top of page
Search

UNCCA Report: Working Group IV - 68th Session

Report on the United Nations Commission on International Trade Law Working Group IV

Sixty-eighth Session

New York 24-28 March 2025


Report – Dr Alan Davidson – Delegate representing Australia

Chair for the Working Group


This is the report of Dr Alan Davidson attending the UNCITRAL Working Group IV, the Sixty-eighth Session New York 24-28 March 2025. This was the fourth session at which the Working Group considered the topic Data Provision Contracting. This report outlines the issues discussed by the Working Group in relation to Data Contracting Rules.


The Working Group was guided by the “Default rules for data provision contracts (third revision)” prepared by the Secretariat at the direction of the Working Group. This draft and the Agenda are available here.


On a personal note, I was elected as Chair of the Working Group for the entire five-day session. I had previously been elected as Vice-Chair since 2022. I found chairing for the full week to be quite demanding, and limited my ability to take notes for this report. I thank the Secretariat for its assistance.

________________________________________


Side Events

In addition to the sessions on Data Provision Contracts, three side events were held during the week outside meeting times:

(a) a treaty ceremony for the deposit of Thailand’s instrument of accession to the Electronic Communications Convention

(b) a briefing on the ongoing secretariat project on UNCITRAL provisions on electronic commerce, end-to-end trade digitalisation and paperless trade

(c) an information session on work being carried out at within the European Union to develop model contractual terms for data access and use under the EU Data Act.


Data Provision Contracts

Background


The Working Group continued discussions regarding the draft Rules on Data Contracting. The final form of these provisions remains open, that is whether the Rules will be formulated as general principles, a Model Law, or template clauses. The Working Group also focused on fundamental concepts where there appeared to be significant divergence between delegations. The Working Group considered the third version of the draft Rules (available here) with discussions on fundamental concepts flagged for this March 2025 session. The topic of data provision contracts was the sole substantive item on the agenda of the Working Group following completion of work on the topic of the use of artificial intelligence and automation in contracting at its sixty-seventh session in Vienna, November 2024) which culminated in the Model Law on Automated Contracting.

________________________________________


Data Provision Contracts

The Working Group agreed to proceed with an article-by-article read-through of the draft rules, starting with article 5. As Chair I determined that the introductory provisions on Definitions, Scope of Application, Party Autonomy and Interpretation, would be best left until the substantive issues had been discussed. I assumed we would complete our discussions of the substantive issues and return to the introductory articles. However, this was not the case.

The Working Group initially had mixed discussions on the notion of “passive” provision of data. There was the risk that this may be conflated with giving access to the data. It also risked blurring the line between data provision and supply of digital content and services. Thursday morning was set aside to have a dedicated discussion on this issue. A summary appears at the end of this Report.

_______________________________


Article 1. Definitions

For the purpose of these rules:

(a) “Data” means a representation of information in electronic form or other form suitable for processing11 in an information system;

(b) “Using” data includes performing one or more operations involved in the processing of data, such as sharing, porting, transferring or providing data.


Article 2. Scope of application

1. These rules apply to contracts for the provision of data under which one party (the “data provider”) provides data [that it holds] to another party (the “data recipient”), whether or not with the involvement of a third party.

2. These rules do not apply to contracts for the supply of software.

[3. These rules do not apply to contracts concluded [by a data provider] for personal, family or household purposes[, unless the data provider, at any time before or at the conclusion of the contract, neither knew nor ought to have known that the data recipient was acting for any such purposes].]

4. Nothing in these rules affects the application of any rule of law that may govern the provision of data, including laws related to data privacy and protection, the protection of consumers, trade secrets or intellectual property.


Article 3. Party autonomy

1. The parties may derogate from or vary by agreement any of these rules.

2. Such an agreement does not affect the rights of any person that is not a party to that agreement.


Article 4. Interpretation

1. In the interpretation of these rules, regard is to be had to their international origin and to the need to promote uniformity in their application and the observance of good faith in international trade.

2. Questions concerning matters governed by these rules which are not expressly settled therein are to be settled in conformity with the general principles on which they are based.


Article 5. Obligation to provide the data

1. The data provider shall provide the data to the data recipient as required by the contract and these rules.


2. The obligation of the data provider in paragraph 1 consists of making the data available to the data recipient. giving the data recipient access to the data[, including any information necessary to access the data].


Article 5 establishes a general obligation of the data provider to provide the data, while article 6 established a default rule on the mode of providing the data.

It was suggested to supplement paragraph 1 to require the data provider to ensure that the data was accurate, complete, and provided in a timely manner. However, it was noted that these requirements flowed from articles 7 and 8 and it was therefore not necessary to expressly signal those requirements in article 5.


