"Industry of the future" or "Industry 4.0": industry is connecting. The material objects and equipment needed for production converge on digital and virtual tools to form one. Factories are connected, robotized, and smart. Data is the source material for many innovative projects in the industry. But what precautions should be taken in the development of such data projects? Can we use any type of data? How to organize the use of input data and who owns the data generated by processing technologies?

"Industry of the future" or "Industry 4.0": industry is connecting. The material objects and equipment needed for production converge on digital and virtual tools to form one. Factories are connected, robotized, and smart.

The plan announced by the Government on 20 September 2018, "Transforming our industry through digital technology", defines the industry of the future as "a set of transformations of production systems introduced by new technologies. Robotics, virtual or augmented reality, sensor networks and software, data processing, non-destructive testing... digital technologies allow industry to reinvent itself to gain agility and flexibility, but also to meet new requirements in terms of environmental and societal responsibility."

Data is the source material for many innovative projects in the industry (and in many other sectors). However, very often, economic actors don't really know:

  • the diversity of their data: what data do I have? What is their quality, their format?
  • their origin: where does my data come from? My equipment, third party equipment, external databases?
  • their location: where is my data located, hosted? Can I dispose of it freely?
  • and above all their economic potential: how to enhance the value of my data? For what aim?

A project involving the use of data requires a technical answer to these questions (1) but also to know the company's rights in order to process, cross-reference and interface data with technologies such as artificial intelligence (2).

The legal analysis must not have the effect of blocking the project but on the contrary to support it, to find agile solutions, to secure it in order to better enhance it. In addition, the implementation of data governance gradually removes a systematic legal analysis (3).

1. What data does the industry have?

The industry has heterogeneous data:

  • data from multiple sources: the data can come from sensors, equipment or connected objects, manual readings, supervision tools such as SCADA (Supervisory Control And Data Acquisition); they can also come from external sources such as weather data from Météo-France or data from third party partners.
  • heterogeneous data: this data can be of different format (image, text, sound, manual recording), of heterogeneous quality, be associated with more or less qualifying tags and metadata.
  • more or less structured data: the company can store its data in more or less hierarchical and structured data lakes, containers or clusters can group data, links between data can be organized. One of the major contributions of recent big data tools is their ability to process unstructured data.
  • but where is my data? In some cases the data is stored in data centers owned by the company or made available through a hosting contract. In other cases and in particular in the case of connected objects or equipment, the company operating the equipment does not necessarily have the data produced by it. To have this data, it is necessary to check your agreement with your equipment manufacturer and, if necessary, enter into negotiations.

It is important to ask yourself about the availability and maturity of your data to carry out an artificial intelligence project1.

Tool: Data inventory and classification by typology, origin, format, quality, location.

2. Data law, a right in "millefeuille"

While data is technically a heterogeneous and protean concept, it can also legally cover several legal qualifications and regimes.

There is no general right to data. They are specific rights to specific types of data. Some data are subject to a protective regime, others are subject to an open data regime, while others currently have no legal regime.

Data relating to a protection regime

The first and essential type of data: personal data. This data falls within the scope of General Data Protection Regulation 2016/679 (GDPR)2 and national laws on personal data3. Any processing of personal data implies the establishment of a secure framework of protection by default; the processing of special categories of personal data (relating to health or religion, political opinions, etc.). - Article 9 of the GDPR) require an additional level of security. All new projects must be designed in accordance with the obligations of this text, the objective of which is to organize the highest level of data protection for natural persons.

The second category of data includes confidential data or trade secrets. Directive 2016/9434 on the protection of trade secrets and the French transposition law n°2018-670 of 30 July 20185 organize the protection of trade secrets against any unlawful acquisition, use and disclosure. Business information, know-how and trade secrets are subject to a regime that punishes any unlawful use or appropriation. A non-disclosure agreement or clause may also contractually govern confidentiality on a type of data. Any processing of this data requires the prior authorization of its owner and special attention.

The third type of data is all data protected by an intellectual property right: copyright, trademark law, database law, patent law or design law are all private rights that prevent processing of these data without prior authorisation.

