Getting Smarter about Information in Contracts for Bodily Infrastructure | Enterprise Regulation At present from ABA
Each week we read reports of new deployments of smart devices and smart services. Gartner estimates that 25 billion connected things (IoT endpoints) will be in use by 2021, a 21 percent increase from 2019. Leading IoT endpoint sectors are utilities, physical security and government. Smart infrastructure and smart cities are finally living up to the hype.
Most new builds of physical infrastructure—roads, tunnels, airports, transport interchanges, bridges, buildings, utility networks—remain less smart. However, almost all new infrastructure is, or should be, informed by new sources and applications of data. Anonymized and aggregated mobile phone tracks are used to find correlations and patterns to model how unidentifiable individuals access airports or other hubs: from what locality, by what route, and by which mode of transport (private car, minivan, bus, train, etc.). Better data assists in minimizing deleterious environment impacts, planning roads, and estimating likely traffic outcomes, all of which provides a better evidence base that can be used to reduce financing cost of new infrastructure builds. Data can assist humans to make smarter decisions about not-so-smart new physical infrastructure, as well as new smart buildings, cities, and utility networks.
In short, data and the use of new sources of data (including IoT services) can and should be an increasingly important factor in lowering the cost of, and maximizing value derived from, major infrastructure projects.
Analytics insights derived from data about engineering, construction, use, and maintenance of existing infrastructure can be leveraged into better processes and practices and lower costs in planning, executing, and operating new infrastructure.
Analytics insights as to patterns of use of new infrastructure, and as to changes in surrounding communities driven by new infrastructure, can dramatically improve assessment of outcomes of infrastructure builds, enabling innovative structures such as outcomes-based financing that uses quantitively reliable and verified measurement of social outcomes.
However, standard contracts and contracting models in use today for commissioning and financing of new infrastructure, particularly by government authorities and utilities, has generally not kept pace with diversity in sources of data and new capabilities of data analytics to better inform such projects. As a result, too often government authorities and utilities are not achieving the best value for money in planning, building, and operation of newly commissioned infrastructure.
There are a number of reasons why this is the case:
- The business lawyers most familiar with data contracts to date have been technology lawyers, not construction, finance, or infrastructure lawyers. Best practices in data contracting is now infiltrating other fields of business lawyering, but more slowly than would be ideal.
- Data is itself not recognized as an asset class, so its importance can be overlooked.
- Infrastructure sectors are only beginning to understand how to derive, capture, and fairly allocate value from data.
- There remain misconceptions about data “ownership”. In particular, there is a common misconception that data can and should be dealt with in contractual provisions as a type of intellectual property, akin to treatment of engineering plans and design, and operations manuals and software. This analogy is often wrong in that the latter are usually protectable as copyright works and sometimes as patentable subject matter. Many data sources and data sets are not creations of original human endeavour and therefore protectable.
- Insights from data analytics often are derived through a combination of data from multiple sources, or from different points within a multiparty data ecosystem, where the rights of aggregation, combination, and use to create outputs and insights are not properly captured and held by a single party, such as the commissioning party. Multiplicity of parties and of data custodians creates contracting challenges, particularly if data value is sought to be captured by commissioners of physical infrastructure as a trade secret (confidential information).
- To the extent that the value of data in individual projects is assessed and brought into expense and revenue projections, data are often valued in relation to a specific project and not for its potential application to reduce the cost of building or operating a class of infrastructure assets more generally, or its potential use to increase utilization of an infrastructure asset and thus recover financing costs or amortize operating costs.
Misconception as to who “owns” data cause particular problems. Data, mathematical formulae, other algorithms, and algorithmic methods generally cannot be legally “owned” as ownership is legally determined in most jurisdictions. This is why talking about “licensing” data often does not make legal sense. As a result, it is sometimes said that “no one owns data.” That statement is technically true as a matter of property law in many jurisdictions. However, that statement is also quite misleading.
The key point is that legal ownership of data cannot be definitely assured through operation of intellectual property law or contractual provisions as commonly in use in infrastructure contracts today. Parties commissioning the physical infrastructure assets must be particularly cautious as to contracts they use to ensure that rights of and control of data use and reuse are properly captured and held by a single party, such as the commissioning party.
The problem partly arises as a result of fading of any distinction between “data” and (useful) “information.” We now are accustomed to using “data” as an omnibus term covering any and all of:
- raw data (digital noise to humans) that may not be discoverable and interpretable by machines,
- structured (transformed) data that is ready for machine interpretation, and
- information (such as actionable insights) carrying human interpretable meaning, such as text, music, and images.
However, the distinction between data and information is critically important when considering intellectual property rights and other rights and legitimate expectations of parties “sharing” data in multiparty data ecosystems. As soon as we begin using the terms “data” and “information” interchangeably, we lose precision in analysis and in understanding about data value.