The Working Group discussed the “active” and “passive” provision of data referring to earlier discussion. It became apparent that the Working Group would benefit from a dedicated discussion on this issue and as Chair I proposed that we dedicate Thursday morning to this discussion. (This is summarised at the end of this report).


Generally, the Working Group accepted the view that insofar as paragraph 2 equated the obligation in paragraph 1 to “provide the data” with “giving … access to the data”, the current formulation of article 5 sufficiently achieved that goal. However, a concern was expressed that the bracketed text in paragraph 2 presupposed only the active provision of data. Accordingly, the Working Group agreed to delete the bracketed text.

A debate followed concerning the meaning of the concept of giving or gaining “access”. One view expressed concern regarding an interpretation which risked going against party autonomy and technology neutrality, as access arrangements were matters for the parties. Another view proposed inserting text (i) making the data usable to the data recipient and (ii) putting the data recipient in the position to read and use the data. The Working Group was reminded of earlier observations that the “usability” of data was an element of data conformity rather than of data provision.


A suggestion was made to focus on making the data “available”, which, was a more technologically neutral concept than giving “access” to the data and better accommodated any mode of provision. Reference was made to remarks on the second revision of the default rules that data “availability” was a “factual matter concerned with whether the data recipient is in a position to use the data”. Accordingly, the Working Group agreed to amend paragraph 2 by replacing the words “giving the data recipient access to the data” with “making the data available to the data recipient”.


Article 6. Mode of provision of the data

The data provider shall give the data recipient access to the data shall make the data available to the data recipient by the mode agreed upon by the parties, including by:

(a) Delivering the data to an information system outside the control of the data provider that is designated by the data recipient; or

(b) Making the data available to the data recipient in an information system under the control of the data provider.

Due to the amendments to article 5(2), the chapeau of article 6 was altered to replace the words “shall give the data recipient access to the data” with “shall make the data available to the data recipient”.


Concern was expressed for ensuring that article 6 sufficiently accommodated different business models. It was noted that references to “an information system outside (or under) the ‘control’” of the parties did not sufficiently accommodate the use of third-party intermediaries or decentralised data environments. It was suggested to refer more broadly to the provision of data through an agreed system or platform. Any change to article 6 would need to be reflected in article 9(2) which assumed that data provided under paragraph 6(b) was in a system under the control of the data provider.


Concern was also expressed that paragraphs (a) and (b) was illustrative only, and not a default rule. However, the importance of retaining the list as it served an educative function was noted. It was suggested to simplify article 6 by reformulating paragraph (a) to refer to “delivering the data to the data recipient” and paragraph (b) to refer to “giving the data recipient access to the data”. This wording distinguishes between different modes of provision while maintaining flexibility and avoiding an overly prescriptive approach. By referring to “access”, paragraph (b) would accommodate both the “active” and “passive” provision of data. To define the concept of “passive” provision of data with greater specificity, it was proposed to draw a further distinction between:

(a) “Enabling access”, by which the data provider took proactive steps to arrange access for the data recipient; and

(b) “Allowing access”, by which the data provider merely refrained from limiting or impeding access by the data recipient.


It was noted that “allowing access” to the data would more closely reflect “contracts for authorization to access” as covered by Principle 10 of the Principles for a Data Economy, jointly developed by the American Law Institute and European Law Institute (ALI/ELI Principles). It was thus suggested to amend paragraph (b) to refer to the data provider “enabling access” and to insert a new paragraph (c) to refer the data provider “allowing access”. To complete this approach, paragraph (a) was amended to refer to the data provider taking steps to export the data from its system.


The Working Group heard examples involving the “passive” provision of data that would engage the new paragraph (c). The case was presented of a farming corporation operating a connected tractor, which entered into a transaction by which it allowed a producer of fertiliser to access data generated by the tractor which was held by the tractor manufacturer. It was noted that the farming corporation had little or no control over the data that was provided or the means by which the data could be accessed, and therefore only played a passive role in the flow of data.


After discussion, the Working Group agreed to reserve its decision on further amendments to article 6 until it had considered the rules on data conformity and data use, and whether and how a differentiated regime should apply to the “passive” provision of data.


Article 7. Timing of provision of the data

1. The data provider shall provide the data according to the time frame fixed by or determinable from the contract.

2. If no time frame is fixed by or determinable from the contract, the data provider shall provide the data: without undue delay.

(a) if the data is available to the data provider at the time of the conclusion of the contract, without undue delay;

(b) in all other cases, as soon as practicable after the data is available to the data provider.

Broad support was expressed for retaining paragraph 1, which deferred to the time frame fixed by or determinable from the contract. It was suggested that article 7 could be drafted in a manner more specific to data use, for instance, by referring to real-time data access.

