In the previous blog in this series, we dwelled on the meaning of dates and the impossibility of property law ownership on them. This blog looks at the solution to this observation: contract law.
Virtually all data nowadays is stored in the 'cloud'. The data is then stored online and therefore no longer needs to be stored on a traditional carrier (such as a CD-ROM). Contractual provisions are particularly important if data are stored in the cloud. After all, such data cannot be subject to ownership in the sense of property law and therefore cannot be revoked. The old-fashioned CD-ROM, on the other hand, is a thing and therefore subject to ownership. The CD-ROM can therefore be reclaimed. This blog will therefore focus on contractual provisions in agreements where data are shared or stored via the cloud.
Agreements where data is shared or stored usually have two parties. These are the providing party (party providing the data) and the receiving party (party receiving the data). The providing party could be, for example, an online webshop. This webshop owns a lot of data about its customers. If a customer buys something from the webshop, the data is added to the customer database. An external hosting provider ensures that the online shop runs on the internet and stores all the shop's data. In this case, the hosting provider is the receiving party. In the remainder of the blog, we look at agreements that the providing and receiving party can lay down in their agreement about sharing the data.
First of all, it is advisable to agree on the use of the data. As the providing party, you do not want the receiving party to use the data for its own purposes. For example, you want a hosting provider to store the received data and make it available online to the providing party, but you do not want the hosting provider to use your data to perform a market segmentation of its own customers. The latter can be prevented by making clear arrangements in the agreement. In such a case, the agreement should contain a clause stating (for example) that the data may only be used for the benefit of the providing party.
Besides properly delineating the use of the data, a prohibition on disclosing the data to third parties is also necessary. This can be accompanied by a confidentiality clause. In this way, third parties are prevented from accessing or disposing of the data.
A third clause that can be included in an agreement is an obligation to transfer the data to the providing party or a third party at the request of the providing party. We also call this the contractual right of revindication. It is also important that this clause also considers how the data should be transferred. Think about the format, but also about the division of costs between the parties.
However, it should be noted that a contractual right of revocation has no effect in bankruptcy. If the receiving party is declared bankrupt, the providing party cannot claim the return of the data by the receiver.
A contractual right of revocation alone is not enough. Such a clause only makes sense if removal of the data can also be effected after transfer. As a transferring party, it is also useful to enforce evidence of the deletion in the agreement.
The disadvantage of contractual agreements - compared to property in property law - is that the agreements only have effect against the contacting counterparty (in this case, the providing and receiving party). Therefore, should the receiving party nevertheless use data for its own purposes or provide the data to a third party, you as the providing party can in principle only sue the receiving party.
To create an additional incentive and ensure compliance with the contractual arrangements, a penalty clause can be included in the agreement.
In addition to a penalty, it is also advisable that the providing party can check whether the receiving party is fulfilling its obligations during the term of the agreement. Such a check is also called an audit and is very common. Of course, cost sharing should be considered even if the audit shows that the receiving party does not fulfil its obligations.
Finally, it is advisable for the providing party to exclude the power of suspension of the receiving party's obligations. Of course, it is important for the providing party to comply with the agreement, but in the unlikely event that it fails to do so, the exclusion prevents the receiving party from not complying with the stipulated restrictions regarding (the use of) the data.
As we wrote in this and previous blog in this series, it is important to make proper contractual agreements on the use, return and disposal of data, as there is no property in the sense of property law on data. Our specialists from Team Commercial Contracting and Team IE/ICT/Privacy will of course be happy to help you with issues surrounding the drafting of contracts or advice in this regard.