Who Actually Owns "Your" Data?

by Scott Lewis

Part 1 of 2
We all think we know what Cloud computing is. We all use it in our private lives, in our business, or both. One question that we forget to ask ourselves in the rush to jump on the latest and greatest thing; who actually owns all that data? As we are beginning to learn, in most cases it is not you. Although it may not be popular, nor may it be the most politically correct answer, we are all starting to see what little control we have over the information about our business and us. The other big revelation is how little responsibility or accountability those who host or house this data have in securing it.

Data ownership - in most cases it comes down to how it was created and who created it. This can be a very complicated process to understand, but in some cases, the platform can be as important as who created the data. Cisco predicted that 60% of data would be created in software as service programs in 2018. This means that you are using the tools, templets and software of a hosted application in order to create data either within your personal life or within your business. This is where it gets muddy. Since you are using the tools owned by a platform provider, are they entitled to ownership of the work process used to create that data? The answer is maybe.

There are some clear-cut answers to parts of this. One being if you take a picture, then you are clearly the owner of that picture and therefore protected by copyright laws. Data created before uploading into the cloud has clear ownership and intellectual property claims by the creator or someone working on a paid basis for a business or organization. Data that has been created within the cloud could come with some strings attached. Making sure that you properly claim and protect your data and intellectual property is becoming more difficult as the legal processes have not really caught up with the pace of technology.

Now that cloud-based computing has become part of our lives, we have all started to become somewhat numb to the fact that we are being tracked and our activity monitored. Only when we find out it has been data mined and sold/used for something we do not agree with do we notice. Marketing and web-based systems have been tracking your activity for years. This is why the advertisements we get when we are on the internet or social media always seem to be related to your recent online activity. The problem may be bigger in the business world. What really happens to all those backups to the cloud? If you are using a service to back up your data what kind of protections do you have? How is that data being protected? What about transferability from one location to another or one vendor to another? Do my intellectual rights and data ownership claims follow the data? These are all very good questions and they all reside in the grey area of the legal system.

Social media, the number of social media sites, and the data we are putting on them are contributing to the greatest data collection process ever. This is not limited to just personal data put there by us, our kids, our friends and relatives, but now add in some business data. That business data could include marketing, promotions, public relations, new or former employees. The bottom line is we have created a data collection process that we simply don’t understand and the exposure of data we have yet to fully grasp.

In researching this topic on several popular systems, I found a common phrase within the service or social media licensing agreements - you know that legal stuff that you just scroll down to the bottom and click, “I Agree”. As I was reading through them I found myself thinking they do have very specific language around the client having ownership of the data. I was actually impressed, but then I found this common language “ah ha” moment. The language does vary from site to site but the meaning is pretty consistent…“To the extent necessary to provide the Services to you and others, to protect you and the Services, and to improve products and services, you grant a worldwide and royalty-free intellectual property license to use Your Content, for example, to make copies of, retain, transmit, reformat, display, and distribute via communication tools Your Content on the Services. If you publish Your Content in areas of the Service where it is available broadly online without restrictions, Your Content may appear in demonstrations or materials that promote the Service. Some of the Services are supported by advertising.”

Congress has taken steps to protect the intellectual rights and data ownership of data stored in the cloud with the Stored Communications Act or SCA. With any legislation, there are several parts to this, in one section it specifically states that when data resides on a cloud provider’s infrastructure, the user owner rights cannot be guaranteed. This goes back to the point of: just because you created it, the privacy of that data cannot be assured. The SCA also permits the government to seize data of American companies even if it is stored overseas. This section of the SCA is what lead Microsoft to take the U.S. Government to court to challenge if the government could use the SCA to pursue and seize data that is stored beyond the boundaries of the United States.

Microsoft’s challenge of the SCA could have far reaching impacts to the cloud based industries and the manner which data is stored. In 2013, the government used the SCA to issue a warrant in New York to search email accounts held by Microsoft. The server that the government obtained a warrant to search was housed inside a data center in Ireland. Microsoft challenged the warrant based on their feeling that the government could not search a server that was housed in another country. Ultimately, Microsoft’s challenge was denied based on what is called a hybrid warrant, which is similar to a subpoena, and the courts ruled that since government agents don’t actually have to enter the premises of the provider housing the server it saw no reason to invalidate the warrant. However, in July of 2016 a panel of three judges did in fact rule in favor of Microsoft. This has since been appealed to the United States Supreme Court, which is expected to make a decision sometime in 2018.

Scott Lewis is the President and CEO of Winning Technologies Group of Companies. Scott has more than 30 years of experience in the technology industry and is a nationally recognized speaker and author on technology subjects. Scott has worked with large and small business to empower them to use technology to improve work processes, increase productivity, and reduce costs. Scott has designed thousands of systems for large, medium and small companies and Winning Technologies goal is to work with companies on the selection, implementation, management and support of technology resources. Learn more about Winning Technologies at www.winningtech.com or call 877-379-8279.