Data licence agreement: the foundation of legally compliant data access and usage

How can data be considered an economic asset?

Data is machine-readable information obtained by sensors. It is fundamentally different from other economic assets. It is not physical and is not tied to a specific storage medium. At the same time, it can be used by multiple people independently (data is 'non-rival').

Furthermore, data can be copied and stored at minimal cost without being subject to technical wear and tear. Only its relevance can decrease over time.

Legally, no ownership or possession rights can be established for data under the German Civil Code (BGB). It is also generally not considered for protection under copyright or patent law. Even protection under the Trade Secrets Act (GeschGehG) often fails because, as an economic asset, data is intended to be shared and is therefore not subject to the necessary confidentiality.

Data is fundamentally in the public domain and can be used and distributed freely, subject to legal restrictions, particularly data protection regulations. This makes contractual arrangements, such as data licensing agreements, all the more important in order to legally and economically secure access to and use of data.

What is a data licence?

Strictly speaking, there are no data licences. Since the rights to use data are not based on intellectual property rights, such as copyright or patent law, data licence agreements could also be referred to as data usage agreements. A data licence does not grant the user ownership or exclusive rights, but rather de facto control over the data for commercial exploitation.

However, their effect is comparable to that of traditional licences. Data licences are therefore also referred to as 'non-genuine' licences. In any case, they regulate the licensee's access to, and de facto use of, the data. Thus, largely legally unprotected intellectual property becomes a controlled digital resource.

Who needs a data licence agreement?

Since no property or intellectual property rights can be established for data, it can only be allocated economically on a contractual basis. This is particularly relevant for data-intensive applications, such as developing and training machine learning models or artificial intelligence.

Another example is provided by Art. 4 para. 13 of the Data Act, which relates to data from the Internet of Things (IoT). According to this article, the data controller may only use non-personal user data on the basis of a data licence agreement with the user. Given the Data Act, data licence agreements will become almost indispensable, particularly for SaaS solutions.

Furthermore, the requirements for data licence agreements can sometimes be combined with existing data processing agreements (DPAs). Data licence agreements are also becoming increasingly important in the public sector. According to Art. 5 of the Data Governance Act, public bodies must make transparent and publicly accessible the conditions and procedures for the further use of certain categories of data.

What components should a data licence agreement contain?

The following points play a key role in such agreements:

Definition of the data: what is the subject matter of the agreement?

The precise definition of the data is the pivotal point of every data licence agreement and one of the greatest challenges. As there are no legal definitions of specific data, or only vague ones, it is necessary to define exactly which data is covered by the agreement. Vague legal terms such as 'product data' or 'readily available data' in the Data Act offer little additional legal certainty.

If the data is known and available when the contract is concluded, using hash values is a proven approach. Each dataset is converted into a unique, immutable character string (hash). Should legal proceedings arise, it will be necessary to present the disputed data sets. In court, the submitted data can be re-hashed and compared with the agreed hash values. This comparison proves whether the submitted data sets match the data described in the contract. However, this method is ineffective if the data has yet to be collected or the data sources are unknown.

Another option is to specify the sensors that generate the relevant data. While this approach may seem precise at first, it presents two major challenges. Firstly, detailed knowledge of, and descriptions for, all relevant sensors is required, which is often difficult to achieve given the multitude of sensors installed in complex systems such as cars, aircraft, medical devices or machines. Secondly, it could cause problems if sensors are subsequently replaced or added.

In particular, data from the new sensors would not automatically be covered by the contract. Therefore, the licence holder would have no claim to this data. For this reason, the interfaces at which data from different sensors converge are often described. This approach is more flexible as it is independent of individual sensors and takes into account adjustments to the system, such as replacing or adding sensors.
Ultimately, the choice of method depends on the specific case in question. A combination of approaches often proves useful.

Data quality

Another key factor is data quality. High-quality data is essential for developing AI systems and training AI models, since high-quality output is impossible without it. Article 10(5) of the AI Act also places high demands on the quality of training, validation and test data sets for high-risk AI systems.

In particular, these must be statistically appropriate, representative and comprehensive. To meet these requirements, a contractual agreement on data quality is essential. As well as the points mentioned below regarding data protection and third-party intellectual property rights, the contract should include provisions regarding data accuracy, statistical representativeness, suitability for the intended purpose, and completeness.

Data protection and third-party property rights

Data protection law must also always be taken into account. Another key aspect is that data must not infringe the property rights of third parties. Otherwise, this could lead to considerable sanctions under data protection law or to AI models reproducing protected content - which would result in copyright problems in particular. If the data licence agreement violates a prohibition law, this can also lead to the contract becoming invalid in the worst case. To minimise these risks, licensees are well advised to oblige the licensor to provide anonymous and/or public domain data.

