications for patent
law, according to a 1966 Report of the President’s Commission on the Patent System, are that the patent system:
(1) provides an incentive to invent, (2) stimulates the investment of additional capital needed for the further
development and marketing of the invention, (3) encourages early public disclosure of technological
information, and (4) promotes the beneficial exchange of products, services, and technological information.
ROBERT P. MERGES ET AL., supra note 43, at 17–18 (citing COMM. ON THE JUDICIARY OF THE U.S. SENATE,
REPORT OF THE PRESIDENT’S COMMISSION ON THE PATENT SYSTEM 2 (1966)).
48. See U.S. CONST. art. I, § 8, cl. 8 (granting Congress the power to enact copyright laws in order to
“promote the Progress of Science and useful Arts”); see also THOMAS JEFFERSON, THE WRITINGS OF THOMAS
JEFFERSON 334 (Andrew A. Lipscomb & Albert Ellery Bergh eds., 1905) (“Society may give an exclusive right
to the profits arising from them, as an encouragement to men to pursue ideas which may produce utility, but this
may or may not be done, according to the will and convenience of the society, without claim or complaint from
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 11
As governments extend property rights to reward investment and
innovation, they must also consider various conflicting interests of the public.
Property laws need to evolve in pace with societal and technological changes.
49
The arising rights should be granted only if they do not come into conflict with
existing laws and third-party rights.
50
The rights to use and exclude are thus
restricted in various ways. For example, landowners’ rights are limited by the
right of way for neighbors under certain circumstances,
51
and their rights to use
are further limited by land development regulations, gun control laws, and traffic
rules, among others.
52
Proper limits need to be established for intellectual property laws as well.
Although designed to incentivize investments for the greater good, such as for
stimulating scientific and technological progress or developing the fine arts,
exclusivity rights that are granted too broadly or for too long can actually impair
the desired progress.
53
This is why limitations, carve-outs, and exceptions have
been set for intellectual property rights, so that a balance can be established
between the interests of innovators and of the wider public. Data is typically one
of the carve-outs from protectable subject matter definitions in intellectual
property laws,
54
and there is no known “data property statute” in any country.
anybody.”).
49. See Lucas v. S.C. Coastal Council, 505 U.S. 1003, 1069 (1992) (Blackmun, J., dissenting) (“Arresting
the development of the common law is not only a departure from our prior decisions; it is also profoundly unwise.
The human condition is one of constant learning and evolution—both moral and practical. Legislatures
implement that new learning; in doing so they must often revise the definition of property and the rights of
property owners.”).
50. See GER. CIV. CODE, supra note 31, § 903 (“[O]wner of a thing may, to the extent that a statute or
third-party rights do not conflict with this, deal with the thing at his discretion and exclude others from every
influence.” (emphasis added)).
51. See, e.g., GER. CIV. CODE, supra note 31, § 917(1) (“If a plot of land lacks the connection to a public
road necessary for the due use, the owner may require of the neighbors that until the defect is removed they
tolerate the use of their plots of land to create the necessary connection.”); see also CAL. CIV. CODE § 1009
(West 2018) (“It is in the best interests of the state to encourage owners of private property to continue to make
their lands available for public recreational use to supplement opportunities available on tax-supported publicly
owned facilities.”).
52. See GER. CIV. CODE, supra note 31, § 903 (“The owner of an animal must, when exercising his powers,
take into account the special provisions for the protection of animals.”); see also Cal. Civ. Code § 3342(a) (“The
owner of any dog is liable for the damages suffered by any person who is bitten by the dog while in a public
place or lawfully in a private place.” emphasis added)).
53. See, e.g., Peter Lee, Antiformalism at the Federal Circuit: The Jurisprudence of Chief Judge Rader, 7
WASH. J.L. TECH. & ARTS 405, 417 (2012) (“In that context, separating protectable expression from
nonprotectable idea often proceeds as a policy determination inquiring into whether an asset is so abstract that
subjecting it to exclusive rights would effectively impair rather than advance creative progress.”); Defend
Innovation, ELECTRONIC FRONTIER FOUND., https://web.archive.org/web/20151222074452/https://
defendinnovation.org/proposals (last visited Nov. 21, 2018) (asserting that a “patent covering software should
be shorter: no more than five years from the application date” so that the patent system can defend innovation,
instead of hindering it).
54. Patent law excludes laws of nature, natural phenomena and abstract ideas from patentable subject
matter. Mayo Collaborative Servs. V. Prometheus Labs., Inc., 566 U.S. 66, 70–71 (2012). Trademark law denies
protection for generic marks. Park ‘n Fly v. Dollar Park & Fly, 469 U.S. 189, 194 (1985). Copyright law
excludes facts and ideas from copyright protection. 17 U.S.C. § 102(b) (2012).
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
12 HASTINGS LAW JOURNAL [Vol. 70:1
Yet, various existing property law regimes implicate data and information
in different aspects, forms, and scenarios, as discussed in the subsequent sections
of Part III, although none of those regimes grant any effective ownership or
property rights in the data itself. The subsequent sections of Part III also explore
the popular justifications and legal frameworks for property rights under each
property law regime to provide the analytical framework for assessing potential
policy reasons for creating new property rights in data.
B. R
EAL PROPERTY
Real property laws may grant ownership rights to physical manifestations
of information that attach to real property, but do not provide any ownership
rights to the underlying information itself. Real property laws are designed to
protect land, anything that grows on the land, anything permanently attached to
the land, or any structure erected on it, including crops, mines, roads, and
machinery.
55
Owners are entitled to the real property’s access, use, possession,
enjoyment, disposition, and exclusion of others (trespassers),
56
as well as to
harvest its crops, fruits, game, water, and minerals. These ownership rights,
however, are limited in different aspects. For example, the owner must comply
with building codes and obtain the required permits and approvals,
57
and may
55. See CAL. CIV. CODE § 658 (West 2018) (“Real or immovable property consists of: l. Land; 2. That
which is affixed to land; 3. That which is incidental or appurtenant to land; 4. That which is immovable by law;
except that for the purposes of sale, emblements, industrial growing crops and things attached to or forming part
of the land, which are agreed to be severed before sale or under the contract of sale, shall be treated as goods
and be governed by the provisions of the title of this code regulating the sales of goods.”); id. § 659 (“Land is
the material of the earth, whatever may be the ingredients of which it is composed, whether soil, rock, or other
substance, and includes free or occupied space for an indefinite distance upwards as well as downwards, subject
to limitations upon the use of airspace imposed, and rights in the use of airspace granted, by law.”); id. §§ 661,
662 (discussing fixtures and appurtenances); see also GER. CIV. CODE, supra note 31, § 946 (“If a movable thing
is combined with a plot of land in such a way that it becomes an essential part of the plot of land, the ownership
of the plot of land extends to this movable thing.”); id. § 94 (“(1) The essential parts of a plot of land include the
things firmly attached to the land, in particular buildings, and the produce of the plot of land, as long as it is
connected with the land. Seed becomes an essential part of the plot of land when it is sown, and a plant when it
is planted. (2) The essential parts of a building include the things inserted in order to construct the building.”);
id. §§ 873–902 (providing general provisions on rights in land); id. §§ 925–928 (discussing acquisition and loss
of ownership of plots of land); see also Story v. Christin, 95 P.2d 925, 926 (Cal. 1939) (“The ancient law rigidly
applied the maxim quicquid plantatur solo cedit and held that whatever was attached to land in any manner
whatsoever was part of the land. This rule was applied to plants and trees growing in soil and also to buildings
and other products of man’s labor.”); Kindig v. Palos Verdes Homes Ass’n, 91 P.2d 645, 647 (Cal. Ct. App.
1939).
56. See Nollan v. Cal. Coastal Comm., 483 U.S. 825, 831–32 (1987); Denise R. Johnson, Reflections on
the Bundle of Rights, 32 VT. L. REV. 247, 253, 255, 262; see also City of W. Bend v. Cont’l IV Fund Ltd. P’ship,
535 N.W.2d 24, 26 (Wis. Ct. App. 1995).
57. See, e.g., New Houses, Additions & Remodeling, CITY OF SAN MARINO CALIFORNIA,
https://www.cityofsanmarino.org/284/New-Houses-Additions-Remodeling (last visited Nov. 21, 2018)
(requiring additions to undergo approval); GOVERNOR’S OFFICE OF PLANNING & RESEARCH, STATE OF CAL.,
PLANNING, ZONING, AND DEVELOPMENT LAWS 6–10 (2012), http://www.opr.ca.gov/docs/PZD2012.pdf (listing
building requirements).
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 13
have to grant access to her neighbors or the public under certain circumstances.
58
Likewise, the law can limit an owner’s ability to extract water, oil, and minerals
if a use affects the environment or his neighbors.
59
Real property laws grant rights to owners with respect to physical
manifestations of information that attach to the real property (for example
warnings carved in stone or a tree, paintings in a cave or on a house, or zebra
crossing lines painted on a road), subject to the aforementioned restrictions. The
owner of such physical manifestations of information would have the same
rights as to the real property itself, including the rights to possess and exclude
others from trespassing on the physical embodiment of information (for
instance, an owner can prohibit others from parking cars on road segments
marked with “no parking” lines). But, real property laws do not grant rights to
possess or control data about real property.
60
A landowner cannot assert property
rights to prohibit others from depicting the location of a zebra road crossing on
a map or take a photo of the road markings, or demand access to maps or photos
based on ownership of land depicted. Real property ownership does not extend
to the informational content, and no ownership rights arise for data as such based
on real property laws.
Data is thus not covered by real property laws as protectable subject matter,
and real property owners do not have any right to exclude others from accessing,
using, reproducing, or distributing the informational content that exists within
physical items on their real property.
C. P
ERSONAL PROPERTY
Personal property laws can grant ownership rights to physical
manifestations of information, but do not provide any ownership rights to the
underlying information. This is because personal property laws cover physical
things (other than real estate). For example, the German Civil Code expressly
limits personal property law
61
to tangible things.
62
California property law
defines personal property as “every kind of property that is not real [property]”
63
and courts have required a connection to physical items.
64
An owner of a
58. See CAL. CIV. CODE § 1009(a)(1) (West 2018); see also GER. CIV. CODE, supra note 31, § 917(1)
(requiring landowners to allow their neighbors to cross their land if no other connection to a public road exists);
Waldgesetz für Bayern [BayWaldG], GVBI § 313, BayRS 7902-1-L, art. 13(1) (2005) (Ger.) (creating a public
right to access forest lands).
59. See generally 30 C.F.R. § 250 (2018) (discussing U.S. federal guidelines for oil, gas, and sulphur
operations on the Outer Continental Shelf).
60. See CAL. BUS. & PROF. CODE § 8774 (West 2018), for a discussion on California law granting a “right
of entry” on property to collect information about borders and location of real property.
61. See GER. CIV. CODE, supra note 31, §§ 929–984.
62. See id. (limiting personal property to “moveable things”).
63. See CAL. CIV. CODE § 663 (West 2018).
64. See Estate of Puett, 1 Cal.2d 131, 134 (Cal. 1934) (citing Bills v. Putnam, 64 N.H. 554 (N.H. 1888) for
the proposition that personal property embraced goods and chattel only); see also PERSONS, PARTS AND
PROPERTY: HOW SHOULD WE REGULATE HUMAN TISSUE IN THE 21ST CENTURY? 91 (Imogen Goold et al. eds.,
2014) (“All clear property rights, in addition to being exigible against the world, have a second characteristic of
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
14 HASTINGS LAW JOURNAL [Vol. 70:1
physical item that embodies information—such as a book, photo, or computer
chip—can thus enforce property rights to the physical item that embodies data
(she can exclude others from taking a computer chip or demand return of a
book),
65
but cannot exclude others from apprehending, using, reproducing,
disclosing, or displaying the information contained within the physical item (that
is, she cannot exclude others from the informational content).
D. T
RADE SECRET
At first sight, trade secret laws may appear to come close to granting
ownership rights to data, but these laws have limitations that prevent them from
effectively granting property rights to data. In the United States, trade secret law
originated from the common law, but has now been codified in state statutes
66
that resemble the Uniform Trade Secrets Act
67
and federal law, including the
Defend Trade Secrets Act of 2016.
68
Businesses can claim protection for
technical know-how, customer lists, and other information as trade secrets if that
information (1) is not generally known or readily accessible, (2) derives an
economic value from being secret, and (3) has been subject to reasonable steps
to be kept as a secret.
69
Whether such protection falls within the property law regime is subject to
controversy.
70
In the Defend Trade Secrets Act of 2016, Congress expressly
stated that the Act “shall not be construed to be a law pertaining to intellectual
property.”
71
Trade secrets are protected against misappropriation by way of
relating to a physical thing.”).
65. Lars S. Smith, RFID and Other Embedded Technologies: Who Owns the Data?, 22 SANTA CLARA
COMPUTER & HIGH TECH. L.J. 695, 737–38 (2006) (“Even if the manufacturer does not own the data directly—
whether because the data is not subject to ownership by anyone, or because the manufacturer is not the creator
of the data or otherwise directly owner of the intangible property—the manufacturer may be able to control the
data because it owns the chip in the tag. Given that the chip (and the antenna) is a piece of tangible, personal
property, traditional rules regarding ownership of the chip would apply.”).
