A wide variety of material, including data, can be sourced in marketplaces sponsored by cloud service providers (and myriad other online sources). This checklist can be used to facilitate review of data licenses in any commercial setting. In the context of a cloud provider marketplace, getting access to communicate with the data licensor for negotiation may be challenging. Indeed, information about the dataset may be limited, complicating assessment of legal risk and fitness of the data for their intended business purpose.
Where information is limited or concerns cannot be addressed through direct negotiation, the client organization should pay particular attention to the intended use of the licensed data and its internal controls for managing the licensed data to the permitted use. Rule of thumb: Data that will be used internally for a limited purpose in a manner in which the data can be contained and readily destroyed and replaced (if needed) generally creates less risk to the licensee/user than data that are to be used as an integral component of an essential internal operation or distributed to customers.
Lawyers should keep in mind a common misconception that readily accessible published data may be freely used—without charge or other limitations. Not so. Be prepared to encounter this misconception in your client organizations.
With that background, review data license agreements with these ten points in mind. The first anticipates information about the transaction developed outside the license agreement. The remaining points relate to license terms.
No. 1: Data Licensor
The practices of the data licensor in collecting or creating the licensed data are foundational to the integrity of the data and the rights that the licensor purports to convey to the licensee (data user). The data licensee will need to determine whether or not the data are fit for the licensee’s intended purpose.[1] The licensee will also have to consider whether the manner of collection or creation is consistent with underlying expectations of privacy (for personal information) and confidentiality (for business and other proprietary information). Use of licensed data by the licensee could be impaired if its licensor fails to comply with applicable law or upstream license agreements and consents.[2]
The proliferation of data collection channels offers intriguing new material for study and analysis. Companies rushing to capitalize on those new channels may not be as diligent about obtaining or documenting the provenance of the data or consents obtained in their collection process. Synthetic data, which are generated (created), not observed, may raise considerations about quality/veracity or bias, for example, that the licensee will want to have clearly documented.
In short, the client’s business and legal representatives should have a baseline understanding of the data to be licensed, the data’s source, and the purpose for which the data are to be used.
No. 2: Users
Who needs access to the licensed data and for what purpose? These client expectations need to inform the license definition of permitted users. The universe of permitted users could be as narrow as named individuals or as broad as anyone employed or otherwise working in the client enterprise. Pay attention to affiliates and service providers that may need access to data. For example, an organization that outsources its information technology (“IT”) function should be covered to the extent that
Data License Checklist: Cloud Computing and Cloud Marketplace Toolkit Project
This is premium content for:
ABA Business Law Section Members.
Please log in or join the Business Law Section to read this full article.
