New technologies in the courthouse:
How to restitute machine-generated data?
A fictional claim.
Claim for restitution of machine-generated data
XYZ Machine Learning GmbH
Schönherr Rechtsanwälte GmbH
123 Stolen Data OG
disclosure, restitution, injunctive relief
Amount in dispute:
Euro 43.200 (§ 5 Z 14, 29 AHK)
The claimant is the creator of machine-generated data, which is in the defendant's power of control.
Machine-generated data is information which is collected or stored through measurement, observation, statistical surveys or other activities by a machine or a product. Such data can be personalised or non-personalised. When machine-generated data enables the identification of a natural person it is considered personalised data, therefore the data protection rules, in particular the general data protection regulation, apply.
The defendant is supplier of the claimant. It uses a software developed in conjunction with the claimant. The software automated collects and analyses motion profiles of vehicles which were placed on the market by the claimant. The data collection and analysis is completely anonymised and without reference to a person. This automated collected data is relevant and valuable for the improvement and development of the claimant's vehicles. Partially, the titles of the vehicles placed on the market are retained (Eigentumsvorbehalt) (especially leasing vehicles). For 3 months, the defendant refuses to give the data to the claimant, and makes use of the data itself. The claimant does not have access to the data because it is saved in memory, where only accessible by the defendant.
Documents to be submitted; witnesses to be named.
Until now there is no explicit provision, either on national legal level or on Union level, which regulates to whom the rights of machine-generated, non-personal data belongs and whether ownership of the data can exist.
According to the current legal situation, an owner of an object can proceed with his/her object at his/her own discretion and he/she can exclude others from any effect. That means that ownership confers on the one hand positively, a comprehensive right of use, and on the other hand, the owner can exclude others from utilisation (negative right of defence).1 Since the data are indivisibly and logically connected with the vehicle, through which they generate analysis data, the claimant in any case derives (in so far as the vehicles are in favour of the claimant under the retention of title), the right of ownership over the vehicles that belong to the claimant through the retention of title and the right of ownership of the data as a negative right of defence.
Additionally, the claimant has copyright claims: The data, which are subjects of the proceedings are the result of a peculiar intellectual creation and therefore protected by copyright, as they are a direct result of the algorithm which is also created by the claimant as a joint author.2 The creator of a database however has the right of preventing the extraction and/or the reuse of the whole or a substantial part of the contents of a database. The data generated by the machine on behalf of the claimant are, therefore, attributable to the claimant as a creator of the database.3
Business secrets4 are protected against an unlawful appropriation as well as against an unlawful utilisation or disclosure. These machine-generated, non-personal data constitute an individualised analysis of the original driving behavior and are as such business secrets of the claimant and therefore protected against unlawful disclosure.5
The claim is among others based on the protection of business secrets. It is therefore a dispute over the infringement of industrial property rights. As a result, the commercial court of Vienna6 is exclusively competent.
The claimant therefore desires the following judgement:7
1. The defendant is liable to make available all data collected through the software of the claimant concerning the vehicle placed on the market by the claimant within 14 days.8
2. The defendant is liable to release all data according to section 1. in a structured common and machine-readable format,9 whereby the ascertainment of the data remains reserved until the successful announcement of the data according to the section 1 of the verdict.
3. The defendant is with immediate effect required to refrain from using the data under section 1. and /or essential parts of it, in particular of utilising the data for internal purposes, of transmitting or revealing the data to third parties.
4. The defendant is furthermore required to pay the claimant the legal costs according to § 19a RAO for the attention of the defendant´s representative within 14 days.
1 However, the condition is, that the data are objects in the meaning of the law. Objects are only material items and data by itself is not embodied, so there is no right of use established by property at the moment. According to the view of the European Commission, rights of the collected data can be attributed to either the producer of the machine or device, or to the economic operator, who operates and has paid for the machine or device. Furthermore, insurance companies, internet providers, and finally the State may have an interest in attaining the rights of the collected data. It remains open, to whom the rights of the collected data will belong and how they will be arranged. The justification of the capacity to sue (= the authority of the claimant to legally assert civil claims, which are entitled to him in his own name) seems to be challenging.
2 The defendant will oppose the fact that the machine-generated data sets lack originality in the sense of copyright, and thus preclude copyright protection.
3 The protection of databases and industrial property right designed as ancillary right basically grants the creator of the database only injunctive reliefs, removal claims and payment claims. A right of surrender of data is not expressly mentioned by the law.
4 Currently, there is a fundamental protection of business secrets via §§ 11 and 12 UWG as well as the general clause of § 1 UWG. This protection should be clarified and reinforced by the imminent implementation of the directive of protection of secrets (Geheimnisschutzrichtlinie).
5 The UWG also essentially provides injunctive relief and removal claims. A right of surrender of data is not expressly regulated in the UWG.
6 It seems unclear, if the rules of jurisdiction according to § 53 JN are applicable to the infringement of the business secrets. A transfer of the legal matter to the not obviously incompetent court of the defendant could be necessary.
7 To ensure the injunctive reliefs an application of an injunction (directed on the temporary omission for using the data) could be applied for. Additional a claim for surrender could be applied through an injunction.
8 In the Austrian civil procedure law, the principles of the certainty of the claim prevail. The claimant is supposed to concretise what it demands from the defendant. One exception to this rule is the "multi-stage claim" (Stufenklage). Thus, claims can be filed, even if the amount of the claim is not known. Therefore, the multistage claim could also work for the claim of surrender of data. In a first step, one can require the announcement of the data collected by the machine or the device and in the subsequent step the release of those data. It remains to be seen whether the courts will follow this approach.
9 If the right holder of the machine-generated, non-personal data has legal right of a special format of data, portability remains open. The analogous application of rules of the data-protection-basic regulation (Datenschutz-Grundverordnung) is conceivable in this case. In this regulation, the right of data portability is regulated. According to this the individual has a right to transfer his/her personal data from one responsible place to another in a structured, common and machine-readable format.
We're on top of legal developments in Austria and CEE. Are you? Subscribe to our weekly updates!
Austria: Machine Learning: Whom to Credit, Whom to Blame?