66. Risch, supra note 38, at 6.
67. See Smith, supra note 65, at 722.
68. Defend Trade Secrets Act of 2016, Pub. L. No. 114-153, 130 Stat. 376 (2016) (codified as amended in
scattered sections of 18 U.S.C.); see also Lothar Determann et al., Trade Secret Protection Measures and New
Harmonized Laws, 17 COMPUTER L. REV. INT’L 179, 179 (2016).
69. 18 U.S.C. § 1839(3)(A)–(B) (2012); CAL. CIV. CODE §§ 3426.1(d), 3426.11 (West 2018); Directive
(EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the Protection of Undisclosed
Know-How and Business Information (Trade Secrets) Against Their Unlawful Acquisition, Use and Disclosure,
art. 2(1), 2016 O.J. (L 157) 1, 9 (establishing a similar framework of trademark rules to be provided by the EU
Member States); see also MERGES ET AL., supra note 43, at 25 (“The definition of subject matter eligible for
protection is quite broad: business or technical information of any sort. To benefit from trade secret protection,
the information must be a secret.”).
70. See, e.g., Risch, supra note 38, at 15 (“To many, if trade secrets are property, then laws protecting them
are normatively justified. Thus, the question of whether or not trade secrets are property has raged on for many
years.”).
71. Defend Trade Secrets Act of 2016, Pub. L. No. 114-153 § 2(g), 130 Stat. 376 (2016). Section 2(g) of
the Defend Trade Secrets Act is apparently intended primarily to maintain the status quo under section 230 of
the Communications Decency Act. Eric Goldman, The Defend Trade Secrets Act Isn’t an “Intellectual
Property” Law, 33 SANTA CLARA HIGH TECH. L.J., 541, 541–42 (2017) (“[T]he odd and unprecedented
declaration that the DTSA ‘shall not be construed to be a law pertaining to intellectual property.’ . . . preserves
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 15
espionage or breach of contract.
72
The goal of trade secret law is not to
incentivize citizens or companies to keep information secret, but to protect
business integrity from unfair misappropriation of valuable confidential
information.
73
In Germany, trade secret protection has also historically been cast
as a prohibition against unfair competition, and not as a property right.
74
Further,
trade secrets do not provide “exclusive” rights,
75
and the legal protections
available for trade secrets are less concrete than those for real, personal, and
other intangible properties.
76
For example, information immediately loses
protection under trade secret laws if it becomes public via independent discovery
or reverse engineering in the interest of innovation
77
—in other words, the
moment the information no longer qualifies as a secret.
78
Trade secret laws are
thus more akin to traditional tort law than to property law (for example, patent
or copyright law).
79
The limitations of trade secret laws as a means to establish property-like
the status quo for 47 U.S.C. § 230 . . . .” (quoting Defend Trade Secrets Act of 2016, Pub. L. No. 114-153, § 2(g),
130 Stat. 376 (2016))).
72. 18 U.S.C. §§ 1832, 1839(6)(A) (2012); CAL. CIV. CODE §§ 3426.1–3426.11 (West 2018).
73. See MERGES ET AL., supra note 43, at 25 (“Trade secret laws are state law doctrines that protect against
the misappropriation of certain confidential information.”); id. at 37 (“On eligible subject matter, the current
trend, exemplified once again by the UTSA, is to protect as a trade secret any valuable information so long as
the information is capable of adding economic value . . . .”).
74. See Gesetz gegen den unlauteren Wettbewerb [UWG] [Act Against Unfair Competition], Mar. 3, 2010,
BGB
L
. I at 254, last amended Feb. 17, 2016, BGB
L
. I at 233, translation at http://www.gesetze-im-
internet.de/englisch_uwg/englisch_uwg.pdf (Ger.) (“This Act shall serve the purpose of protecting competitors,
consumers and other market participants against unfair commercial practices.” (emphasis added)).
75. See 1 ROGER M. MILGRIM, MILGRIM ON TRADE SECRETS § 2.01 (2010).
76. See Pamela Samuelson, Information as Property: Do Ruckelshaus and Carpenter Signal a Changing
Direction in Intellectual Property Law?, 38 CATH. U. L. REV. 365, 398 (1989) (“Clearly, the word property is a
very powerful metaphor that radically changes the stakes in legal disputes. Once a property interest is
established, the law provides a wide range of legal protections for it, a much wider range . . . [than for] other
specific kinds of unfair conduct.”).
77. See 18 U.S.C. § 1839(6)(B) (2012); Kewanee Oil Co. v. Bicron Corp., 416 U.S. 470, 476 (1974)
(defining “reverse engineering” as “starting with the known product and working backward to divine the process
which aided in its development or manufacture”); see also Directive on the Protection of Undisclosed Business
Information, supra note 69, at para. 16 (“In the interest of innovation and to foster competition, the provisions
of this Directive should not create any exclusive right to know-how or information protected as trade secrets.
Thus, the independent discovery of the same know-how or information should remain possible. Reverse
engineering of a lawfully acquired product should be considered as a lawful means of acquiring information,
except when otherwise contractually agreed.”); Determann et al., supra note 68, at 181.
78. The qualification of trade secrets as property is controversial and determined differently for purposes
of different areas of law. For example, the United States Supreme Court has recognized that if state law
recognizes a trade secret as property, then for purposes of a federal “taking” analysis, it is property. MILGRAM
ET AL., supra note 75, § 2.01.
79. MERGES ET AL., supra note 43, at 25; see also id. at 37 (“Legal protection for trade secrets is premised
primarily on two theories that are only partly complementary. The first is utilitarian. Under this view, protecting
against the theft of proprietary information encourages investment in such information. . . . The second theory
emphasizes deterrence of wrongful acts and is therefore sometimes described as a tort theory.”).
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
16 HASTINGS LAW JOURNAL [Vol. 70:1
rights in data are particularly evident with respect to data generated by connected
cars and other devices on the Internet of Things. Device manufacturers typically
cannot access information from devices without the device owners’ consent,
80
much less keep the information secret from the device owners. Device
manufacturers thus generally cannot claim trade secret ownership rights in the
data and information generated by the devices they sell to customers. Consumers
also typically cannot claim trade secret rights in the data produced by the devices
they own because they cannot substantiate a competitive advantage from
keeping the data secret. Moreover, much of the data and information generated
by cars and other connected devices, such as its location and environment, is
generated and displayed in plain sight, depriving that information of secrecy.
Thus, trade secret laws do not convey meaningful ownership in data, and instead,
merely offer some level of protection against unfair misappropriation of
information.
E. P
ATENT
Patent law provides property rights to systems or methods that involve
inventive use, storage, or application of data in certain instances. But patent law
does not provide any ownership rights in the underlying data itself.
Inventors can acquire patent rights to new, non-obvious and useful
processes, machines, manufactures or compositions of matter, and to new and
useful improvements thereof.
81
Although the protection granted under patent
law is generally broad, and as often cited, embraces “anything under the sun that
is made by man,”
82
the U.S. Supreme Court recognizes limitations to patent-
eligible subject matter, such as laws of nature, natural phenomena, and abstract
ideas.
83
These limitations were described as “the basic tools of scientific and
technological work,” for which a monopoly through patent rights would impede
innovation.
84
Although use, storage, or application of data can be patentable, the
underlying data is not eligible for patent protection.
85
Patent law is thus not an
80. The U.S. Computer Fraud and Abuse Act and other jurisdictions’ computer interference laws expressly
prohibit such access. Lothar Determann, Internet Freedom and Computer Abuse, 35 HASTINGS COMM. & ENT.
L.J. 429, 443 (2013).
81. 35 U.S.C. § 101 (1952) (utility); 35 U.S.C. § 102 (2012) (novelty); 35 U.S.C. § 103 (2011)
(nonobviousness).
82. Diamond v. Chakrabarty, 447 U.S. 303, 309 (1980) (quoting S. REP. NO. 1979, at 5 (1952); H.R. REP.
NO. 1923, at 6 (1952)).
83. Alice Corp. v. CLS Bank Int’l, 134 S. Ct. 2347, 2354 (2014); Diamond v. Diehr, 450 U.S. 175, 185
(1981); Funk Bros. Seed Co. v. Kalo Inoculant Co., 333 U.S. 127, 130 (1948); Gottschalk v. Benson, 409 U.S.
63, 67 (1972); Rubber-Tip Pencil Co. v. Howard, 87 U.S. (20 Wall.) 498, 507 (1874).
84. MERGES ET AL., supra note 43, at 145 (quoting Gottschalk, 409 U.S. at 67).
85. See Digitech Image Techs. v. Elecs. for Imaging, 758 F.3d 1344, 1350 (Fed. Cir. 2014) (“As noted by
the Supreme Court, ‘an application of a law of nature or mathematical formula to a known structure of process
may well be deserving of patent protection.’ . . . [thus] [t]he method in the ‘415 patent claims an abstract idea
because it describes a process of organizing information through mathematical correlations and is not tied to a
specific structure or machine.” (internal citation omitted) (emphasis added)); see also W. Nicholson Price II,
Big Data, Patents, and the Future of Medicine, 37 CARDOZO L. REV. 1401, 1420 (2016) (“Facts and data do not
fall within one of the four categories of patentable subject matter . . . . This leaves only the algorithms that
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 17
effective legal framework for protecting the rights to data.
F. T
RADEMARK
Trademark law, also, does not provide appropriate property rights to data.
Brand names and logos used on goods and services are protected by trademark
law against unauthorized use in commerce to the extent that such use could
confuse consumers.
86
The purpose of trademark law has “remained constant and
limited: Identification of the manufacturer or sponsor of a good or the provider
of a service,”
87
with a fair use defense that “forbids a trademark registrant to
appropriate a descriptive term for his exclusive use and so prevent others from
accurately describing a characteristic of their goods.”
88
Informational content, such as a person’s last name used in a business, can
therefore be trademarked, referring to the use in a particular branch. However,
this does not grant ownership rights in the data or information itself and it only
entitles the holder to prevent others from using the name in a confusing way (for
example, within the same business branch for which the trademark was
registered) in connection with selling similar products or services.
actually drive black-box medicine as potential subjects of patent protection.”). In Mayo Collaborative Servs v.
Prometheus Labs., Inc., 566 U.S. 66 (2012), the Supreme Court illustrated the difference between data and
patent-eligible subject matter. The patent in question claimed methods for calibrating the effective dosage for
certain drugs to treat autoimmune disease by correlating drug metabolites and the treatment’s likely
effectiveness. Id. at 73. The Court held that this data correlation, with little more—telling doctors to increase or
decrease the drug based on the metabolite level—was not patentable. Id. at 72. The Court referred to the
correlation data as a “law of nature” and noted that “a law of nature is not patentable.” Id. at 77. The Court
explained that one must do something more with the data—apply it in a meaningful way—in order to render it
patent eligible. Id. at 71. However, a process is not unpatentable simply because it contains a law of nature of a
mathematical algorithm. Id. (quoting Diehr, 450 U.S. at 187). Indeed, an “‘application of a law of nature or
mathematical formula to a known structure or process may well be deserving of patent protection.’” Id. (quoting
Diehr, 450 U.S. at 187)). But, the Court cautioned that “to transform an unpatentable law of nature into a patent-
eligible application of such a law, one must do more than simply state the law of nature while adding the words
‘apply it.’” Id. at 72. The Court provided somewhat more of an explication of what additional application would
be sufficient in a later case, Ass’n for Molecular Pathology v. Myriad Genetics, Inc. 569 U.S. 576 (2013). There,
the PTO granted a patent claiming the isolation of a particular DNA segment, and also the synthetically created
DNA (complementary or cDNA). Id. at 582–83. The Court held that the DNA segment was nothing more than
the product of nature and not patent eligible, but that the synthetic DNA was patent eligible because it “d[id] not
present the same obstacles to patentability as naturally occurring, isolated DNA segments.” Id. at 594. The
scientists took the data and made something new. Id. at 595 (“[T]he lab technician unquestionably creates
something new when [synthetic DNA] is made.”).
86. See 15 U.S.C. § 1114(1) (2012); see also Gesetz über den Schutz von Marken und sonstigen
Kennzeichen [MarkenG] [Trade Mark Act], Oct. 25, 1994, BGB
L
I at 3082, last amended Oct. 19, 2013, BGB
L
I at 3830, art. 3, translation at http://www.gesetze-im-internet.de/englisch_markeng/englisch_markeng.pdf
(Ger.).
87. New Kids on the Block v. News Am. Publ’g, Inc., 971 F.2d 302, 305 (9th Cir. 1992).
88. Id. at 306 (internal quotation marks omitted) (citing Soweco, Inc. v. Shell Oil Co., 617 F.2d 1178, 1185
(5th Cir. 1980)).
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
18 HASTINGS LAW JOURNAL [Vol. 70:1
G. COPYRIGHT
Copyright law can provide property rights to original works of authorship
that contain information, including creative compilations of data, but not to the
underlying data itself. Although there are different philosophical foundations of
copyright law, the predominant philosophical framework undergirding
American copyright law is utilitarian:
89
“The immediate effect of our copyright
law is to secure a fair return for an ‘author’s’ creative labor. But the ultimate aim
is, by this incentive, to stimulate artistic creativity for the general public good.”