‘As is’ agreements

‘As is’ agreements are widely used in the B2B sector. These agreements state that the data is provided in its current state, and that the licensor assumes no liability for its quality, completeness, or usability. In effect, they exclude all warranty and defect rights, primarily benefiting the licensor. Licence holders often accept such clauses due to a lack of alternatives.

However, the Data Act could call into question the permissibility of such clauses in future. Art. 13 of the Data Act introduces a form of European legislation on general terms and conditions that prohibits unfair contract terms. In particular, Art. 13, para. 4 lit. b of the Data Act could be interpreted as restricting ‘as is’ clauses, as it prohibits clauses that exclude warranty or contractual liability.

This creates a certain degree of legal uncertainty. It remains to be seen how case law will develop in this regard. Until then, licensors in particular should exercise caution when drafting 'as is' clauses and carefully consider the associated risks.

Exclusivity

For the licence holder to pay a high amount for the data, it must be ensured that no other companies can use it. As data is legally in the public domain, ensuring exclusivity lies in the contractual structure. From a legal perspective, however, exclusivity agreements can be tricky.

Under the Data Act, the exclusive provision of data is generally permitted. However, the prohibition of discrimination under Art. 8 para. 3 of the Data Act sometimes comes into play in this context. According to this provision, data owners may not discriminate between comparable categories of data recipients with regard to the terms of provision. This primarily concerns the conditions of data provision, though, and does not exclude exclusivity agreements per se. As there is currently no case law on the Data Act, this remains an exciting area.

Art. 4 para. 1 of the Data Governance Act expressly prohibits exclusive agreements for the further use of data held by public bodies. Exceptions are only possible within very narrow limits.

At the same time, antitrust law also plays a key role. The exclusive provision of data by dominant companies can restrict competition. For example, exclusivity agreements can constitute an unfair restriction if another company depends on access to data controlled by the data owner for its own activities.

Whether and under what conditions exclusivity agreements are permissible always requires careful case-by-case examination. In principle, however, exclusivity agreements are a suitable instrument for safeguarding one's economic interests in the use of data.

Access to data or data access?

Actual access is a central prerequisite for the usability of the data. Therefore, access paths must be clearly defined in the contract. Access can be via the internet, a VPN or another secure connection, for example. A minimum download speed should also be agreed. To ensure secure access, the use of usernames and passwords should be agreed upon, and multi-factor authentication should be used if necessary.

Rights management should also be implemented to ensure that only authorised individuals can access the data. Further protective measures should also be taken into account, such as encrypting data during transmission and storage. It is essential to detail these aspects in the contract to ensure access to the data while minimising potential security and data protection risks.

Confidentiality

As data is in the public domain, a good data licence agreement should include comprehensive confidentiality and disclosure rules. In particular, the parties should stipulate the conditions under which the licence holder may disclose the provided data, and to whom. From a data security perspective, it is necessary to implement appropriate technical and organisational measures to ensure the confidentiality of the data.

What else is there to consider?

Data is often provided in exchange for something, which may be financial or access to analysis results or other benefits. The data licence agreement should also set out exactly how issues such as delayed provision or poor data quality are to be dealt with.

Transparency regarding costs and clear performance obligations are essential to avoid future conflicts. Other aspects that should be considered in a data licence agreement include ownership of analysis results obtained from the data and protection of trade secrets. These include determining who owns the analysis results obtained from the data, and protecting trade secrets.

Depending on the corporate structure of the contracting parties, antitrust issues, such as the exchange of price-relevant information between competitors, can also play a role. Data licence agreements are often structured as continuing obligations. Therefore, it is important to precisely regulate the contract term, termination rights and consequences of termination. From the licensee's perspective, effective exit management is particularly important to ensure continued use of the data and results after the contract ends.

How we do support you with data licence agreements

Drawing on our many years of experience in advising on data-intensive business models, we can provide you with comprehensive support when it comes to drafting and reviewing data licence agreements. We represent licensors and licensees alike, developing customised solutions that are perfectly tailored to your business model and legal requirements.

Our services include:

• Individual contract design: drafting legally compliant data licence agreements tailored to your needs.
• Review of existing contracts: We review and optimise your existing data licence agreements to minimise legal and commercial risks.
• Contract negotiations: We provide accompaniment and support during negotiations to assert and protect your interests legally.
• Legally compliant solutions: Consideration of current legal requirements, such as the Data Act, the Data Governance Act and the AI Act.

Protect your commercial interests and secure professional support. Contact us for a non-binding consultation.