Tool: Data inventory and legal qualification of data / identification of data subject to a legal or contractual protection regime

Data relating to open data regime

The open public data allows everyone (legal entity as well as natural person) to freely use and process data produced or received by administrations, including for commercial purposes. The French law (code of relations between the public and the administration) provides a framework for the principles of openness and free reuse of this data. The www.data.gouv.fr website, the websites of local authorities like Paris (www.opendata.paris.fr), Rennes (www.data.rennesmetropole.fr), the south region (http://opendata.maregionsud.fr/), or the websites of Météo France (www.donneespubliques.meteofrance.fr), or Datatourisme (http://www.datatourisme.fr/) offer a large number of free downloadable data sets on economic, social, political, geographical and sociological life. The associated user licenses (Etalab or ODbL license) govern the conditions for reusing this data6.

Private legal entities may also choose to open some of their data to an ecosystem or the public.

The model of open data is to foster the emergence of innovative analyses, services or products.

Tool: Data inventory and legal qualification of data / identification of data subject to an open data regime and associated licence

Data that do not (yet) fall under any legal regime

In the context of the Digital Single Market and the initiative to create a European data-based economy, a draft regulation on the free flow of non-personal data7 was adopted by the European Parliament on October 4, 2018. The objective of this text is to promote free flow of data in order to "Europe get the best from the opportunities offered by digital progress and technologies such as artificial intelligence and supercomputers"8.

Data not covered by a private regime (by law or by agreement) are governed today by a praetorian principle of freedom of exploitation; tomorrow a regulation on the storage of non-personal data will govern the subject.

Tool: Monitoring the adoption of the European Regulation on the free movement of non-personal data

What is the status of the data generated by the processing technologies?

Data projects are rarely subject to contractual supervision when they are carried out with service providers who provide and sometimes specify the technology. In many cases, simple NDA (non-disclosure agreement) is concluded between the parties without the fate of the data generated from the technology being resolved.

In the absence of a contractual definition of the ownership rules relating to these data but also of the conditions for carrying out the service, there is a risk zone. Indeed, these data generated by the AI, for example, do not fall within one of the fields of protection listed above (see above "Data relating to a protection regime"). On the other hand, a principle of free use could apply. Finally, the innovative project must be framed by reciprocal commitments of investment, particularly human investment, and collaboration.

An agile, precise and efficient agreement must provide a framework for this innovative service and, above all, clarify the rights of the parties to the data generated according to the objectives and circumstances of the contractual relationship.

Tool: Service agreement - agile methods and iterations

3. Innovative project and data governance

This legal analysis of the data available and mobilized in the context of a project is necessary to ensure the legal security of the project, its enhancement and its internal and external deployment. The legal system must not constrain or prohibit, but on the contrary, it must bring confidence.

To achieve this, a data project involves the mobilization of business teams, IT and information security teams as well as legal experts. The work in "project mode" has here a real concretization.

A data project or a GDPR compliance project is also an opportunity to take a step back and think about how to facilitate the development of innovation around data by increasing agility without losing security. To do this, it is necessary to engage in a data governance approach, the main steps of which can be as follows:

Footnote

1 Article "Intelligence artificielle et industrie : vos données sont prêtes ?" (Artificial intelligence and industry: are your data ready?) by Amine Benhenni, 29 mars 2018 http://www.dataswati.com/2018/03/29/intelligence-artificielle-pour-lindustrie-vos-donnees-sont-pretes/

2 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

3 In France, Act No. 78-17 of 6 January 1978 on information technology, files and freedoms, amended in particular by Act No. 2018-493 of 20 June 2018 on the protection of personal data

4 Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure

5 Act No. 2018-670 of 30 July 2018 on the protection of business secrecy

6 As part of the Open Data Observatory of Territories project led by OpenDataFrance, a prefiguration map was developed, initially listing all local authorities (Municipalities, EPCIs with their own taxation, Departments and Regions) that produce and publish open public data: https://umap.openstreetmap.fr/fr/map/carte-odt-prefiguration_206077#5/47.710/-2.043

7 Proposal for a Regulation of the European Parliament and of the Council on a framework for the free flow of non-personal data in the European Union (COM(2017)495) https://ec.europa.eu/digital-single-market/en/news/proposal-regulation-european-parliament-and-council-framework-free-flow-non-personal-data

8 Joint statement by Vice-President Ansip and Commissioner Gabriel on the European Parliament's vote on the new EU rules facilitating the free flow of non-personal data

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.