Introduction

For much of the past decade, the focus of legal practitioners, legislators and regulators alike has been on personal data and the protections that should be afforded data subjects, often the unwitting participants on a journey of technical discovery in which third parties seek to unlock the value of data that has been created. This focus is increasingly being seen for what it is – too narrow.

In 2006, Clive Humby, the British mathematician who with his wife, Edwina Dunn, helped a leading supermarket create its loyalty programme, declared data to be the ‘new oil’: early recognition of the manner in which big data was set to revolutionise the marketing world. In 2017, Economist ran a report under the title, ‘The world’s most valuable resource is no longer oil, but data’. Indeed, equating innovative applications of data with fossil carbon fuels is increasingly a common refrain. It should be noted that others have equated it with gold, neatly acknowledging that, whether gold or oil, it is now seen as the equivalent of a physical asset.

The analogy (especially as formulated by Economist), however, is not without problems. Although data and oil are both commodities, the true value of oil derives from the extent and supply of a finite resource and is achieved through consumption, whereas data has no such constraints either in terms of quantity or availability and it will generally be replicated rather than consumed.

A more nuanced reading of Humby perhaps offers greater insight: that unstructured data, like crude oil, has limited worth but – through refinement – its significant value can be unlocked. Rather than merely a commodity or fixed asset, data performs as any other financial asset of a business.

Given its ability to affect every aspect of our commercial and personal lives, it is increasingly more appropriate to focus on the role of data as a critical asset, perhaps the critical asset.

Indeed, the ubiquity of data and its unparalleled rate of creation means that it has the potential to be a rich source of legal work. From the moment of its creation to its ultimate destruction, data necessarily has a value, capable of and requiring control, commercialisation and protection. Whether seen in a privacy, security, employment, competition, intellectual property, corporate or commercial context, clients will require transactional, regulatory and contentious legal solutions in respect of their wider data assets, rather than simply personal data.

These solutions will need to be delivered in an agile, dynamic and seamless way and will perhaps inevitably be less respectful of more traditional legal service lines. Clients will demand that their lawyers are able to move seamlessly from advising on trans­actional and early-stage regulatory matters through to new breeds of litigation disputes.

It is therefore timely that the launch of this book by Global Data Review seeks to widen the legal debate concerning data – from issues of privacy and personal data protection to its role as a critical asset – not least because newer internet technologies (whether artificial intelligence, the virtual world of the metaverse or its close cousin, the omniverse) will confirm that we are moving into a world made of and governed by data assets.^[2]

A new approach?

For hundreds of thousands of years, leaking oil in the tar pits of California simply served to trap prehistoric mammals. It was only with the advent of the car that a material that was seen as a stain on the land became desirable. A similar analogy can be made between modern technology and data.

In its crude and unrefined form, oil is useless for cars and undefined data is the same, simply a morass. Thus, it is self-evident that what gives oil its value is the manufacturing process; a process that presents challenges, in and of itself, of ownership, storage, protection, transport and security.

In the case of data, the issues are very similar. How is the data gathered? How is it combined with other data? What rules govern the use of that data and its relationship with other data? What is the purpose of the exercise? What rules govern the storage of that data? Who can have access to that data? What is the relevance of that data? And how is data made both available and secure?

All these issues raise questions, present challenges and demand support and solutions from a legal perspective.

Emerging technologies promise not only to revolutionise the way that companies use data but will also present huge legal challenges to that use because of the ability that living and working in the metaverse presents to map the behaviour of individuals.

According to those developing the metaverse, these 3D virtual worlds will enable us to shop, play, holiday, become educated and work in a way that will see us becoming inextricably bound up with increasingly more complex computer systems – a process that many involved in technology are calling augmentation.

We are entering a world in which the gathering, sharing and trading of data assets (and associated permissions) will become huge and extremely controversial and the legal implications will increase in intensity.

The criticality of data assets

It is a future world of data gathering and interpretation for which some companies are already preparing. However, others are woefully unprepared, according to Leslie Willcocks, Emeritus Professor of Work, Technology and Globalisation at the London School of Economics and Political Science, who has researched global work trends for more than 30 years.

According to Professor Willcocks, whose latest book, Robotic Process and Cognitive Automation: The Next Phase, examines the adoption of robotics and AI in the economy, the ability of companies to adopt technology is now crucial to their survival.

What I see is about 20 percent of the organisations that have moved successfully to digital are breaking away from other companies in terms of profitability and financial health and the gulf they are establishing is likely to become irreversible.^[3]

This underlying trend, Professor Willcocks says, will now accelerate as a result of the coronavirus pandemic creating early casualties in retail, aviation and leisure.

According to KPMG, the accountancy and consulting firm, many companies are struggling to mine and refine data successfully:

The reasons are many, including data fluency, complex and siloed system architectures, access controls and policies, cultural issues, and interoperability issues across the business. However, leading organisations are fundamentally reimagining their relationship with data and, as a result, transforming IT’s role to materially impact business outcomes. Over the next three to five years, leading companies are expected to adopt four key data principles into their operating models: clarify data accountabilities across the enterprise; embed data fluency across the enterprise as a strategic imperative; move data curation into the business as a core competency; and reimagine a frictionless data supply chain.^[4]

These are key principles in the journey to becoming footloose, digital, data-driven enterprises and will require legal underpinning. Data will not only be critical to the success of the way a company is organised, the interpretation of it will also be critical to the success of a company’s business. This is because, in the future, decisions made using data are highly likely to become embedded in a company and the AI selection and interpretation of data resulting from the quality of this data will be critical, because bad or contested data will instantly become a business risk.

A further trend that also needs to be understood in this fast-moving world is data integrity. For any data asset to be valuable in an organisation it has to be trusted. To ensure that integrity, it has to be protected and it has to have been cleaned. If data from outside is acquired or collated to fulfil a particular purpose, it must also have the same integrity.

A brave new world?

This new data world thus immediately raises a number of legal questions. However, we need to widen the aperture to consider the legal issues of the protection of data, rather than simply data protection.

Whether in a business as usual context, a routine audit or, indeed, as part of corporate merger and acquisition due diligence activity, the questions we can expect to be asked time and again will be: Where did the data come from? How was it obtained? What will our organisation use it for? Do we have the rights to use it in that manner? Are we holding that asset in a secure and safe manner?

Just as important as a process of auditing data will be a constant reassessment of the use of that data to ensure that it is not being processed in a way that can cause legal issues.

In this Guide, we seek to explore with leading practitioners the manner in which we can take a fresh look at data as a wider class of asset within a business context. It requires an assessment, which takes us beyond the more familiar domain of data protection legislation and calls for us to understand the precise value of data and the use to which it is being put. Although we cannot – and must not – ignore the importance of privacy and data protection, the world is starting to embrace the broader context of data assets and we need to respond and frame legal solutions accordingly.

Although seeking to draw an analogy between data and oil might be questionable, the critical role of data assets in our future is undeniable.

I hope you enjoy the Guide.

Notes