AI Series 6: Artificial Intelligence and Data Feeding: How can I commercialize "data" for AI-licensing?

1. Is AI-data licensing attractive for everyone?

You might think that selling/licensing your data to an AI-tool-provider is not your type of business field, since you are not working in the software industry or e.g. simply not as big as tech giants and do not have a substantial amount of data. You might be mistaken about that. Even a non-digital enterprise (SME) might own substantial information/data of value for AI (e.g. an electricity provider which knows when and why electricity is used by which user in which region to which degree and how frequent, all of which information could provide insight on predictive energy plannings within a Swiss city). So consider the worthiness of your data first. You might be sitting on gold without knowing it.

2. Before I decide to share/license data with/to an AI-tool-provider, what should I do?

You should consider who owns the data, technically speaking. Of course you "have" the data, but that doesn't mean that you are entitled to sell or disclose it to any third party. The relevant data might have been entrusted to you on a confidential basis, which does not allow you to disclose it to third parties. This can also bear criminal implications as e.g. breach of trade secrecy which you are obliged to safeguard may be punished under Swiss criminal law (Art. 162 Swiss Criminal Code). As a further example, also consider that your data may be protected by copyrights of third parties (e.g. text of authors or photographs) and can therefore not be duplicated/re-shared with others unless with a respective license. Most importantly, make sure to qualify the nature of your data: Is it personal data (i.e. relating to a personally identifiable individual) or not? If yes, you need to consider data privacy implications of your envisaged data sharing. Have you informed the individuals beforehand that you might share data with third parties for AI-machine learning purposes (and explained roughly what type of data analysis will be conducted for which specific machine learning purposes)? All of this might not be so easy to answer and you should obtain as much information from the AI-tool-provider as possible to assess his planned activities and then make sure to have all the necessary transparent information framework in place vis-à-vis the individuals affected. Finally, do not forget to reflect on competition/antitrust matters: As you may know, data in general should not be shared between competitors in the market if this facilitates collusion in connection with prices, quantities or territories.

3. Ok, that sounds difficult. Is AI-data licensing legal at all?

What was discussed under Section 2 might read to you like a legal minefield. Yet, this does not necessarily mean that engaging in data sharing/licensing is impossible. The above diagnosed issues are surmountable if carefully considered from a legal perspective. Furthermore, consider the option to fully "anonymize" relevant data as an additional layer of compliance. In such cases, remember that anonymization must be permanent/irreversible to benefit from it (the AI-tool-provider should not be in a position to de-anonymize data with a suitable key).

Switzerland

Topic

New Media & Technologies

4. Ok, I made up my mind. What is an AI-data license agreement and how should I go about drafting one?

A license agreement is in essence a "right to use" granted to someone. In other words, you may grant someone a right to use your data for a specific scope, territory and timeframe and are even free to impose certain forms of user restrictions on top. Very honestly, you can surf through the internet and will find a few templates and can consider using fragments, but not all of them will fit nor will the whole picture look like an agreement reflecting your particular needs and risks. Therefore, let us give you some overall idea on which clauses you should pay attention to:

