What is Fintech data?
A typical FinTech data stack is likely to contain customer data, transaction data, credit history data, card data, third party licensed-in data, publicly available data and social media data.
What do you need to be thinking about in regards to your data and its use?
- What are you getting? - What sort of data, who created it, and how?
- From where? - Is it from a data licensor, a website, or is it publicly available?
- When? - How often, in real time, or non-real time?
- How? - Are you getting the data from a data feed, website scraping, database or another method?
- Under what circumstances? - Is there a license in place, website terms and conditions, or is it open data?
- How are you using it? - What are you doing, what’s being created, do any IP rights apply?
Why do you need to think about input data?
- If there is no license, it does not mean that there are no IP rights in data, or that a license will not be imposed within the future
- Even if there is a license, you still need to understand the IP position because a breach of license could constitute infringement of IP. If you misuse a third party dataset which is protected by IP, the data owner could claim an account of the profit you make from the use of data in question
What IP rights might there be in data?
- Database right
- Database copyright
- Literary copyright
When does the database right arise?
- Is there a qualifying database?
- A qualifying database is a collection of independent works, arranged in a systematic way, individually accessible by electronic or other means
- If there is a qualifying database, does the database right subsist?
- For the right to subsist, there needs to be a substantial investment in either the obtaining, verifying or presenting the contents of the database
- If the right subsists, does the use of data constitute an infringement?
- Whether there is an extraction or reutilisation of a substantial part, or repeated extraction or reutilisation of insubstantial parts
What does the qualitative and quantitative assessment consist of?
- Qualitative - relates to the importance of the data taken. So you need to look at the scale of investment in obtaining, verifying or presenting the part of the data you are going to use
- Quantitative - the proportion of the volume of data lifted in relation to the total volume of the contents of the database
When does database copyright arise?
- This right applies where by reason of the selection or arrangement of the contents of the database, the database constitutes the author’s own intellectual creation
- If there are only a few ways of selecting or arranging, it is unlikely to be protected, However if there are a variety of different ways, and the database maker expends intellectual creativity in making that selection or arrangement, then the right is likely to apply
When does literary copyright arise?
- It could be relevant for example where data is contained in a report or other document. A report will be protected by copyright providing that it is original and constitutes the author’s own intellectual creation
- The copyright will be infringed if a substantial part of the report is copied
When is the law of confidence relevant?
Relevant where the following three criteria are met:
- The data constitutes confidential information - i.e. not something which is public knowledge
- The data has been disclosed in circumstances where there is an expressed or implied duty of confidence
- Whether your use of the data is a breach of the obligation of confidence which is owed - i.e. are you disclosing that data to a third party without consent, or are you going to use the data for a purpose that is not permitted?
What should you consider about the rights involving your output data?
- What are you doing with the data?
- Is there a manipulation of the data in a new/different way?
- Have you incorporated data with other data sets?
- Are you creating a master database?
- Are you producing reports?
What other rights and obligations that relate to data are important to consider?
- You need to be aware of contractual terms under in-bound licenses which might affect the creation, ownership and use of data, such as clauses on IP ownership, scope of license grants, restrictions on use of data and whether the creation of derived data is permitted
- Data protection law - without the right consents, you may not be able to use the data in the way that you want
- Regulation - how does the regulatory landscape affect your use/exploitation of the data? For example, are you receiving data under the open banking regime? Or are you obliged to make your data open?