90
Authors of writings and other works are thus granted protection under
copyright law if they are creative.
91
“The subject matter protectable by copyright
spans the broad range of literary and artistic expression—including literature,
song, dance, sculpture, graphics, painting, photography, sound, movies, and
computer programming.”
92
But copyright law protects only the creative
expression of information, and not the information itself.
93
Copyright owners
hold the exclusive right to exclude others from copying, adapting, distributing,
performing, or displaying creative content,
94
but not with respect to the
underlying factual information contained within. For example, an accounting
book author would be able to assert her rights under copyright law against literal
copying of the book’s text, but not against differently-worded descriptions of the
accounting methods contained within the book.
95
As the U.S. Supreme Court
pointed out, in “considering the general question of property in news matter, it
is necessary to recognize its dual character, distinguishing between the substance
of the information and the particular form or collocation of words in which the
writer has communicated it.”
96
89. MERGES ET AL., supra note 43, at 435; see also U.S. CONST. art. I, § 8, cl. 8 (granting Congress the
power to enact copyright laws in order to “promote the Progress of Science and useful Arts”).
90. Twentieth Century Music Corp. v. Aiken, 422 U.S. 151, 156 (1975).
91. See 17 U.S.C. § 102(a) (2012); German Copyright Act, supra note 46, § 2; see also MERGES ET AL.,
supra note 43, at 436 (“Creative work is to be encouraged and rewarded . . . .” (quoting Twentieth Century Music
Corp. v. Aiken, 422 U.S. 151, 156 (1975))).
92. Id. at 434.
93. See 17 U.S.C. § 102(b) (2012) (“In no case does copyright protection . . . extend to any idea, procedure,
process, system, method of operation, concept, principle, or discovery . . . .”); see also MERGES ET AL., supra
note 43, at 434 (“Ideas themselves are not copyrightable, but the author’s particular expression of an idea is
protectable.”); Feist Publ’ns, Inc. v. Rural Tel. Serv. Co., Inc., 499 U.S. 340, 348 (1991) (holding that “all facts—
scientific, historical, biographical, and news of the day” are part of the public domain and are not copyrightable).
This also true under German copyright law, which requires a certain level of creativity (“Schoepfungshoehe”).
See German Copyright Act, supra note 46, § 2(2).
94. 17 U.S.C. § 106 (2012); German Copyright Act, supra note 46, at §§ 15–23.
95. See generally Baker v. Selden, 101 U.S. 99 (1879) (“[B]lank account-books are not the subject of
copyright; and [] the mere copyright of Selden’s book did not confer upon him the exclusive right to make and
use account-books, ruled and arranged as designated by him and described and illustrated in said book.”).
96. Int’l News Serv. v. Associated Press, 248 U.S. 215, 234 (1918). Further, various limitations also apply
to copyrightable subject matter in the interest of promoting constructive criticisms, comments, news reporting,
teaching, scholarship and research. See 17 U.S.C. § 107 (2012) (discussing the fair use doctrine); German
Copyright Act, supra note 46, §§ 49; Directive 2001/29/EC of the European Parliament and of the Council of
22 May 2001 on the Harmonisation of Certain Aspects of Copyright and Related Rights in the Information
Society, 2001 O.J. (L 167) 10, 14 (“This Directive should seek to promote learning and culture by protecting
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 19
In certain instances, copyright law grants copyright ownership rights to
compilations of data, as long as that compilation is creative. An author can
creatively select or arrange the facts in a compilation, for example, by choosing
“which facts to include, in what order to place them, and how to arrange the
collected data.”
97
The resulting compilation then entails a degree of creativity,
and may therefore possess the requisite originality for copyright protection.
98
But even in such cases, no copyright is attached to the factual data itself.
99
Where cars and other connected devices generate and record data, the
resulting compilations will often already lack human creativity, and thus an
abstraction filtration test to separate facts and creative expression is not even
necessary. Neither monkeys taking selfies, nor autonomous cars recording
security footage, can create copyrightable works, or own copyrights.
100
When
companies write software code to cause connected cars or other devices to
generate and compile data, human creativity can manifest itself separately and
apart from the compiled data, like in the coding of self-learning programs that
create maps using artificial intelligence in autonomous cars. It can then be
difficult to separate the creative aspects of the resulting work or compilation
from the non-protectable factual information.
101
For example, a creator of a
database containing information on traffic conditions, road hazards and speed
cameras may attempt to claim copyright protection for the compilation.
102
Nonetheless, the database creator will typically be unable to show that the
arrangement of the information has any originality.
103
works and other subject-matter while permitting exceptions or limitations in the public interest for the purpose
of education and teaching.”).
97. Feist Publ’ns, Inc., 499 U.S. at 348.
98. Id. at 363 (declining the copyrightability of the arrangement of data in a telephone directory because
there was “nothing remotely creative about arranging names alphabetically in a white pages directory” as this
was “an age-old practice, firmly rooted in tradition and so commonplace that it has come to be expected as a
matter of course”). This principle is embodied in 17 U.S.C. § 101 (2012), which defines “compilation” as “a
work formed by the collection and assembling of preexisting materials or of data that are selected, coordinated,
or arranged in such a way that the resulting work as a whole constitutes an original work of authorship.”
99. 17 U.S.C. § 103 (2012).
100. U.S. COPYRIGHT OFFICE, COMPENDIUM OF U.S. COPYRIGHT OFFICE PRACTICES §§ 306, 313.2 (3d ed.
2017).
101. Eric Goldman, Google Defeats Copyright Lawsuit over Waze Data, FORBES (Dec. 16, 2015, 1:40PM),
https://www.forbes.com/sites/ericgoldman/2015/12/16/google-defeats-copyright-lawsuit-over-waze-
data/#3bd2e916ff23 (noting that copyright case law regarding facts and compilations is often confusing and that
questions regarding what is fact and non-fact “routinely baffle judges”).
102. See generally PhantomALERT, Inc. v. Google, Inc., No. 15-cv-03986-JCS, 2015 U.S. Dist. LEXIS
167754 (N.D. Cal. Dec. 14, 2015) (dismissing the plaintiff’s complaint alleging that the defendant infringed its
copyright by copying “Points of Interest,” such as traffic conditions, dangerous road segments, road hazards,
and traffic enforcement monitors, from the plaintiff’s database containing navigation information).
103. See id. at *19 (discussing PhantomALERT’s argument that its map reflects creativity). But see
PhantomALERT, Inc. v. Google Inc., No. 15-cv-03986-JCS, 2016 U.S. Dist. LEXIS 30321 (N.D. Cal. 2016). at
*26 (“The Court now finds that the FAC alleges sufficient facts to support a plausible inference that at least
some of the Points of Interest in its database are characterized by sufficient originality to warrant copyright
protection.”).
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
20 HASTINGS LAW JOURNAL [Vol. 70:1
Further, any protection granted to compilations would, in practice, only
safeguard against a very limited scope of actions. Copyright law, again, does not
extend to the facts contained in the compilation and is limited to the facts’
particular selection or arrangement. This means that a subsequent compiler will
be free to use the facts contained in the prior compilation, as long as the
competing work does not feature the same selection and arrangement.
104
To be
successful with copyright claims, a plaintiff thus has to prove that the defendant
copied more than the merely extracted factual information.
105
If a developer
reproduces and adapts copyrighted code for the sole purpose of extracting non-
copyrightable data from expression within a work of authorship, this is
permissible under the fair use doctrine.
106
In summary, copyright law does not create ownership rights in the data
contained within a compilation or database. To the contrary, copyright law
expressly leaves out factual information from copyrightable material, and in the
U.S., precludes the states from creating copyright-like property regimes for
information or data.
107
H. U.S.
STATE LAWS ON MISAPPROPRIATION AND EU DATABASE DIRECTIVE
Companies that invest significant time and effort into the creation of
databases can claim limited protection against free-riders under the European
database laws
108
and U.S. state laws on misappropriation.
109
104. 17 U.S.C. § 103(b) (2012); Feist Publ’ns, Inc. v. Rural Tel. Serv. Co., Inc. 499 U.S. 340, 349 (1991).
105. See PhantomALERT, Inc. v. Google, Inc., No. 15-cv-03986-JCS, 2016 U.S. Dist. LEXIS 30321, at
*24 (N.D. Cal. Mar. 8, 2016) (holding that facts are not original and not copyrightable).
106. Lothar Determann & David Nimmer, Software Copyright’s Oracle from the Cloud, 30 BERKELEY
TECH. L.J. 161, 174–75 (2015).
107. Unlike the data generated by a device, the software used in connected cars and other devices is
protected by copyright law. In the United States, source and object code of software is protected as “literary
work” and thus enjoys the same protections and limitations as copies of other copyrightable works. 17 U.S.C.
§ 101 (2012); see also Whelan Assocs.v. Jaslow Dental Lab., Inc., 797 F.2d 1222, 1233 (3d. Cir. 1986). Europe
grants protection to software copies in the directive 2009/24/EC of the European Parliament and of the Council
of 23 April 2009 on the Legal Protection of Computer Programs, 2009 O.J. (L 111) 16. For a detailed discussion
of tailoring legal protection for computer software, see Determann & Nimmer, supra note 106, at 165–72, and
Peter S. Menell, Tailoring Legal Protection for Computer Software, 39 STAN. L. REV. 1329, 1354 (1987). For
an overview of software copyright protection in the EU, see Pamela Samuelson, Comparing U.S. and EC
Copyright Protection for Computer Programs: Are They More Different than They Seem?, 13 J.L. & COM. 279
(1994).
108. See Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the Legal
Protection of Databases, 1996 O.J. (L 77) 20 [hereinafter EC Database Directive] (offering copyright-like
protection to creators of valuable databases).
109. See U.S. Golf Ass’n v. Arroyo Software Corp., 81 Cal. Rptr. 2d 708, 714–15 (Cal. Ct. App. 1999)
(discussing California’s common law misappropriation as applicable to the unauthorized use of golf handicap
formulas that were developed through intensive data collection and analysis); see also Nat’l Basketball Ass’n v.
Motorola, Inc., 105 F.3d 841, 852–54 (2d Cir. 1997) (discussing the merits of a “hot news” misappropriation
claim in the context of unauthorized electronic delivery of near-real-time professional basketball statistics); Bd.
of Trade v. Dow Jones & Co., 439 N.E.2d 526, 537 (Ill. App. Ct. 1982) (applying Illinois’s common law
misappropriation to the unauthorized use of the Dow Jones Index and Averages as a trading vehicle);
RESTATEMENT (THIRD) OF UNFAIR COMPETITION § 38 (AM. LAW INST. 1995); Jane C. Ginsburg, Copyright,
Common Law, and Sui Generis Protection of Databases in the United States and Abroad, 66 U. CIN. L. REV.
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 21
Unlike copyright law, which protects the creativity or authorship arising
from a collection of facts, U.S. state laws on misappropriation and European
database laws afford limited sui generis protection for collections of information
that require significant investments.
110
These protections are intended and
framed as torts to safeguard business integrity and fair competition.
111
For the
same reasons, news organizations can claim limited protection for “hot news
items” against immediate copying by free-riders only if the factual information
is time-sensitive and requires significant efforts to discover.
112
But such limited
protections against freeriding by competitors are not framed as property law
regimes and, like trade secret laws, constitute only narrow exceptions to the
general rule that facts should be generally accessible and not subject to
individual exclusivity rights.
In the EU, the financial and professional investment in an arrangement of
facts is safeguarded through a sui generis right to enable database makers
113
to
protect their respective time, money, and effort;
114
they are entitled to prevent
extraction or re-utilization of the whole or a substantial part (qualitatively or
quantitatively) of the database.
115
But, full copyright-like property protections
in European database protection laws apply only to the creative selection or
arrangement of the factual information, which carves out the individual
information elements from ownership.
116
151, 157 (1997) (“Misappropriation is a broad, common law anticopying doctrine. ‘The misappropriation
doctrine potentially is available whenever a person imitates or duplicates a work developed at the expense of
another.’” (quoting David E. Shipley, Refusing to Rock the Boat: The Sears/Compco Preemption Doctrine
Applied to Bonito Boats v. Thundercraft, 25 Wake Forest L. Rev. 385, 413 (1990))).
110. EC Database Directive, supra note 108, at art. 7; see also Determann et al., supra note 68, at 184.
111. EC Database Directive, supra note 109, at paras. 5–6, explains the legislative considerations and intent
as follows:
[C]opyright remains an appropriate form of exclusive right for authors who have created
databases . . . nevertheless, in the absence of a harmonized system of unfair-competition legislation
or of case-law, other measures are required in addition to prevent the unauthorized extraction and/or
reutilization of the contents of a database.
112. See generally Int’l News Serv. v. Associated Press, 248 U.S. 215 (1918) (holding that a news article
may be copyrighted under the Copyright Act, but that the news itself is not copyrightable).
113. See EC Database Directive, supra note 108, at art. 1(2) (defining the term “database” as “a collection
of independent works, data or other materials arranged in a systematic or methodical way and individually
accessible by electronic or other means”).
