Jane Kaufman Winn and James R. Wrathall, Who Owns the Customer? The Emerging Law of Commercial Transactions in Electronic Customer Data, 56 Bus. Law. 213 (2000), https://digitalcommons.law.uw.edu/faculty-articles/171
case studies, databases, e-commerce, European Union, Uniform Computer Information Transactions Act
The Information Revolution is changing the way commerce acted and value is defined within transactions. Before the Internet and "e-business" took center stage, "electronic commerce" meant electronic data interchange, just-in-time inventory systems, supply chain automation, and corporate reengineering.
But the rise of the Internet as a communications medium has coincided with a shift in management focus, from merely trying to improve the efficiency of business logistics systems to a more holistic perspective on improving customer relationships. Intangible assets such as intellectual property rights, human capital in the form of employee knowledge, and established relationships with customers and suppliers are playing an increasingly important role in both old economy and new economy businesses.
Computer databases are one form of intangible asset that have played an important role in business for decades. The use of customer databases is key to any strategy to build better relationships through electronic commerce. In recent years, there have been dramatic advances in the technology associated with building databases and analyzing the data they contain for competitive advantage. While data mining and customer profiling both antedate the rise of commercial Internet sites by many years, their use in business has become more visible and more controversial in recent years due to the ability of commercial Internet sites to collect new forms and greater quantities of customer data than was possible only a few years ago.
As a result of their growing size and sophistication, and because of the pivotal role they play in managing business relationships, customer databases are becoming an ever more valuable asset for both "bricks and mortar" and Internet businesses. The commercial law governing business-to-business transactions in customer databases has not kept up with the rapid pace of developments in business practice. Many interests in databases are not recognized as property rights under copyright or other intellectual property laws. Even a statute as newly-minted as the Uniform Computer Information Transactions Act (UCITA), which was finalized by the National Conference of Commissioners on Uniform State Laws in July 1999, is silent on many important issues raised by business transactions in data.
In addition, the question of what rights, if any, individuals have to control the use of personally identifiable data has become very controversial in recent years as the ability to collect and analyze personal data continues to outstrip laws governing the privacy rights of individuals whose personal data is stored in databases. Uncertainty also results where there is no express agreement among interested parties governing the collection and use of the data, or where one of the parties with an interest in the data seeks to change the rights of interested parties unilaterally by modifying an existing agreement or practice.
The number of parties claiming commercial interests in the same data is growing as electronic commerce marketing strategies become more interdependent and interconnected. With the trend towards "coopetition"—including vertical hubs, partnerships, strategic alliances, and other licensing arrangements—it may be difficult for transacting parties to determine whether they have obtained good title to database assets or are taking them subject to competing claims of ownership or claims in infringement of the rights of third parties.
These uncertainties are compounded by the rapid globalization of electronic commerce and the inconsistent legal standards applied in different jurisdictions. For example, current U.S. law governing commercial use of customer data may be incomplete and highly uncertain with regard to many issues raised by new applications for customer databases.
European Union (EU) law, by contrast, is often quite unambiguous in simply prohibiting or sharply curtailing a wide range of business practices U.S. firms consider unproblematic. Global transactions often are subject to these and other potentially conflicting bodies of law, creating additional legal risks with respect to database assets.
This Article explores the new business models and technological advances driving the growing business interest in customer databases and the uncertain and fragmentary state of the law applicable to these practices and technologies. The Article also discusses practical strategies businesses should consider to minimize the risks they face from collecting and using customer data for competitive advantage in electronic commerce markets. In recent years and months, many businesses have become involved in disputes with regulators, competitors, and customers as a result of changing conditions for the collection and use of customer data.
As context for the discussion of law and technology that follows, this Article summarizes seven case studies involving actual or potential conflicting claims in customer data. These cases illustrate the variety and significance of the legal issues being created by the ongoing shifts in practice and technology. Next, the Article provides an overview of the evolving business technologies fueling the explosive growth in the development and exploitation of customer databases. Computer networking, data capture opportunities, and data storage and analysis technologies are expanding rapidly. The pace of technological change is far exceeding the ability of the lawmakers to keep up, and indeed, some new technologies threaten to impair or even eliminate the practical ability to enforce legal rights in data.
This Article then summarizes the current U.S. legal framework for protection of database assets and the divergent EU data protection framework, respectively. Finally, the Article concludes with analysis and practical suggestions for managing risks in commercial transactions in data. Given the uncertainty in the law regarding new commercial applications for customer data, contract provisions will often assume paramount importance in establishing the parties' intentions regarding the value being created in new databases. However, the complexity of Internet commerce technologies and the interdependence of Internet businesses and their marketing strategies, combined with the unsettling impact bankruptcy law could have on such "virtual alliances," will limit the certainty any contract provisions can provide. Accordingly, businesses should carefully evaluate legal risks arising from significant transactions involving data and take practical as well as legal measures to avoid or reduce the risks created in the new electronic commerce environment.