Notwithstanding these problems, it is possible to define certain ownership-like rights and obligations in relation to data.
The first option is to define ownership-like rights and obligations by contract, being rights and obligations that the contract counterparties agree will govern the relationship between them. The practical difficulty, however, is that contractual rights may only be enforced against a party to the contract in relation to:
- acts or omissions of that party, and
- acts and omissions of third parties for whom that party accepts contractual responsibility.
A second option is to use contractual provisions to leverage the diverse laws in many jurisdictions relating to confidential information or trade secrets. Trade secret protection is particularly important in relation to chemical, pharmaceutical, and nutraceutical data. The Coca-Cola recipe and Google search algorithms are famous trade secrets.
Section 1(4) of the Uniform Trade Secrets Act provides:
“Trade secret” means information, including a formula, pattern, compilation, program, device, method, technique, or process, that: (i) derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.
The World Trade Organization’s Agreement on Trade Related Aspects of Intellectual-Property Rights (TRIPS Agreement) provides that “Natural and legal persons shall have the possibility of preventing information lawfully within their control from being disclosed to, acquired by, or used by others without their consent in a manner contrary to honest commercial practices.” Broadly, nations that are signatories to the TRIPS Agreement must provide the right to control data that is (a) secret, (b) valuable, and (c) safeguarded.
The European Union’s to standardize the national laws in EU countries against the unlawful acquisition, disclosure, and use of trade secrets. EU Member States must implement the directive, which harmonizes the definition of trade secrets in accordance with existing internationally binding standards and defines the relevant forms of misappropriation. “Trade secret” is defined in Article 2 as information meeting each of the following:
(a) it is secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question;
(b) it has commercial value because it is secret;
(c) it has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret
“Trade secret holder” means “any natural or legal person lawfully controlling a trade secret”.
In Australia, trade secrets are generally regarded as a subset of protected confidential information. Protected confidential information requires four elements:
- the information must have the necessary quality of confidence;
- the information must have been imparted in circumstances identifying an obligation of confidence;
- there must be an unauthorized use of that information to the detriment of the person who claims the confidence; and
- the plaintiff must be able to identify with specificity, and not merely in global terms, that data/information which is said to be confidential.
Of course, if data has become public, the data is no longer confidential and is no longer a trade secret; regardless of whether the data remains commercially valuable. However, a collation of data that comprises a database may retain the necessary character of confidence where only some data (colloquially, “slivers” of data) from the much larger collation is released into the public domain. Accordingly, a publicly accessible database may be protected if the access is controlled and limited such that the combined accesses do not have the character of making the database broadly available. Also, more extensive data sets or fields from collation of data may be permitted to circulate within a controlled and limited section of the public under legally binding conditions as to confidentiality, and retain the necessary character of commercial confidence.
Further, even where data in a databased is not protectable as a trade secret or other intellectual property, the way in which elements of the database are labelled, structured, managed, correlated, or used often will be protectable as a trade secret or as other intellectual property.
Clauses in infrastructure project agreements as commonly negotiated today, including in financing agreements, usually address ownership and assignment of intellectual property rights and rights in and to confidential information. However, these clauses are often not apt to capture and allocate data as a class of asset. These clauses often do not require each party in a multiparty data ecosystem to take all commercially reasonable steps to ensure protection of data that the party handles as a trade secret. Often the contract drafting leaves ambiguity as to which entity handling data within a multiparty data ecosystem is the holder of such rights as may arise in any to confidential information (trade secrets) in that data.
These issues can be readily addressed in well through infrastructure contracts. The first step is to recognize the diverse data sets associated with design, build, operation and maintenance of infrastructure assets. The second step is to assess the value of that data and determine its fair allocation. The third step is to work out which entity should control (“own”) that data, and what each other entity handling that data should be contractually required to do to ensure that the ultimate data controller (“owner”) can protect and thereby derive that value. The fourth step is to work out what practical controls, safeguards, oversight and verification mechanisms, and other good operational data governance should be contractually assured. Only when each of these four steps are completed are the lawyers ready to draft the infrastructure contract. The standard or project infrastructure contract may need significant tailoring to ensure that:
- key rights of and to data are properly captured and held by a single party, such as the commissioning party,
- the complexities that arise from data arising from multiple sources at different points within a multiparty shared data ecosystem are properly dealt with so it is clear who holds rights in and to confidential information and trade secrets, including in further transformed and derived information (such as insights).
The world has moved on since clauses in some infrastructure project agreements in common use today were developed. Common use contracts now must catch up. Many parties commissioning and financing infrastructure builds are inadvertently giving away data value that they should capture for themselves – or at least gain value by trading away.