ALTOM: Who owns your data? The answer might surprise you

Many years ago, I met a woman who had invested in a venture that bought pages out of centuries-old Bibles, copied them electronically, and reprinted them as collector’s items.

I asked her what security she’d placed around the electronic copies, and she acted surprised that she needed any. I explained that anybody with a computer and a phone line could make as many copies of her copies as he liked and send them hither and yon without her even knowing about it.

To this day, I’ve always wondered if doing so would have been a crime. She owned the physical sheets, and presumably the copies her company made, but the sheets themselves had never been copyrighted, so copying them wouldn’t be a violation of that law. Would it have been real theft, I wonder?

Thanks to similar oddities I’ve encountered over the years, I’ve been interested for a long time in the ownership of data and information. Businesses today are increasingly going online to interact with prospects, vendors, customers and clients, often using Facebook, Twitter, LinkedIn or some other social networking site to make and maintain contacts, and they leave copious data behind them like a contrail.

When you reveal information about yourself, do you still own or control it? And if you reveal something about someone else, who owns it then? Let’s say you store files on somebody’s server and he makes a backup. Do you own the data on that backup? If a client gives you data, do you own it, or does he? If you’re in the hospital, do you own your body’s readouts on the chart, or does the hospital? If you and a spouse have data somewhere in common and you get a divorce, who gets the data? How about when a partnership breaks down or a customer leaves you?

Many businesses are moving to cloud services, otherwise known as “SaaS” or “software as a service” rather than buying and installing software on their own computers. When you do that, who owns the data you accumulate there?

The question is even bigger than your own resume or Facebooked sex life. Today’s analytics firms dump unimaginable amounts of scoured data into their databases every day, without regard for ownership. Companies even make money on data when they can sell it indirectly. Ads on LinkedIn, for example, leverage the data members have left there to make money for the site. Like the old mailing lists of yesteryear, data itself has a marketplace, and in that marketplace you are the data, and you are the product, whether you want to be or not.

In the absence of agreements explicitly stating who owns what, the law around data ownership appears to be as murky as river mud. Different states may have different laws concerning data. Depending on the jurisdiction and circumstances, for example, a medical practice may own patient data outright, or it may only own the right to access it.

To clarify the situation, many vendors specify ownership in their terms of service. Google, for example, expressly disavows ownership of anything uploaded to it: “Some of our Services allow you to submit content. You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.”

But Google still retains the right to “use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content” for “operating, promoting, and improving our Services, and to develop new ones.” It even goes so far as to say that it keeps these rights if you stop using their services. What Google apparently giveth away upfront, it mostly taketh away a paragraph later. You may keep the literal ownership, but you can’t say what Google is going to do with it.

So in summary, there are two issues here: Who owns your data, and what data can you own? Neither question has clear answers, and the law is in flux. Older laws that govern physical objects have been forced into use, although most of them don’t apply well. Patent and copyright laws apply, but only in limited circumstances.

My advice is twofold. First, be careful what you reveal, and second, consult an attorney to draft a disclaimer that your customers or clients can sign making it clear who owns their “stuff” as Google might say, and what you can do with it.•


Altom is an independent local technology consultant. His column appears every other week. He can be reached at

Please enable JavaScript to view this content.

Story Continues Below

Editor's note: You can comment on IBJ stories by signing in to your IBJ account. If you have not registered, please sign up for a free account now. Please note our updated comment policy that will govern how comments are moderated.

{{ articles_remaining }}
Free {{ article_text }} Remaining
{{ articles_remaining }}
Free {{ article_text }} Remaining Article limit resets on
{{ count_down }}