Data is a weird thing. Legally speaking, at least. You see, data isn’t like any other type of intellectual property. 

If you write a book, create a picture, or write a computer program, copyright law protects that. You own it the second you type it and, if someone steals it, you can sue them and get damages. 

If you invent something, under patent law you can file a patent application. You own the invention and, similar to copyright law, if someone steals it,  you can sue and get damages. 

If you come up with the name of a company or a product, trademark law immediately protects it even if you don’t register it (but it’s better to register it). And, in case you are not seeing a pattern, yes, if someone steals it, you can sue and get damages. 

But no law protects data. You can’t copyright it, patent it, or trademark it. That has weird consequences. For example, it means that if you generate data or if someone generates data on your behalf, anyone can do anything they want with it - and you can’t sue and get damages. 

The only way to protect your data is through contract. That’s it. 

So let’s walk through an example of a typical use case with a typical contract: a drone operations platform. 

It’s a platform you love because it allows you to manage all of your teams, all of your drones, maintenance records, FAA certifications, etc., etc. You and your team spend almost all of your day on it. And so it knows every single detail about you: thousands of data types and rows upon rows of data logs. 

The drone ops contract, though, says absolutely nothing about all that data. So….

Q:  Who owns the data? A:  No one and everyone. 

Q:  What can the drone ops platform vendor do with the data? A:  Anything they want. 

Q:  Can I get a copy of the data so I can use it? A:  Only if the drone ops platform vendor feels like it. 

But the best question to ask is: what should you have done differently with that drone ops platform vendor? 

There are two datasets that you should think about: “Raw Data” and “De-Identified Aggregated and Derived Data?” 

What’s “Raw Data”? This is the data that you input into the drone ops platform or that is generated by you using the drone ops platform, e.g., data about the locations, the team, the drones you are flying, the missions, the customers, etc.  

What’s “De-Identified Aggregated and Derived Data”? This is the data that the drone ops platform vendor creates by stripping out all information that could identify you and combining it with other customer’s de-identified data. The drone ops platform vendor then can spot trends to not only help you but also help in their product development. This ultimately is better for you. 

Who owns what data? Well, you should own all Raw Data and the drone ops platform vendor should own all De-Identified Aggregated and Derived Data. 

So what contractual provisions do you need to achieve that? There are two provisions to add. But first a disclaimer. We are offering these as examples and not as legal advice. In other words, you need to get your own attorney to advise as to whether these provisions work for you or not. 

Customer Data. As between Customer and Vendor, Customer owns all right, title, and interest to the specific data and information about the Customer, its employees, and its customers submitted, processed, or stored by Customer using the Ops Platform (the “Customer Data”). Customer is solely responsible for the accuracy and quality of the Customer Data. The Parties agree that under no circumstances will Vendor be responsible or have any liability for Customer’s use of the Customer Data. 

Vendor Data. As between Customer and Vendor, Actabl owns (a) all the information, data, documents and any other output results generated by queries, data feeds, and any use of and access to the Ops Platform by Customer; (b) all aggregated, calculated, and/or derived data of or from Customer Data; (c) all data that is created by combining Customer Data with other data; and (d) all benchmarking, comparisons, and/or other analyses based on, incorporating, and/or derived from Customer Data. Sections 3.2(a), (b), (c) and (d) are collectively “Vendor Data.” Vendor will “de-identify” Vendor Data so that the Customer, users, and/or its customers cannot be identified. The Parties agree that under no circumstances will Customer be responsible or have any liability for Vendor’s use of the Vendor Data. 

These two provisions provide good balance between your needs as the Customer to control the data about you and the drone ops platform vendor’s needs to improve its products and eventually build other data products and services on top of its data. It’s a win-win for each party. 

So you are likely saying: “OK, that’s great, but the Customer Data is stuck in my drone ops platform vendor’s systems.” 

That is a big issue but not to worry. There are a few more provisions you should add. In the next article we’ll explore how to avoid vendor lock-in and then how to protect yourself in a data breach. 


About the Authors:

Justin Call is the Co-Founder and CEO of Modovolo, a start-up that's built a drone to carry any payload for hours instead of minutes at a cost far below anything on the market. You'll want to see it for yourself. He has been an executive at venture capital and private-equity-backed technology and data companies with three exits ranging from $1.5 billion to $130 million. He has deep experience in leveraging data to understand and build businesses.

Eno Umoh is an expert in marketing and business operations and is the co-founder of Global Air Media & The Global Air Drone Academy where he has taught in 26 countries over 18,000 students about drone technology, best practices, and how to make a drone business scale and get to profit. Eno collaborates with drone businesses to help them achieve their goals.