114. Id. at paras. 39–40 (“[T]his Directive seeks to safeguard the position of makers of databases against
misappropriation of the results of the financial and professional investment made in obtaining and collection the
contents by protecting the whole or substantial parts of a database against certain acts by a user or competitor; . . .
[T]he object of this sui generis right is to ensure protection of any investment in obtaining, verifying or
presenting the contents of a database for the limited duration of the right; whereas such investment may consist
in the deployment of financial resources and/or the expending of time, effort and energy . . . .”).
115. Id. at art 7(1); see also German Copyright Act, supra note 46, § 97 (stating a right to require cessation
of infringement and a right to damages).
116. See Malte Grützmacher, Dateneigentum—ein Flickenteppich: Wem gehören die Daten bei Industrie
4.0, Internet der Dinge und Connected Cars?, COMPUTER UND RECHT, Aug. 2016, at 485, 488 (Ger.) (discussing
German laws that could support ownership rights in data).
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
22 HASTINGS LAW JOURNAL [Vol. 70:1
If a device manufacturer, software company or online service provider
deliberately configures a connected device to collect and report the data for
purposes of creating a database—and obtains the required consents and
authorizations from the device buyers to legally create such a database—then
the company may acquire limited ownership rights in that database under U.S.
state laws on commercial misappropriation and EU database protection laws.
117
Also, companies can develop, purchase, deploy and configure connected devices
specifically to create a database that is valuable to their business and then claim
database protection rights, for example, a weather forecast company that deploys
drones and sensors to collect up-to-date weather information or a traffic advisory
service provider that guides drivers to find the quickest routes.
But in the absence of deliberate database creation plans and investments,
neither the EU database directive nor the U.S. state laws on misappropriation
offers significant property rights with respect to data generated by connected
cars or other devices as mere byproducts.
118
Even when limited exclusivity rights
do attach, available remedies have limited scopes: protection is only applicable
against wholesale copying of the database or substantial parts of it, typically
where freeriding could have a noticeable impact on investments and
competition. Individual information content elements, however, are excluded
from protection under database protection laws in the interest of protecting
public interests in information.
I. D
ATA PRIVACY
Data privacy laws are intended to protect individual freedom and human
dignity.
119
They favor data minimization and are not intended to incentivize
117. See Opperman v. Path, Inc., 84 F. Supp. 3d 962, 988–90 (N.D. Cal. 2015) (a key issue was whether
plaintiffs gave their consent to allow the application to access their contact information, but if they had given
such consent, then the defendant’s motion to dismiss likely would have been granted because there would be no
misappropriation); Salestraq Am., LLC v. Zyskowski, 635 F. Supp. 2d 1178, 1184–85 (D. Nev. 2009)
(defendants did not violate CFAA because they had a license to access plaintiff’s website and did not exceed the
scope of the license); Case C-203/02, The British Horseracing Bd., Ltd. & Others v. William Hill Org. Ltd.,
2004 E.C.R. I-10415; Case C-444/02, Fixtures Mktg., Ltd. v. Organismos Prognostikon Agonon Podosfairou
AE (OPAP), 2004 E.C.R. I-10549; BGH, GRUR 2010, 1004 (1005) (German appellate court’s decision on
ownership rights to traffic data collected by toll technologies). But see Firoozye v. Earthlink Network, 153 F.
Supp. 2d 1115, 1131 (N.D. Cal. 2001) (permitting a claim of misappropriation to proceed despite the fact that
the plaintiff had consented to the defendant accessing his program).
118. See Gruetzmacher, supra note 116, at 487–488; Thomas J. Farkas, Data Created by the Internet of
Things: The New Gold Without Ownership, 23 REV. LA PROPIEDAD INMATERIAL 5, 9 (2017) (“[I]n case of the
networked car, the data generated by virtue of the sensors must rather be regarded as raw data. E.g., the data
regarding location and driving behaviour [sic] is rather not in a systematic or methodical order.”); see also JOSEF
DREXL ET AL., POSITION STATEMENT OF THE MAX PLANCK INSTITUTE FOR INNOVATION AND COMPETITION OF
16 AUGUST 2016 ON THE CURRENT EUROPEAN DEBATE: DATA OWNERSHIP AND ACCESS TO DATA 1, 10 (2016).
For a discussion on how information generated from the collected data might be granted protection, see Lothar
Determann, Social Media Privacy: A Dozen Myths and Facts, 2012 STAN. TECH. L. REV. 7, 3 (2012).
119. See, e.g., General Data Protection Regulation, supra note 20, at para. 1 (“The protection of natural
persons in relation to the processing of personal data is a fundamental right. [Privacy laws] provide that everyone
has the right to the protection of personal data concerning him or her.”).
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 23
creation or production.
Privacy laws are thus generally not referred to as property
laws.
120
Privacy laws give data subjects the right to exclude others from acquiring
or using certain personal information about them, similar to the exclusion rights
conferred by property laws.
121
EU lawmakers have taken broad action to protect
data privacy and have restated in the new General Data Protection Regulation
(GDPR) that companies are generally prohibited from processing any personal
data unless there is a statutory exception.
122
Such strongly worded exclusion
rights have been likened to property law concepts.
123
Yet, GDPR stops short of
recognizing ownership or property rights for data subjects and refers to
“ownership” and “property” only to recognize the conflicting rights that may
outweigh privacy interests.
124
Even the novel right to data portability is quite
limited: it applies only to personal data provided (not created or acquired by an
“owner”), by the data subject (not any “owner”), based on consent or contract
(not legitimate interests, law or other bases), and does not confer any exclusion,
usage or alienation rights.
125
In the United States, overlapping federal and state regulations on data
privacy
126
protect reasonable privacy expectations under tort laws and sector-
specific regulations with even less of a property law-like character as provided
in GDPR.
127
For instance, the Health Insurance Portability and Accountability Act
(HIPAA), which is the federal statute governing healthcare data, protects the
privacy of individually identifiable information, but does not grant any
ownership rights to the individuals in their records.
128
For a few state statutes
120. See Schwartz, supra note 15, at 2058.
121. See Samuelson, supra note 15, at 1130 (“Because the law will sometimes protect [personal data in the
hands of others] and other types of data from unauthorized uses and disclosures, this too may reinforce a sense
of ownership in personal data.” (footnote omitted)).
122. General Data Protection Regulation, supra note 20, at art. 4(1) (defining “personal data” as “any
information relating to an identified or identifiable natural person”); id. at art. 4(2) (defining “processing” as
“any operation or set of operations which is performed on personal data or on sets of personal data, whether or
not by automated means, such as collection, recording, organization, structuring, storage, adaptation or
alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available,
alignment or combination, restriction, erasure or destruction”).
123. Jacob M. Victor, Comment, The EU General Data Protection Regulation: Toward a Property Regime
for Protecting Data Privacy, 123 YALE L.J. 513, 515 (2013) (“[T]he Regulation takes the unprecedented step
of, in effect, creating a property regime in personal data . . . .”).
124. See General Data Protection Regulation, supra note 20, at para. 63 (“Where possible, the controller
should be able to provide remote access . . . [but] [t]hat right should not adversely affect the rights or freedoms
of others . . . .”).
125. Id. at art. 20.
126. See Erika G. Martin & Grace M. Begany, Opening Government Health Data to the Public: Benefits,
Challenges, and Lessons Learned from Early Innovators, 24 J. AM. MED. INFORMATICS ASS’N 345, 348 (2017).
127. LOTHAR DETERMANN, DETERMANN’S FIELD GUIDE TO DATA PRIVACY LAW: INTERNATIONAL
CORPORATE COMPLIANCE xvii (3d
ed. 2017).
128. Who Owns Health Information?, HEALTHINFOLAW (Aug. 2015),
http://www.healthinfolaw.org/lb/download-document/6640/field_article_file.
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
24 HASTINGS LAW JOURNAL [Vol. 70:1
pertaining to automotive event data recorders (EDRs), which serve as “black
boxes” for recording critical sensor and diagnostic data prior to collisions,
legislatures have used a property law terminology and allocated “ownership” to
data from EDRs to drivers or vehicle owners.
129
But the statutes make clear that
their intent is to allocate ownership to the physical embodiment of data on the
tangible EDR devices, and not to create property rights to the information
content itself, which eye witnesses, security cameras, other traffic participants
and forensic investigators are free to acquire from other sources. Similarly,
California privacy laws impose security breach notification obligations on
“owners” of certain computerized data,
130
but clarify in their definitional section
that the “ownership” term is broadly deployed to protect any data held by a
company for its own business purposes
131
(as opposed to data handled by a
service provider, which are subject to different notification rules).
132
Thus, even
though the California legislature uses the term “owner” in connection with
“data,” it neither relies on existing property law concepts nor recognizes
property rights to data.
In the California Consumer Privacy Act, which was enacted in June 2018
and becomes effective in January 2020, California imposes significant
restrictions on sales of personal information: Consumers receive far-reaching
rights to demand data access, erasure and portability, and prohibition of sales of
their data.
133
Businesses must not charge or penalize consumers for exercising
their rights. Consequently, companies find the value of personal information and
their options with respect to the use, sharing and monetization of data greatly
reduced. Thus, California protects individual privacy from alleged risks
associated with data sharing and commercialization with a legal regime that
inhibits trade in personal information. By creating inalienable
134
opt-out, erasure
129. See, e.g., ARK. CODE ANN. § 23-112-107(c), (e) (2010); OR. REV. STAT. § 105.928 (2017); see also
Frederick J. Pomerantz & Aaron J. Aisen, Auto Insurance Telematics Data Privacy and Ownership, 1 MEALEY’S
DATA PRIVACY L. REP. 1, 5 (2005) (“[T]he Arkansas, North Dakota, New Hampshire, Virginia, and Oregon
statutes all refer to EDR data as property with the same ownership rights as tangible property.”).
130. CAL. CIV. CODE § 1798.82(a) (West 2018).
131. See CAL. CIV. CODE § 1798.81.5(a)(1)–(2) (West 2018) (“It is the intent of the Legislature to ensure
that personal information about California residents is protected. To that end, the purpose of this section is to
encourage businesses that own, license, or maintain personal information about Californians to provide
reasonable security for that information. For the purpose of this section, the terms ‘own’ and ‘license’ include
personal information that a business retains as part of the business’ internal customer account or for the purpose
of using that information in transactions with the person to whom the information relates. The term ‘maintain’
includes personal information that a business maintains but does not own or license.”).
132. LOTHAR DETERMANN, CALIFORNIA PRIVACY LAW—PRACTICAL GUIDE AND COMMENTARY, Ch. 2–15,
1.3(g) (3d ed. 2018).
133. Lothar Determann, Analysis: The California Consumer Privacy Act of 2018, INT’L ASS’N PRIVACY
PROF. (July 2, 2018), https://iapp.org/news/a/analysis-the-california-consumer-privacy-act-of-2018/.
134. See CAL. CIV. CODE § 1798.192 (West 2018) (effective Jan. 1, 2020) (the rights are inalienable because
this section voids any contract or agreement that purports to waive or limit in any way a consumer’s rights under
the title).
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 25
and portability rights in personal information, the California Consumer Privacy
Act significantly limits the level of control that businesses can acquire or retain
over personal information. As a result, the law also reduces the potential profit
for consumers from selling personal information because it renders consumers
legally incapable of effectively waiving rights to data access, erasure, porting or
right to prohibit data sharing. Thus, the California Consumer Privacy Act goes
into the opposite direction of creating property rights to data and further
diminishes any potential for commercial interests in personal information.
Legal scholars, on the other hand, have proposed information property law
regimes to protect privacy.
135
Data protection authorities in the EU also
encourage the thought that individual persons own the personal data relating to
them,
136
and popular rhetoric regarding privacy protections gives people
elsewhere the idea that they “own” their personal data.
137
Yet, except for
exclusion rights, data protection and privacy laws diverge from property laws.
Privacy laws do not incentivize or reward creation or investment, do not regulate
the acquisition or transfer of ownership rights to others, and do not apply against
everyone. Instead, EU data protection laws confer exclusion rights against
governments and businesses, but not against individuals acting for personal or
household purposes.
138
Further, most U.S. data privacy laws tend to be sector-
specific and apply to certain types of businesses, organizations or individuals,
139
unlike property laws, which tend to apply to everyone.
140
J. S
UMMARY
Real and personal property laws may protect physical embodiments of
information—including data on storage disks within computers, stationary
server farms, or event data recorders (popularly known as “black boxes”) in cars,
135. See generally Lawrence Lessig, Privacy as Property, 69 SOC. RES.: AN INT’L Q. 247 (2002); see also
Schwartz, supra note 15, at 2056–60.
136. See, e.g., ICO Warns Data Broking Industry After Issuing £80,000 Fine to Unlawful Data Supplier,
INFO. COMMISSIONER’S OFF. (Nov. 2, 2017), https://ico.org.uk/about-the-ico/news-and-events/news-and-
blogs/2017/11/ico-warns-data-broking-industry-after-issuing-80-000-fine-to-unlawful-data-supplier/ (quoting
an ICO representative as saying: “Businesses need to understand they don’t own personal data—people do”).