• Define content of your data and preparation of the format/structure when sharing: What is your data about resp. what characteristics does it have? Will it meet certain quality criteria (e.g. are you able to assure that your data will be accurate or would you prefer to say no to that?). Consider whether the data will only be provided once or whether you would be willing to share your data on an ongoing basis (e.g. if the metrics of your data change in the sense of an update and you would share following up). In terms of the format/structure, discuss with the AI-tool-provider which format is required by him and for order, make sure to label singular data sets (e.g. with numerals or hash Values). Data is only of use for the AI-tool-provider if he can use the relevant format and if it is compatible with other formats of data which he may have received from other data sellers. Also consider whether you would transfer data into the AI-tool-provider's sphere or if you would only grant access to data stored in your depository on a "read-only"-basis.
• Address data privacy and IP-issues: Can the AI-tool-provider assume that your data contains personal data or that it is pseudonymized or anonymized? In order to shield yourself from data privacy-triggered liability, you should ideally stipulate that the AI-tool-provider will prevent re-identification of personal data. In any event, should re-identification happen (e.g. by coincidence through big data analytics), then AI-tool-provider should undertake to comply with all relevant provisions of data protection laws vis-à-vis the respective individual affected. Is your data protected by copyrights or does it contain trade secrets or is it burdened by confidentiality undertakings? If yes, you should make sure that not only your data disclosure is cleared by relevant right owners, but also that the AI-tool-provider may not re-distribute such data to third parties but usually only use it for own, internal purposes.
• Scope of license: To which extent and for which purposes may the AI-tool-provider use the relevant data? Remember that it is up to you to define this as owner of your data. While the AI-tool-provider may be interested in the widest scope possible (for whatever reasons), it might be in your interest to curtail the license scope. E.g. you might not want to permit forms of use from a commercial standpoint (because your pricing does not have these forms of use in mind) or because they could be unethical. Also, consider the sub-licensing aspect. Do you want to permit that data is forwarded from the AI-tool-provider to third parties or not? Consider that you loose control over the use of your data, the more sublicensing you permit and that this also has a commercial impact on the value of your license.
• Payment: Various forms of compensation can be agreed for an AI-data license grant. A one-time disclosure of data is more likely to be compensated with an up-front fee while periodic access to data stored under your depository or regular provision of data updates are more likely to be compensated with recurring fees. Further fee models are imaginable. E.g., if data is not transferred to the AI-tool-provider at all, but merely made accessible within a "data pool", a "pay per use"-model is also imaginable (based on amount and/or intensity of data usage).
• Warranties, Covenants, Liability: The AI-tool-provider may ask for a warranty that you have sufficient rights to grant the right to use the respective data and that you have all the necessary approvals or provided all the necessary information to individuals affected. In return, make also sure to obtain a bilateral warranty back: The AI-tool-provider should represent and warrant that he will only use the data for the purposes entitled under the grant of rights scope. IT-Security? If anonymized data has been made accessible, you should ask for a covenant that he will not engage in re-identification practices and/or inform you if this happened accidentally. Depending on the size of data disclosed by you to the AI-tool-provider, your risk exposure might be too high on accuracy and quality of data. So make sure to limit your warranties (e.g. data is only provided "as is") and the liability with respect to that (e.g. by setting caps on damages recoverable or "suitability" of your data).
• Cybersecurity and/or audit rights: The AI-tool-provider should be held to treat your data with adequate care and security measures in place against unauthorized third parties. The more sensitive and personal the data you share is (see above), the more you should not only rely on warranties and contractual covenants but merely add specific cybersecurity requirements to the AI-tool-provider's "to do"-list. While you cannot always ensure/enforce this, a regular audit right will provide you with a tool to from time to time to assess whether the AI-tool-provider takes these things seriously or not. In the event of inaccuracies detected during an audit, the AI-tool-provider should be held to bear the costs.
• Term and Termination: You might say that term and termination are usual boilerplate provisions. That is true. But remember that in the context of AI-licensing, termination is an efficient tool to enforce compliance. Should you notice that your licensee uses data inadequately, early termination will be a powerful tool to discipline him. Some license terms even favor to condition the license upon compliance with all license terms which will render the license invalid automatically upon triggering any non-compliance event (as is often seen in open source software terms). This is another way of enforcing AI-licensing terms in a more direct manner. The contract duration itself is indeed a commercial aspect influencing the contract value and should be reflected in the price offering as well.
• Insurance: Consider whether AI-tool-provider should provide proof of some adequate insurance in place to make sure that he can actually bear the liability costs he is assuming as risks under his own warranty/ies.

5. This all sounds complicated and time consuming. Are there more simple and standardized ways of doing this?

Of course there are. It's a matter of time until standardized offerings of big AI-data collectors with own contractual terms will emerge. Some of these models have already emerged in the music industry and especially in the social media/news sector (take a look at terms of e.g. Reddit, a social news aggregator which reserves the right to use your shared data for AI-analytic purposes and further social media platforms doing the same).

It is also imaginable that large aggregators will in the longer term collect data from the market,  assemble it and then re-license it to AI-tool-providers. In the music industry, this role is already prevalent for music publishers, which e.g. sign songwriters and license content to collective rights organizations, record labels and media companies. In this context, you could likely "sell" your data to such large data collectors for them to commercialize it for you or on their own behalf.

Standardized agreements are also likely to emerge from the open source community. This would allow you as a data owner to disclose the content under a known open source license (you would have to indicate this somewhere online with "licensed under the OSS-terms of [name of OSS-organization] with license terms available under [link]). Nonetheless, from the view of a data owner, this model could be less attractive as it would prevent you from generating proceeds.

Outlook

AI-data-licensing is a newly emerging trend of licensing that will need more attention paid in the future. While there is some knowledge on traditional licensing agreements, AI-data-licensing is a little bit more intricate and should be dealt with delicacies required by the slightly different nature of "data" and AI's less predictable potential of exploiting such data.