Data and connected devices

Data and connected devices

Data which is the very groundwork of the modern digital economy has been termed as “the new oil” in financial jargon owing to its resource like properties.[13] Prior to digitization information in the form of data took many formats. “Text and figures were written on paper, sound recorded on a magnetic tape, pictures on a silver-coated transparent plastic tape, etc.”[14] Then, it was costly to store, process or transfer data and defining data ownership right had little to no meaning as accessing forms of personal and company data was very costly and difficult. The protection of these privacy rights did not come into much play either. Due to the advancements Digital technology the value of data has come to be seen in a totally different light. Interoperability costs have reduced a lot as a result of the universal digital (binary 0/1) data format carried via electronic means. Data can now be captured, stored processed and transmitted at a very low cost which in turn has led to massive quantities of data termed “big data” being transferred to digital information environments.[15] Furthermore, governments within the EU are seeking to make their cities into “smart cities” which are a result of superfast telecoms networks, electrification, artificial intelligence, IoT and digital payments. The interconnecting key elements of smart cities are connected devices networks in the form of sensors attached to real world objects such as roads, cars, electricity meters, domestic appliances and human medical implants which connect these objects to digital networks i.e. the IoT, “ubiquitous computing.”[16]

Types of Data

Connected devices encompass smart devices which generate data and transmit that data trough wireless or wired communication such as the everyday appliances that we use including 5G networks, computers, tablets and smartphones. The data which is generated, stored and communicated through the use of these devices to a very large extent is influenced by human behaviour patterns, as previously mentioned. The form in which the data is collected and generated through the use of these devices is in its absolute “raw” form. Thereafter it is analysed and may, but is not limited to taking the datasets in databases. These smart devices do not function autonomously, rather they rely on data which they receive though other connected devices through non-wired and wired methods. Hence, “‘autonomous’ or ‘smart’ devices will often make use of data analytics, machine-learning and artificial intelligence.”[17] Thus, these smart connected devices do not autonomously produce “raw data” about personal behaviour patterns of any said individual. Furthermore, connected devices are not limited to those that communicate autonomously through the Internet of Things.[18]

Devices used by humans for the purpose of communication, such as PCs, tablets and smartphones, are equally covered, because it is not relevant to which extent data is stored or processed by the device with or without being influenced by the decisions of a natural person. We established that “data” may take many forms and the through analysing data we involve more persons to reap fruit from the legal rights, obligations that come with these “forms” of raw data, datasets which will likely be encoded in databases, software or other constituent components of the connected device. On a sematic level the personal data that has been encoded in a database in its pure or in its raw form i.e. bits and bytes remains unaffected. The GDPR on the other hand sets obligations as to what can and cannot be done with this personal data. Josef Drexl, in his study unravel the rights related to data and discusses whether an “ownership” like right in personam or rem can be transcribed to parties who may have interests in the data.

It is acknowledged that the closest that a regulatory law has come to data ownership[19] is the database directive which establishes exclusive ownership rights for ‘databases’, albeit with some exceptions or restrictions. With the advancements of ML and AI which crave enormous amounts of data another question which needs to be answered is whether the current data access regimes allow for the innovation in the AI- driven technological world.[20]

Data and the ‘rights’ vested therein

Both the GDPR and the DbD regulate the flow of data and thereby confer rights and obligations for certain persons. Each legal right that these rights holders possess relate to a corresponding legal obligation imposed on others. The RtDP confers a right for an individual to switch between controllers i.e. service providers at the individual’s request.

The SGDR confers the right upon the database holder who makes a substantial investment in verifying, obtaining or presenting the contents of the database to prevent others from extracting or reusing part(s) of their database. Therefore, one may deduce that RtDP is a positive right i.e. it allows for an individual or data subject to take a certain action whereas the SGDR allows the database holder to preclude or prevent others from taking an action i.e. extracting part(s) of their database. In the case of intellectual property an exclusive right is given to the creators or inventors their works. In the case of the GDPR this is a right given to individuals seeing that there was a pressing need to do so in the wake of big data generation by for example connect devices.