137. Cf. Samuelson, supra note 15, at 1130 (discussing and refuting the possible reasons why individuals
might naturally assume they own data about themselves); see also Datenschutz ist kein Selbstzweck, DER
TAGESSPIEGEL (Feb. 16, 2017, 2:31 PM), http://www.tagesspiegel.de/politik/data-debates-datenschutz-ist-kein-
selbstzweck/19391956.html (stating that the people’s assumption of data ownership is mistaken).
138. General Data Protection Regulation, supra note 20, at art. 2(2)(c).
139. See DETERMANN, supra note 132, at 1.3(g); see also Lothar Determann, New California Law Against
Data Sharing, 35 COMPUTER INTERNET LAW., Sept. 2018, at 1, 4–8; Lothar Determann & Chetan Gupta,
INSIGHT: Impact of the California Consumer Privacy Act on Employers, BLOOMBERG L. (July 27, 2018),
https://www.bna.com/insight-impact-california-n73014481141/; Lothar Determann, INSIGHT: Be Wary of
Liability for Statutory Damages Under California Consumer Privacy Act (July 6, 2018),
https://www.bna.com/insight-wary-liability-n73014477131/.
140. See Herbert Zech, Daten als Wirtschaftsgut—Überlegungen zu einem Recht des Datenerzeugers: Gibt
es für Anwenderdaten ein eigenes Vermögensrecht bzw, ein übertragbares Ausschließlichkeitsrecht?, 31
COMPUTER UND RECHT 137, 139 (2015) (Ger.) (arguing in favor of property rights to data).
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
26 HASTINGS LAW JOURNAL [Vol. 70:1
or as warning signs on walls or roads—but such protection does not extend to
the informational content. Intellectual property laws (notably in copyright and
patent laws) tend to carve out factual content from protected subject matter to
preserve public access to such factual information. Creative information
collection schemes and valuable databases that are subject to significant
investments enjoy some limited protection against copying and freeriding, but
individual information elements are still not protected. Trade secret law can
protect factual information, but only if the information is kept secret and
provides economic value from being a secret. U.S. data privacy and EU data
protection laws do not greatly resemble property law regimes, but afford
important exclusion rights to data subjects, which are further examined in Parts
III, IV, and V. Thus, the answer to the question “who owns the data generated
from connected cars and other Internet of Things devices?” is “no one, really.”
III.
DATA ACCESS RIGHTS AND RESTRICTIONS UNDER CURRENT LAW
No one owns property rights in data, as shown in Part II, but the complex
landscape of data access rights and restrictions, summarized in this Part, created
by legislatures and courts for various purposes and interests, serves as a basis
for a discussion in Part IV and V of this Article, which addresses whether
additional property rights in data are needed, helpful or harmful.
A. R
IGHTS TO DATA ACCESS, ERASURE, PORTABILITY AND USE
RESTRICTIONS
Data subjects (drivers, patients, cellphone owners) do not generally own
data about them,
141
but are entitled to certain restrictions regarding the use of
their data by companies and governments under data privacy laws.
142
And they
are further entitled to access, erasure, and portability of their personal data
processed by companies under data protection laws in the EU and other
jurisdictions.
143
B. C
OMPUTER INTERFERENCE LAWS
Owners of data-generating devices (cars, heart monitors, phones and other
connected devices) are protected from access to data and information stored on
their devices under computer interference laws such as the U.S. Computer Fraud
and Abuse Act (CFAA), which prohibits people from accessing a computer to
141. As mentioned, restrictions from data privacy do not just lead to property rights. See supra Part III.A;
Determann, supra note 118, at 3 (“Talk about informational self-determination and proposals for property law
regimes to protect privacy sometimes gives people the idea that they own personal data about themselves. Fact
is that no one owns facts.”).
142. For a comprehensive review of this issue, see generally DETERMANN, supra note 127.
143. See, e.g., General Data Protection Regulation, supra note 20, at art. 15 (right of access); id. at art. 17
(right to erasure); id. at art. 20 (right to data portability).
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 27
obtain information without or beyond the scope of authorization.
144
Computer
and software manufacturers thus have to obtain authorization from end-users
before any error report is sent back or any device is accessed for repair and
maintenance purposes. The same applies to manufacturers of connected cars—
manufacturers are prohibited from designing cars that automatically send data
back to them without authorization from the car owner. Although the car owners
will likely provide such authorization in consideration for various services, such
as for navigation, traffic updates, accident reports, entertainment, and telematics
services, those authorizations will be provided only when something of value is
offered by the service providers.
C.
RIGHT TO REPAIR STATUTES AND ENVIRONMENTAL AND COMPETITION
LAWS
Car manufacturers need to design cars with prescribed degrees of openness
under the “right to repair” statutes, environmental laws requiring independent
emission tests, and general competition laws.
145
Any device, software, or online
service provider that designs technical restrictions on its own products to favor
its own spare parts, add-on products, or services can be subject to serious
sanctions under antitrust laws, as recently demonstrated by a €2.4 billion fine
against an online search provider for offering an internet search service that
allegedly favors its own content.
146
Given that device manufacturers naturally
have market power for spares and add-on services,
147
their level of discretion on
144. 18 U.S.C. § 1030(a)(2)(c) (2012). But see id. § 1030(e)(2) (2012) (defining “protected computer” as
practically including any ordinary computer and cellphone connected to the internet, as the internet is regarded
as an instrumentality of interstate commerce as required by the definition).
145. To protect consumers, lawmakers have proposed or passed various statutes on the “right to repair”
doctrine, requiring automakers to provide the same information to independent repair shops as they do to their
authorized dealer network. See generally THE REPAIR ASS’N, http://repair.org/association (last visited Nov. 21,
2018). The lawmakers are therefore directly focusing on protecting a basic level of openness in cars. See On-
Board Diagnostic II (OBD II) Systems—Fact Sheet/FAQs, CAL. AIR RESOURCES BOARD,
https://www.arb.ca.gov/msprog/obdprog/obdfaq.htm (last updated Oct. 28, 2015) (showing that California Air
Resource Board developed On-Board Diagnostic (OBD) requirements to monitor nearly every component that
could affect the emissions performance of a vehicle). Thus, requirements originating from California
environmental legislation already establish an important degree of openness. The U.S. Environmental Protection
Agency (EPA), along with state agencies such as the California Air Resources Board, continue to regulate
emission-related parts. See EPA Emission Standards Reference Guide for On-road and Nonroad Vehicles and
Engines, U.S. ENVTL. PROTECTION AGENCY, https://www.epa.gov/emission-standards-reference-guide (last
visited Nov. 21, 2018). Under antitrust and competition laws, as well as self-regulatory undertakings, car
manufacturers cannot monopolize aftermarkets for parts and add-on products.
146. European Commission Press Release IP/17/1784, Antitrust: Commission Fines Google €2.42 Billion
for Abusing Dominance as Search Engine by Giving Illegal Advantage to Own Comparison Shopping Service
(June 27, 2017).
147. So long as several strong car manufacturers remain present on international markets, competition
remains sufficiently strong. Monopolization challenges will therefore focus on aftermarket products for a
particular brand, arguing that automotive manufacturers have monopoly power in the aftermarket for their own
cars and willfully maintain such power through anticompetitive means. Cf. Eastman Kodak Co. v. Image Tech.
Servs., 504 U.S. 451, 481 (1992) (citing United States v. Grinnell Corp., 384 U.S. 563, 570–571 (1966)). Some
courts have included an explicit third factor that the plaintiff suffer an antitrust injury as a result. In re Indep.
Serv. Orgs. Antitrust Litig., 114 F. Supp. 2d 1070, 1087 (D. Kan. 2000).
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
28 HASTINGS LAW JOURNAL [Vol. 70:1
adding restraints on interfaces, ports and other data access means with regard to
device owners and spare part providers is limited by these statutes and laws.
D.
LAWS ON CONSUMER PROTECTION, PRODUCT SAFETY, IMPLIED
WARRANTIES AND SUSTAINABILITY
Consumers are protected against threats posed by connected cars and other
devices under product safety, product liability, and contract laws,
148
which
require manufacturers, distributors, and add-on service providers to ensure that
any of the connected devices and services that they sell are designed to function
in a safe and functional manner.
149
Safety considerations warrant interfaces and
access means that are sufficiently “open” to allow device owners to update,
upgrade, and secure products over time.
150
Depending on how consumer
expectations and laws develop around the openness of cars, in the future, a
connected car with insufficient interoperability or upgradability may become
legally declared as defective under the product safety, product liability, and
warranty laws, and run afoul of environmental sustainability requirements,
because of its unnecessarily short life cycle.
151
IV.
INTERESTS IN DATA AND LEGAL PROTECTIONS UNDER CURRENT LAW
Persons, businesses, and governments have different interests in data. This
Part examines such interests in the context of an entire ecosystem of persons and
entities involved with the Internet of Things—instead of selectively citing to
anecdotal scenarios and unconnected interests. The interests of parties
concerned are identified and associated with existing legal protections available
under current law (summarized in Part III) to lay the ground work for identifying
any potential gaps that could warrant ownership rights in data, which do not yet
exist (as discussed in Part II) but are contemplated (as discussed in Part V). For
illustration purposes, this Part specifically refers to data generated by cars as an
example for a data interest landscape that has recently given rise to demands for
148. 15 U.S.C. § 2056 (2012); 49 U.S.C. § 301 (2012); 49 C.F.R. § 501 (2016); National Highway Traffic
Safety Administration, Department of Transportation, Request for Public Comments NHTSA Enforcement
Guidance Bulletin 2016–02: Safety-Related Defects and Emerging Automotive Technologies, 81 Fed. Reg.
18,935 (Apr. 1, 2016); RESTATEMENT (THIRD) OF TORTS: PRODUCT LIABILITY §1 (AM. LAW INST. 1998).
149. The most recent restatement on product liability states that “a product is defective in design when the
foreseeable risks of harm posed by the product could have been reduced or avoided by the adoption of a
reasonable alternative design by the seller or other distributor, or a predecessor in the commercial chain of
distribution, and the omission of the alternative design renders the product not reasonably safe.” RESTATEMENT
(THIRD) OF TORTS: PRODUCT LIABILITY § 2(b) (AM. LAW INST. 1998).
150. Cf. Determann & Perens, supra note 6, at 934–936 (discussing the perils of lawmakers tendency to
discourage openness and independence).
151. See id. at 924 (discussing the lifecycle autonomous vehicles, their need for software updating, and that
the openness in updating “places an end-date on the occurrence of events that would lead to liability of the
manufacturer for a particular software and hardware version”).
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 29
a data ownership regime by the German government.
A.
CAR OWNERS
Most car buyers will be interested in data accessibility, safety features and,
interoperability to ensure competitive pricing and availability of data-driven
services (navigation, autonomous driving, and entertainment), spare parts,
updates, upgrades, and maintenance services.
152
Car owners will need open ports
in their cars to install brand-agnostics telematics and fleet management
technologies, trackers required by insurance companies for individual tariffs,
software, and devices to participate in ride-sharing models, and other add-ons,
updates, and upgrades.
153
Buyers will pursue their interests primarily by
expressing preferences in the marketplace by buying cars that best meet their
needs on data accessibility and interoperability. If manufacturers are overly
restrictive or not upfront about the technological restraints on data access or
interoperability, they may be penalized through complaints that get filed to
consumer and competition supervisory bodies.
With respect to data privacy, consumers and business owners will be in
slightly different situations. For example, when a consumer owns a car, much of
the data generated by the car will qualify as “personal data” because of its
relationship with the individual owner. Consequently, the consumer will be able
to rely on data privacy, consumer protection, and computer interference laws to
object to unwanted data access and usage by the manufacturer, distributor, add-
on service providers, and others. Business owners on the other hand can take
“data privacy by design” measures to sever the relationship between the vehicles
and their individual drivers by keeping the individual names out of the telematics
systems, but the drivers will be able to rely on computer interference laws to
object to unwanted data access by manufacturers and others.
154
Owners of large
vehicle fleets (car rental companies, transportation businesses, ride sharing
ventures, logistics providers, and other enterprises) have more pressing needs
for brand-agonistic and interoperable data access to optimize fleet management,
152. See generally Simon Ninan et al., Who Owns the Road? The IoT-Connected Car of Today—and
Tomorrow, DELOITTE INSIGHTS (Aug. 18 2015), https://www.deloitte.com/insights/us/en/focus/internet-of-
things/iot-in-automotive-industry.html (“[D]rivers of the next generation want their cars to act as smartphones
on wheels, like to remain connected and productive on the go, consider fully connected vehicles among the most
beneficial futuristic technologies, and are ready to pay a sizeable amount for a vehicle that meets all their
technology wants and needs.”); see also Determann & Perens, supra note 150, at 934–936 (stating that the car
might otherwise become unsafe or unusable and be subject to obsolescence).
153. See Masa Hasegawa, Connected Vehicles Enter the Mainstream—Trends and Strategic Implications,
DELOITTE, https://www2.deloitte.com/us/en/pages/manufacturing/articles/connected-vehicles-enter-the-
mainstream.html (last visited Nov. 21, 2018) (stating that vehicle consumers will likely expect their vehicle
systems to maintain compatibility with newly purchased consumer electronics for five to six years, the average
length of new vehicle ownership in the United States). Thus, given the length of time that vehicle consumers
expect to own their cars, they will need to allow openness for routine technological updates.
154. See supra Subpart III.C. (referring to 18 U.S.C. § 1030(a)(2)(c) (2012)).
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
30 HASTINGS LAW JOURNAL [Vol. 70:1
operation, and maintenance.
155
Such owners will want various information, such
as the location of each car, any need for maintenance, differences in fuel
consumptions between different vehicle models, whether maximum working
hour limits are being followed by the drivers, and ways in which their return on
investment can be maximized from the vehicles.
B.
DRIVERS AND PASSENGERS
Drivers and passengers will generally be most interested in privacy and
safety. Under current law, they are entitled to the provision of notice and choices
regarding location-tracking and monitoring by the car owner, manufacturer, or
others.
156
Employee drivers can be advised of the employer’s data processing
activities in accordance with the relevant laws.
157
Car rental customers and
taxicab passengers can be reached by pop-up notices in the car to enable their
decision-making on whether to permit a certain functionality—like security
cameras in the car, entertainment solutions, navigation systems, or location
tracking—or to refrain from using a particular vehicle if not configurable.
C.
OTHER TRAFFIC PARTICIPANTS
Connected cars will communicate with other traffic participants, including
other cars and their drivers, as well as cyclists, pedestrians, and bystanders, for
safety reasons.
158
Opportunities for providing proper notice and giving choices
on data access will be limited, however, and standardization through legislation
may thus be required. In the meantime, car manufacturers and owners will need
to ensure that connected cars are constructed with “data privacy by design”
principles in mind, so that there will be no illegal data collection or usage.
159
155. See JAMES MANYIKA ET AL., MCKINSEY GLOBAL INST., BIG DATA: THE NEXT FRONTIER FOR
INNOVATION, COMPETITION, AND PRODUCTIVITY 1, (2011), https://www.mckinsey.com/~/media/McKinsey/
Business%20Functions/McKinsey%20Digital/Our%20Insights/Big%20data%20The%20next%20frontier%20f
or%20innovation/MGI_big_data_exec_summary.ashx/.
156. See supra Subparts III.A, IV.A.
157. See Lothar Determann & Robert Sprague, Intrusive Monitoring: Employee Privacy Expectations Are
Reasonable in Europe, Destroyed in the United States, 26 BERKELEY TECH. L.J. 979, 1004–05 (2011)
(“Employers can—and often do—destroy any actual expectation of privacy by notifying employees in
painstaking detail about the existence and intrusiveness of monitoring and surveillance technologies deployed.”).
But employers have successfully defended against privacy claims when the tracked vehicles were company-
owned, particularly in cases where the tracking was to determine employee misconduct. See Karla
Grossenbacher, Employee GPS Tracking—Is It Legal?, LEXOLOGY: GLOBAL PRIVACY WATCH BLOG (Jan. 26,
2016), http://www.lexology.com/library/detail.aspx?g=a94fd053-3106-4836-bc9c-a25d05340ed5.
158. See European Commission, Communication from the Commission to the European Parliament, the
Council, the European Economic and Social Committee and the Committee of the Regions: A European Strategy
on Cooperative Intelligent Transport Systems, a Milestone Towards Cooperative, Connected and Automated
Mobility, COM (2016) 766 final (Nov. 30, 2016).
159. Pushing for “privacy by design” requirements, the U.S. FTC has brought a number of cases against
product manufacturers that did not sufficiently consider data security in the design of their products, which have
included network cameras, home routers, and software platforms. Press Release, Fed. Trade Comm’n, Marketer
of Internet-Connected Home Security Video Cameras Settles FTC Charges It Failed to Protect Consumers’
Privacy (Sept. 4, 2013), https://www.ftc.gov/news-events/press-releases/2013/09/marketer-internet-connected-
home-security-video-cameras-settles; Press Release, Fed. Trade Comm’n, ASUS Settles FTC Charges that
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 31
D. MANUFACTURERS
Manufacturers can use data generated from connected cars to monitor
maintenance status, anticipate and prevent failures, improve products, develop
new products, and/or offer add-on services, updates, and upgrades.
160
These
manufacturers’ interests will be largely aligned with the interests of car owners
so long as the manufacturers do not use the data against the interests of the car
owners (for example by selling information on speeding violations to law
enforcement agencies).
161
Car owners will then remain informed about the
manufacturers’ use of the car owners’ data and data access ports will remain
open enough to allow the car owners to choose alternatives to the manufacturers’
offered updates, upgrades, and add-on services.
162
Manufacturers will not be legally entitled to receive any data from their
sold cars, but they may design the cars in ways that automatically report the
collected data back to their makers, as long as they obtain authorization from car
owners (as required under computer interference laws)
163
and provide sufficient
notice and choices to car owners, drivers, passengers, and others regarding any
personal data collected by the car manufacturers.
164
Manufacturers will also have interests in restraining access to technical
data, primarily for three reasons: to (1) guard trade secrets on their
manufacturing processes and technologies installed in the cars; (2) reduce
Insecure Home Routers and “Cloud” Services Put Consumers’ Privacy At Risk (Feb. 23, 2016),
https://www.ftc.gov/news-events/press-releases/2016/02/asus-settles-ftc-charges-insecure-home-routers-cloud-
services-put/; Press Release, Fed. Trade Comm’n, Oracle Agrees to Settle FTC Charges It Deceived Consumers
About Java Software Updates (Dec. 21, 2015), https://www.ftc.gov/news-events/press-releases/2015/12/oracle-
agrees-settle-ftc-charges-it-deceived-consumers-about-java. Under the General Data Protection Regulation,
companies will be expressly required to consider data protection by design and by default and implement
appropriate technical and organizational measures. General Data Protection Regulation, supra note 20, at art.
25. For a discussion on technical principles and implementation of IT security regarding the mentioned
communications, see Thomas Strubbe et al., IT–Sicherheit in Kooperativen Intelligenten Verkehrssystemen, 41
DATENSCHUTZ UND DATENSICHERHEIT 223, 223 (2017) (Ger.).
160. See Thilo Weichert, Datenschutz im Auto—Teil 1: Das Kfz als großes Smartphone mit Rädern, SVR,
June 2016, at 201, 202 (Ger.) (analogizing cars to large smartphones on wheels); see also Welch, supra note 12
(noting the convenience of the connected car and its abilty to self-run vehicle diagnostics).
161. This example may seem farfetched at first glance, but some concerns have surfaced regarding sharing
navigation system information with government agencies. Archibald Preuschat, TomTom Drives into Speed
Camera Scandal, WALL ST. J. (Apr. 28, 2011, 6:33 PM), https://blogs.wsj.com/tech-europe/2011/04/28/tomtom-
drives-into-speed-camera-scandal/.
162. Determann & Perens, supra note 150, at 947; Carol Sledge & Douglas C. Schmidt, A Discussion on
Open-Systems Architecture, CARNEGIE MELLON U. SOFTWARE ENGINEERING INST.: SEI BLOG (Nov. 23, 2015),
https://insights.sei.cmu.edu/sei_blog/2015/11/a-discussion-on-open-systems-architecture.html; cf. Masa
Hasegawa, Acceleration of the Connected Experience—Vehicle Connectivity and Evolving Customer
Expectations, DELOITTE, https://www2.deloitte.com/us/en/pages/manufacturing/articles/acceleration-of-the-
connected-experience-automotive-manufacturing.html (last visited Nov. 21, 2018) (noting that customer
expectations have evolved as a result of the technical evolution and that they expect more).
163. See supra Subpart III.C. (referring to 18 U.S.C. § 1030(a)(2)(c) (2012)).
164. See supra Subparts III.A, IV.A.
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
32 HASTINGS LAW JOURNAL [Vol. 70:1
potential product liability and reputational harm resulting from aftermarket parts
and manipulations, including cybersecurity weaknesses; and (3) reduce
competition for spare parts, add-ons, updates, and upgrades in favor of the
manufacturer’s own offerings. These interests of car manufacturers to restrain
data access can come into conflict with competition laws and data access
interests of car owners, who may reverse-engineer their products under trade
secret law and are generally free to modify and upgrade their products, so long
as they comply with the applicable laws.
165
Due to market forces and reverse-
engineering possibilities, manufacturers will be incentivized to offer reasonable
compromises on data access to buyers. Manufacturers can decide to offer more
open (as opposed to closed or locked-in) products at different price-points,
similarly to how DVD player manufacturers market region-free players
166
or
how mobile phone makers and service providers market unlocked phones and
month-to-month contracts.
E.
ADD-ON SERVICE PROVIDERS
Add-on or “aftermarket” providers of services, parts, and features will have
similar needs and interests as the manufacturers in collecting and processing
relevant data.
167
And similar to manufacturers, add-on service providers are not
entitled to access any data, except with the authorization from the car owners
and when in compliance with applicable data privacy laws.
168
Companies that
offer products or services competing with the manufacturer may be entitled to
fair and non-discriminatory access to data from the cars under antitrust laws.
169
If a car owner chooses a service, the provider will typically need some data to
perform the service (for example location data for GPS), in which case the
request for an authorization needs to be spelled out in the applicable contract.
170
In turn, the data generated by the services will also attract the interests of various
entities, such as government institutions.
171
165. See supra Subparts III.D, IV.C.
166. See, e.g., Robert Silva, DVD Region Codes—What You Need to Know, LIFEWIRE (June 3, 2018),
https://www.lifewire.com/dvd-region-codes-1845720 (discussing the Code-Free DVD).
167. See supra Subpart V.D.
168. See supra Subparts III.A, IV.A, IV.B.
169. See supra Subpart IV.C.
170. For discussions on the requirements arising from data privacy laws and computer interference laws,
see supra Subparts III.A, IV.A, and IV.B.
171. See Cheryl Miller, Uber and Lyft Resist Regulators’ Appeal for Data Sharing, RECORDER (Oct. 10,
2017, 7:03 PM), https://www.law.com/therecorder/almID/1202800099561/?slreturn=20180804191454 (stating
that Uber and Lyft are required by law to submit confidential annual reports to governmental institutions about
“the types of service they provide, what neighborhoods they serve and how many miles their drivers log” and
that “cities and local transportation planning agencies are eager to get access to that data to study traffic patterns
and the fast-growing industry’s effect on roads and the environment,” but that the companies refuse to share this
data with public agencies due to the privacy of both riders and drivers).
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 33
F. CAR DEALERS AND DISTRIBUTORS
Car dealers and distributors of spare parts, add-on products, updates, and
upgrades will be interested in information relating to customer-relationship
management, so that they can market additional products and services to car
owners. Car dealers and distributors are usually permitted to use transaction
information to market similar products and services, and they can obtain the
customers’ consent to direct marketing in connection with the initial sale. For
any access to data generated by cars, distributors will need to obtain
authorizations from the car owners and possibly provide notice and choices to
other data subjects involved, similar to the car manufacturers and add-on service
providers,
172
as discussed above.
G.
INSURANCE COMPANIES
Insurance companies will be interested in information on driving patterns
so that they can assess and reduce risks, for example, through individual tariffs,
which reward good driving and punish bad driving.
173
They will need voluntary
consent from the car owners for any data access and must comply with the data
privacy laws that protect the privacies of drivers, passengers, and others, if and
to the extent data is gathered indirectly from them.
174
Where insurance
companies offer individual tariffs as a discount, consumers and regulators can
raise the question on whether consent is truly voluntary, given that a
policyholder’s discount is another policyholder’s penalty.
175
A significant
penalty for failure to agree to tracking of driving patterns could be deemed as
being coercive, depending on the circumstances.
176
H.
LAW ENFORCEMENT AND GOVERNMENT INSTITUTIONS
Law enforcement agencies and civil litigants will be interested in data
generated by cars, in connection with accidents and traffic law violations.
177
Under the applicable laws, they will typically need a court order or a voluntary
consent from the car owner to access the data stored on a particular car. But they
may be permitted to observe cars that are on public roads without limitations, as
long as they do not interfere with the physical possession and property rights of
172. See supra Subparts V.D, V.E.
173. AALA SANTHOSH REDDY, COGNIZANT, THE NEW AUTO INSURANCE ECOSYSTEM: TELEMATICS,
MOBILITY AND THE CONNECTED CAR 2 (2012), https://www.cognizant.com/InsightsWhitepapers/The-New-
Auto-Insurance-Ecosystem-Telematics-Mobility-and-the-Connected-Car.pdf; see also Welch, supra note 12;
Hornung & Goeble, supra note 17, at 268.
174. See supra Subparts III.A, IV.A.
175. Patrick R. Mueller, Every Time You Brake, Every Turn You Make—I’ll Be Watching You: Protecting
Driver Privacy in Event Data Recorder Information, 2006 WIS. L. REV. 135, 158–159 (2006).
176. Cf. id. at 159 & n.154 (noting that a driver’s agreement to monitoring is permissible as long as it is
voluntary, in other words as long as it is not coerced).
177. Vince Bond Jr., Lawyers Reaching for In-Car Data, AUTOMOTIVE NEWS, (Sept. 14, 2014, 12:01 AM),
http://www.autonews.com/article/20140914/OEM11/309159952/lawyers-reaching-for-in-car-data.
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
34 HASTINGS LAW JOURNAL [Vol. 70:1
the car owner.
178
If manufacturers, service providers, insurance companies, and
others have custody of data, law enforcement agencies and civil litigants can try
to compel those entities to release the requisite data.
179
This in turn creates a
need for those parties to carefully plan and protect their positions.
180
V.
SHOULD NEW PROPERTY RIGHTS IN DATA BE CREATED?
Politicians in Germany have recently started a debate about the possibility
of allocating property rights in data through new legislation.
181
Similar demands
have been made in the United States and elsewhere in the past.
182
This brings us
to the question of whether new property rights should be created for data. One
methodology to answer would be to weigh “the reasons why information should
be controlled by an owner (locked up)” against “the reasons why information
should be not under an owner’s control (open for use by others).”
183
Specifically, this Part analyzes data propertization’s effects on the
protection of creativity and technological advances and of personal privacy,
which are often posited as rationales for “locking” information, and the
enablement of freedom of expression and of competition, which are often
advanced as bases for keeping “open” the information.
184
A.
CREATIVITY AND TECHNOLOGICAL ADVANCES
As explained in Subpart II.A, the most widely adopted justification for
granting property rights is utilitarian and economic, particularly to incentivize
creations and improvements of things that advance technology or science. In a
study published in August 2017, the German Federal Ministry of Transportation
178. See generally United States v. Jones, 565 U.S. 400 (2012) (holding that the government’s installation
of a GPS device on a target’s vehicle
and its use of that device to monitor the vehicle’s movements is a physical
intrusion upon the car, constituting a “search” under the Fourth Amendment).
179. See supra Subpart IV.H (discussing the interests of governmental institutions, cities and local
transportation planning agencies against ride-hailing companies).
180. See Lothar Determann, Views on Global Surveillance Laws from Lothar Determann of Baker &
McKenzie, BLOOMBERG BNA (May 23, 2016), https://www.bna.com/views-global-surveillance-
n57982072794/.
181. See, e.g., Video-Podcast der Bundeskanzlerin #10/2017, PREISTRÄGER BEIM GRÜNDERWETTBEWERB
IKT INNOVATIV 2015 (Mar. 18, 2017) (transcribed and available for download at https://www.bundeskanzlerin.
de/Content/DE/Podcast/2017/2017-03-18-Video-Podcast/links/download-PDF.pdf;jsessionid
=E48EE1966F5251A9B5832229E0D5ED0B.s6t1?__blob=publicationFile&v=4 (last visited Nov. 21, 2018)
(Ger.) (featuring Chancellor Angela Merkel); Bundesministerium für Verkehr und digitale Infrastruktur, supra
note 17, at Part 4.4 (study of German ministry for traffic and infrastructure on benefits and needs regarding
property rights for data).
182. See, e.g., Lin, supra note 15, at 964 (“The conceptualization of executive private facts as economically
valuable trade secrets further expands on the macroeconomic trend of privacy commoditization.”); Rule, supra
note 15, at 183; Samuelson, supra note 15, at 1125.
183. This balancing model is discussed in the context of propertizing information, particularly as intellectual
property, in Margaret Jane Radin, A Comment on Information Propertization and Its Legal Milieu, 54 CLEV. ST.
L. REV. 23, 25 (2006).
184. Id. at 25–26.
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 35
and Digital Infrastructure called for the creation of “data ownership” as a means
to create “data markets” and “data value harvesting.”
185
Without property rights
in data, companies are less willing to license or share data with other market
participants, more likely to hold on to data that they possess and control and less
likely to collect data in the first place.
186
But as shown in Part I, data has grown—and will continue to grow—at an
exponential rate, and
companies are racing to create ever more data, without any
“incentivizing” through data propertization. “Open” data, completely without
any property rights, has brought revolutionary advances for companies,
scientific researchers, medical practitioners, intelligence operations, and many
others,
187
ranging countless industries and uses.
188
In recent years, companies
have developed various business models that do not rely on property rights (for
example in the “sharing economy”)
189
or rely on intellectual property laws to
secure openness and turn their effects on their head (for example open source
code licensing subject to “copyleft”).
190
Companies hardly seem to need any
further incentives to continue hoarding data.
Whether the creation of property rights in data would encourage companies
to share and trade data is far from certain. If global businesses had to deal with
individual property rights (which would be national and territorial) on top of
privacy and data protection regulations, this would further complicate legal
compliance and cooperation arrangements. Data propertization would mean that
individual data subjects and owners will have rights to exclude others from using
or accessing that data, which will generally complicate and restrict the free flow
of information. Individual data subjects may in many cases be identifiable more
or less easily, but “data owners” could hold vague and nontransparent claims to
information that would burden the administration of any “data market”
185. Bundesministerium für Verkehr und digitale Infrastruktur, supra note 17, at Part 4.
186. Id. at Parts 4, 5.1.3.
187. Randal E. Bryant et al., Big-Data Computing: Creating Revolutionary Breakthroughs in Commerce,
Science, and Society, COMPUTING RES. ASS’N (Dec. 22, 2008), http://www.cra.org/ccc/docs/init/Big_Data.pdf
(discussing how big data computing can and will transform various sectors).
188. Chloé Margulis, Note, The Application of Big Data Analytics to Patent Litigation, 99 J. PAT. &
TRADEMARK OFF. SOC’Y 305, 305, 340 (2017) (discussing the benefits of big data analytics to the patent
industry); Pamela Metzger & Andrew Guthrie Ferguson, Defending Data, 88 S. CAL. L. REV. 1057, 1061 (2015)
(“[A] data-driven systems approach has revolutionized other high-risk practices, from trauma surgery to space
travel.”); Neil M. Richards & Jonathan H. King, Big Data Ethics, 49 WAKE FOREST L. REV. 393, 393 (2014)
(“We are on the cusp of a ‘Big Data’ Revolution. Increasingly large datasets are being mined for important
predictions and often surprising insights. . . . The scale of the Big Data Revolution is such that all kinds of human
activities and decisions are beginning to be influenced by big data predictions, including dating, shopping,
medicine, education, voting, law enforcement, terrorism prevention, and cybersecurity. This transformation is
comparable to the Industrial Revolution in the ways our pre-big data society will be left radically changed.”).
189. See Yochai Benkler, Sharing Nicely: On Shareable Goods and the Emergence of Sharing as a Modality
of Economic Production, 114 YALE L.J. 273, 279–80 (2004).
190. See Lothar Determann, Dangerous Liaisons—Software Combinations as Derivative Works?
Distribution, Installation, and Execution of Linked Programs Under Copyright Law, Commercial Licenses, and
the GPL, 21 BERKELEY TECH. L.J. 1437–41, 1481 (2006) (“Programmers invented “copyleft” to fight copyright
law, published a manifesto, and created a new set of license terms intended to free software . . . .”).
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
36 HASTINGS LAW JOURNAL [Vol. 70:1
apparently considered by the German government. Based on experiences with
patent and copyright trolls,
191
businesses can expect data trolls to get in line to
include data they own into studies and data bases to later extract ransoms and
nuisance fees based on potential property rights in data.
An example of where vesting property rights has slowed down the pace of
research occurred in India when, in response to Western pharmaceutical
companies’ patenting of products developed from natural resources, the Indian
government enacted the Biological Diversity Act, requiring non-citizens and
foreign corporate bodies not registered in India to obtain approvals from the
National Biodiversity Authority before obtaining any biological resources in
India.
192
This had an unintended effect of “retarding the potential of [India] to
reap the full rewards of biotechnology,” as well as “impeding conservation
science.”
193
Data propertization may have negative effects on incentivizing creativity
or technological advancements, which is why current property laws generally
carve out data from protectable subject matter definitions, as shown in Part III.
The U.S. Supreme Court explained in Graham v. John Deere Co. that the
constitutional authority for Congress to grant patent rights
194
is “limited to the
promotion of advances in the ‘useful arts,’”
195
which was interpreted as requiring
“[i]nnovation, advancement, and things which add to the sum of useful
knowledge.”
196
The Court held that existent knowledge is none of those things
and does not promote the advances in the useful arts, and that free access to
materials that are already available should not be restricted.
197
Similarly, in
Feist Publications, Inc. v. Rural Telephone Service Co., Inc., the U.S. Supreme
Court explained that no originality, which is a constitutional requirement for a
copyright, can exist for any fact—whether it’s scientific, historical, biographical,
or news of the day
198
—and that copyright law is meant to encourage “others to
build freely upon the ideas and information conveyed by a work.”
199
These
seminal decisions suggest that granting new property rights akin to patent rights
or copyrights (for example, granting rights to exclude others for a specified
period of time) to data, which is factual and at best existent knowledge, would
not promote innovation, advancement of useful knowledge, or public access to
191. See e.g., Mark A. Lemley & A. Douglas Melamed, Missing the Forest for the Trolls, 113 COLUM. L.
REV. 2117, 2118–19 (2013).
192. Biological Diversity Act, No. 18 of 2003, INDIA CODE (2002), vol. 18.
193. Rohan Pethiyagoda, Biodiversity Law Has Had Some Unintended Effects, 429 NATURE 129, 129
(2004); see also VANDANA SHIVA, PROTECT OR PLUNDER?: UNDERSTANDING INTELLECTUAL PROPERTY RIGHTS
28 (2001).
194. U.S. CONST. art. 1, § 8, cl. 8 (“To promote the Progress of Science and useful Arts, by securing for
limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries.”).
195. Graham v. John Deere Co., 383 U.S. 1, 5 (1966).
196. Id. at 6.
197. Id. at 5–6.
198. Feist Publ’ns, Inc. v. Rural Tel. Serv. Co., 499 U.S. 347, 348 (1991).
199. Id. at 349–50.
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 37
information.
B.
PROTECTING PERSONAL PRIVACY
The second posited rationale—protection of personal privacy—will also
not be advanced by data propertization. Data privacy laws already afford
individuals with a nuanced exclusion right, which lawmakers have structured to
reflect policy interests in freedom of information and personal privacy with
notice and consent requirements, a right to be forgotten, rights against
international data transfers, and various other partial or complete exclusion
rights. Data subjects could not benefit from an additional data collection or usage
exclusion right under property laws, because such a right would be duplicative
at best. Companies that acquire ownership to personal data from data subjects
like other property could exclude the previous owner—the data subject—from
using data about himself or herself. Such an exclusion right would be
diametrically opposed to the policy objectives of data privacy laws, which seek
to protect human dignity and personal privacy.
Besides exclusionary rights, property laws typically also confer a right to
possession, usage, and free disposition.
200
Granting such rights with respect to
personal data would also be highly counterproductive to the policy objectives of
privacy laws. If data subjects could sell and transfer personal data like other
property, the buyers could use and resell their data as they see fit. Individuals
already benefit today from their ability to oppose data collection and usage under
data privacy laws: companies have to offer attractive services, applications, or
other items to gain access to user data in a highly competitive market for users
on the Internet of Things. European policy makers bemoan that individuals are
not compensated fairly enough for their data by “free” services and apps and
want to strengthen individual data sovereignty by mandating that companies pay
cash to individuals for their data.
201
But, the administration (and surely taxation)
of individual data compensation systems will inevitably create a need for even
more data collection, processing, and bureaucracy. If law makers start
mandating minimum wages for data subjects, companies will have to charge for
formerly-free services and the individuals are unlikely to benefit from the
theoretical option to refrain from selling their data. In many circumstances, a
property owner will only be able to receive liability-rule protection—which
means that the owner can be forced to give up her property (and privacy) in
return for an externally-set compensation (often by a court, legislature, or
administrative agency)
202
—and her properties may also be subject to
government confiscation or interference without any compensation.
203
Further, if data can be sold, licensed, and traded like commodities, this
200. See supra Subpart III.A.
201. Bundesministerium für Verkehr und digitale Infrastruktur, supra note 17, at Part 4.
202. Barbara J. Evans, Much Ado About Data Ownership, 25 HARV. J. L. & TECH. 69, 79 (2011).
203. See id.
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
38 HASTINGS LAW JOURNAL [Vol. 70:1
would inevitably have negative effects on the protection of personal privacy. In
fact, the ability to own and trade personal data can clash with other policies and
jurisprudence on ownership relating to humans. Psychologist Raymond Cattell,
defines personality as “that which permits a prediction of what a person will do
in a given situation.”
204
Personal data allows companies, individuals and
algorithms to predict many aspects of a person’s actions, such as where that
person wants to go or what that person wants to eat. Proponents of property
rights to data at the core of an individual’s personality to encourage trade
invokes policy arguments against the propertization of humans as discussed in
the jurisprudence surrounding ownership of human bodily tissue
205
as well as in
human rights and international humanitarian law discourse.
206
Protection of personal privacy is and can be sufficiently, if not better,
achieved with data privacy laws, which are designed specifically to address
personal privacy issues.
207
For example, in the EU, as discussed in Subpart II.A,
the legislature put into effect the new GDPR to strengthen individual
information self-determination by requiring companies to minimize the
collection, use, and retention of personal data and by broadly defining “personal
data” to cover most categories of data generated by connected devices. Personal
privacy is and can be better protected with data privacy laws demanding data
minimization, deletion, and protection—as opposed to property laws,
incentivizing investment and maximization of profits from data collection,
sharing, and trading.
C.
FREEDOM OF INFORMATION AND SPEECH
Granting property rights to data undermines the freedom of expression. As
explained by the U.S. Supreme Court in Sorrell v. IMS Health Inc., information
qualifies as speech within the meaning of the First Amendment.
208
The Court
stated, “Facts, after all, are the beginning point for much of the speech that is
most essential to advance human knowledge and to conduct human affairs.”
209
Data propertization—which would allow individuals or companies to control
204. RAYMOND B. CATTELL, PERSONALITY: A SYSTEMATIC THEORETICAL AND FACTUAL STUDY 2 (1950)
(emphasis removed).
205. See generally Moore v. Regents of Univ. of Cal., 793 P.2d 479 (1990) (holding that a person does
cannot retain ownership interest in his spleen as it was a naturally occurring organism).
206. Press Release, Secretary General, Abolition of Slavery in All Its Forms Remains Major United Nations
Priority, Says Secretary General, U.N. Press Release SG/SM/8519-HR/4629-OBV/309 (Nov. 22, 2002),
http://www.un.org/press/en/2002/SGSM8519.doc.htm (“Human beings are not property.”).
207. Many scholars debate whether data privacy laws need to be reformed, but that is not a topic considered
in this Article. But data privacy laws, whether in their current or amended form, are designed for protecting
personal privacy and are more suitable for protecting personal privacy.
208. See Sorrell v. IMS Health Inc., 564 U.S. 552, 570–71 (2011) (“There is a strong presumption that
prescriber-identifying information is speech for First Amendment purposes.” (emphasis added)); see also Jane
Baubauer, Is Data Speech?, 66 STAN. L. REV. 57, 57 (2014) (“Privacy laws rely on the unexamined assumption
that the collection of data is not speech. That assumption is incorrect.”).
209. Sorrell, 564 U.S. at 570.
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 39
access to their data—would restrict data collection and thus hamper the free flow
of information.
210
Thus, “putting a fact into the ownership of only one person,
or allowing an entity who generates a fact . . . to control how it is used”
creates
“pernicious dangers” against the freedom of expression.
211
D.
GOVERNMENT USE OF DATA
Restricting information flows could also significantly hinder public
governance and law enforcement. As a particularly illustrative and recent
example, police officers in a number of U.S. states are required to wear body
cameras while on duty, where the recordings are available for inspection as
public records.212 This is part of an important public policy move to enhance
transparency within law enforcement bodies and reduce risks of abusive police
practices or unjustified complaints against the police. If police officers and
citizens had property rights to the body camera footage, the usage of such
cameras would be greatly complicated. Individual could exclude the public from
such data, impeding the basic precepts of transparency and accountability that
underline this public policy. Many other government uses of data would
similarly be impeded by the creation of property rights in data for individuals
and potentially companies that buy data from individuals, including census,
statistics, taxes, licenses, etc.
E.
COMPETITION
Likewise, “information propertization is designed to restrict competition,
if not always by creating economic ‘monopolies,’ at least by enhancing the
position of one competitor vis-à-vis others.”
213
For example, ownership in data
means that potential users of that data must either purchase access rights from
the owner or attempt to gather the desired information themselves.
214
Under the
second scenario, if the data is a “sole-source data,” the owner will not be limited
by a price ceiling, which can foreclose all other persons from the possibility of
gathering the data independently.
215
This can result in monopolies in data and
210. See id. at 580 (holding that a state regulation violated the First Amendment because it “burdened a
form of protected expression that it found too persuasive,” while leaving “unburdened those speakers whose
messages are in accord with [the statute]”); Adam D. Thierer, The Internet of Things and Wearable Technology:
Addressing Privacy and Security Concerns Without Derailing Innovation, 21 RICH. J.L. & TECH. 6, 75 (2015)
(“[O]ther scholars recognize that restrictions on data collection are restrictions on the free flow of information,
which implicate the First Amendment.” (footnote omitted)).
211. Symposium, Data Protection Statutes and Bioinformatic Databases, 8 B.U. J. SCI. & TECH. L. 171,
182 (2002).
212. See Body-Worn Camera Laws Database: State Body-Worn Camera Laws, NAT’L CONF. ST.
LEGISLATURES (Feb. 28, 2018), http://www.ncsl.org/research/civil-and-criminal-justice/body-worn-cameras-
interactive-graphic.aspx#/ (providing a clickable diagram detailing various states’ body camera laws).
213. Margaret Jane Radin, A Comment on Information Propertization and Its Legal Milieu, 54 CLEV. ST. L.
REV. 23, 28 (2006).
214. Symposium, supra note 211, at 182.
215. Id.
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
40 HASTINGS LAW JOURNAL [Vol. 70:1
hurt competition. In fact, there are already attempts to monopolize data, which
would only get worse with data propertization. For example, “sports leagues
increasingly seek to control the dissemination of real-time data in conjunction
with lucrative distribution agreements,”
216
given that real-time information on
sporting events are disseminated through several media,
217
sports leagues’
ownership in the real-time information will further undermine the competition
from those other mediums.
F.
SOCIAL JUSTICE AND FAIRNESS
Some proponents for data propertization argue that individuals should be
able to economically benefit from their data (for example, by receiving monetary
compensation).
218
But, consent requirements under privacy and publicity laws
already create opportunities for individuals to monetize their statutory choice
(by withholding consent except in consideration for valuable services or other
benefits), without incentivizing an outright market where individuals transfer
ownership to their data to companies, which could then exclude anyone—
including the data subjects and their friends and families—from using data to
which the companies have acquired property rights.
Even if some individuals were able to demand better consideration for their
data, most people will likely lose out. Businesses would have to find alternative
sources of funding to pay data subjects and this could ultimately result in
disadvantages for consumers. Companies developed many innovative services
based on advertising and data-based business models, such as Internet search
engines, mobile maps, social networks, video sharing, and consumer reviews,
which would never have been able to gain critical mass based on for-pay models.
If companies have to switch to for-pay models, because they become unable to
run service-for-data models, large parts of the population may lose access to
services because they cannot afford them anymore or find the time to focus on
personal data monetization to generate additional income.
The present discussion in Germany regarding data propertization also
provides valuable insight. As developing countries have made attempts to
protect natural resources from exploitation by European explorers in the past,
European countries seem now intent on protecting personal data as the “fuel of
the digital economy” for European enterprises today.
219
In this context, data
216. Ryan M. Rodenbert et al., Real-Time Sports Data and the First Amendment, 11 WASH. J.L. TECH. &
ARTS 63, 63 (2015).
217. Id. at 65.
218. See Laudon, supra note 15 at 93 (“[I]n which individuals can receive fair compensation for the use of
information about themselves. This step is necessary because of the continued erosion of privacy brought about
by technological change, institutional forces, and the increasingly outdated legal foundation of privacy
protection.”). The notion that individuals should have the right to own and control data about themselves may
have become more popular in reaction to the Snowden disclosures relating to mass data collections around the
world.
219. In the EU, politicians debate whether a special right in data should be created as part of the EU’s Digital
Single Market project. European Commission, supra note 158, at 2–3.
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 41
ownership rights are not claimed for data subjects, but for companies ab initio.
220
German scholars have noted that the present movements for data propertization
are thinly-disguised attempts to protect the German car manufacturing industry
from being disrupted by U.S. technology companies and likened the situation to
the previously unsuccessful efforts made by German newspapers and public
broadcasting institutions against search engine aggregators.
221
In 2013, the
German Parliament passed an ancillary copyright law aimed at search engine
aggregators, in which news and magazine publishers were given exclusive
property rights to make press products available to the public unless they
qualified as short text excerpts.
222
In response, leading search providers
“rendered the legislation all but meaningless” by carrying only the news of
publishers who agreed to waive those exclusive property rights,
223
ultimately
causing more disruptions in the German market. The possibility of any
legislation on data ownership being similarly circumvented and making a
negative impact is another consideration that should be taken into account when
determining whether there should be property rights in data.
G.
NORMATIVE IMPLEMENTATION OBSTACLES
Besides the lack of compelling reasons for property rights, and the
significant policy concerns against creating property rights, any new data
property rights regime would face insurmountable implementation obstacles.
For example, if sensors on a car owned by a company (for example a taxi
company) generate various “valuable” data relating to the driver (in this
example, the taxi driver), the passengers (the customers sharing the taxi), and
220. For example, German Chancellor Angela Merkel raised the question whether vehicle manufacturers or
software developers own data generated by connected cars, but not considering that car owners, drivers or
passengers could instead be entitled to own such data. See Video-Podcast, supra note 181. In contrast, the
German Federal Ministry of Transport and Digital Infrastructure (BMVI) released a strategy paper in March
2017, according to which an individual person should have sovereignty over her own data. Wir brauchen ein
Datengesetz in Deutschland!: Strategiepapier Digitale Souveraenitaet, BUNDESMINISTERIUM FÜR VERKEHR
UND DIGITALE INFRASTRUKTUR, http://www.bmvi.de/SharedDocs/DE/Artikel/DG/datengesetz.html (last visited
Nov. 21, 2018) (Ger.) (stating that data is not a “thing” and thus cannot be “owned” in the legal sense under
current German property law, but that BMVI wants to develop a solution that leads to an equal treatment of data
and things by creating a legal environment in which data can be strictly allocated to an individual or a company
as the “owner” of such data). German Interior Minister, Thomas de Maizière, on the other hand stated that he is
against a concept of data ownership in general. Guest Commentary Thomas de Maizière, DER TAGESSPIEGEL
(Feb. 16, 2017), http://www.tagesspiegel.de/politik/data-debates-datenschutz-ist-kein-selbstzweck/
19391956.html.
221. Hornung & Goeble, supra note 17, at 268.
222. See Greg Sterling, German “Ancillary Copyright” Law to Go into Effect, Imposes Limits on Search
Results, SEARCH ENGINE LAND (May 16, 2013), https://searchengineland.com/german-ancillary-copyright-to-
go-into-effect-imposes-limits-on-search-results-159843 (new law required Google and others that index or
aggregate news to pay for links or excepts for those news items).
223. Matthew Karnitschnig & Chris Spillane, Plan to Make Google Pay for News Hits Rocks, POLITICO
(Feb. 15, 2017, 7:36 PM), https://www.politico.eu/article/plan-to-make-google-pay-for-news-hits-rocks-
copyright-reform-european-commission/. See generally Hornung & Goeble, supra note 17, at 265.
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
42 HASTINGS LAW JOURNAL [Vol. 70:1
various people that come into the proximity of the car (people crossing the street
in front of the taxi), who would have ownership rights in that data?
Governments, businesses, and individuals would need to claim broad exceptions
to broad data property rights in the interest of free speech, information freedom,
safety, and security, and courts would inevitably get entangled in litigation that
would require constant weighing of property versus speech rights and constant
censorship of speech and information flow. Data subjects who successfully sell
their data would have to keep accounts for income received and pay taxes.
Collective rights societies may come into existence and create new
bureaucracies and paperwork. Every data trader would constantly have to issue
privacy notices to data subjects or obtain renewed consent, provide individual
access, grant portability honor objections and comply with requests to be
forgotten under the EU GDPR. To avoid these and other practical problems, data
should be left to the public domain, a concept rooted in Roman law as res nullius,
which means “property of no one,” or res communis, “a public good.”
224
C
ONCLUSION
No one owns
225
or should own
226
data as such.
227
Data as such—the content of information—exists conceptually separate
from works of authorship and data bases (which can be subject to intellectual
property rights), physical embodiments of information (data on a computer chip,
which can be subject to personal property rights; warning symbol painted on a
road, which can be subject to real property rights) and physical objects or
intangible items to which information relates (a dangerous malfunctioning
vehicle to which the warnings on road markings or a computer chip relate).
228
Lawmakers have granted property rights to different persons regarding works of
authorship, data bases, chattels, land and other items for the purpose of
incentivizing investments and improvements, a purpose that does not exist with
respect to data as such.
229
Individual persons, businesses, governments, and the public at large have
different interests in data and access restrictions.
230
These interests are protected
by an intricate net of existing laws that deliberately refrain from granting
property rights in data. Existing property laws intentionally exclude data from
224. Christopher R. Rossi, ‘A Unique International Problem’: The Svalbard Treaty, Equal Enjoyment, and
Terra Nullius: Lessons of Territorial Temptation from History, 15 WASH. U. GLOBAL STUD. L. REV. 93, 117
n.150 (2016).
225. See supra Part III.
226. See supra Part VI.
227. See supra Part II for distinction regarding information content, expression, physical manifestation of
data and information objects.
228. See supra Part II.
229. See supra Parts III, VI.
230. See supra Part IV.
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
December 2018] NO ONE OWNS DATA 43
subject matter definitions.
231
Existing data-related laws and property laws
balance interests in data and access restrictions based on public policy
considerations that would be impaired by a creation of property rights in data.
New property rights in data are not suited to promote better privacy or more
innovation or technological advances, but would more likely suffocate free
speech, information freedom, science, and technological progress. The
rationales for propertizing data are not compelling and are outweighed by
rationales for keeping the data “open.” No new property rights need to be created
for data.
231. See supra Part V.
F - DETERMANN_25 (TRANSMIT) (DO NOT DELETE) 1/19/2019 11:55 AM
44 HASTINGS LAW JOURNAL [Vol. 70:1
***