Support was expressed for requiring the provision of data “without undue delay” as a fallback rule under paragraph 2. However, it was indicated that the formulation allocated the risk for delay on the data recipient, which was considered as undesirable as the obligation to provide data in a timely manner was imposed on the data provider and the data recipient would not ordinarily be in a position to ascertain whether the data was available to the data provider. The burden to depart from the default rule should be placed on the data provider.

After discussion, the Working Group agreed to delete subparagraphs 7(2)(a) and (b) and to insert “without undue delay” at the end of the paragraph


Article 8. Conformity of the data

1. The data shall be of the quantity, quality and description required by the contract. as agreed by the parties.

2. In addition, the data shall:

(a) [Be fit for the purposes for which data of the same description would ordinarily be used][Possess the characteristics that may reasonably be expected of data provided by the data provider in the circumstances];

(b) Be fit for any particular purpose expressly or impliedly made known to the data provider at the time of the conclusion of the contract, except where the circumstances show that the data recipient did not rely, or that it was unreasonable for the data recipient to rely, on the data provider’s skill and judgment;

(c) Possess the characteristics which the data provider has held out to the data recipient as a sample or model; and

(d) Possess the characteristics in accordance with any representations that the data provider makes with respect to the data.

3. The data shall be provided:

(a) In compliance with applicable law; and

(b) Free from any right or claim of a third party which impedes the use of the data under the contract or these rules and of which, at the time of the conclusion of the contract, the data provider knew or could not have been unaware.

4. Where appropriate, the parties shall agree on procedures for assessing the conformity of the data and remedying any lack of conformity.

5. In assessing whether the data conforms with the contract under paragraphs 1 and 2, regard is to be had to:

(a) All relevant characteristics of the data, including its authenticity, integrity, completeness, accuracy and currency, as well as the format and structure of the data; and

(b) Any agreement between the parties under paragraph 4 or applicable industry standards.

[6. The data recipient shall notify the data provider of any lack of conformity of the data within a reasonable time after discovering it.]

[7. As between the parties, the data provider shall not bear the legal consequences of any lack of conformity of the data under paragraphs 2 or 3 if, at the time of the conclusion of the contract, the data recipient knew or could not have been unaware of such lack of conformity.]

The Working Group discussed the applicability of the data conformity rules with the features of both “active” and “passive” provision of data. Typically, the “passive” data provider would have little control over the data that was provided. Different views were expressed. On one view, there should be no default rules on data conformity. On another view, a different set of default rules should apply. On yet another view, the conformity standards should be formulated to accommodate both the “active” and “passive” provision of data. It was observed that paragraph 1 already accommodated the “passive” provision of data by deferring to the contract, while modifications would need to be made to paragraphs 2 and 3.


A focused discussion followed considering the treatment of the “passive” provision of data.

Paragraph 1 - Paragraph 1 reflects a baseline requirement that the data should conform to the contract. It was suggested that this position would be better expressed by replacing the words “required by the contract” with “as stipulated or agreed to by the parties”, or words to that effect.


It was suggested to expand the list of characteristics to include functionality, compatibility and interoperability. The Working Group also heard suggestions to require the data to be provided in an accurate, complete and secure manner, as well as in a transparent and timely manner. However, it was observed that paragraph 1 sufficiently encompassed a wide range of data provision scenarios and that some of the suggested additional requirements would be better addressed in articles 6 and 7. It was also noted that paragraph 5 allowed for additional characteristics to be taken into account when assessing conformity, and that the parties could always agree to additional conformity standards.


The terms “quality”, “quantity” and “description” were drawn from article 35(1) of the CISG, although some expressed doubt whether the terms applied to the provision of data. A suggestion was made to delete the terms altogether, so that paragraph 1 simply required the data to conform to the contract.


The Working Group agreed to amend paragraph 1 to read: “The data shall be of the quantity, quality and description as agreed by the parties.”


Paragraph 2 - With respect to subparagraph 2(a), support was expressed to retain the text in the second set of square brackets only. The text in the second set established a more suitable and objective conformity standard for data transactions, particularly given the absence of established “ordinary uses” in many contractual contexts.


With reference to subparagraphs (b) and (c), a query was raised as to whether the “skill” and “judgment” of the vendor, or the use of samples or models, were relevant in the context of data transactions. The subparagraphs were based on article 35(2)(a) and (b) of the CISG and similar conformity standards were found in the ALI/ELI Principles. It was noted that, in practice, vendors do provide sample data sets and database models. It was suggested that, with the deletion of the standard of fitness for ordinary purposes in subparagraph (a), subparagraph (b) could refer simply to “any purpose”. In response, it was noted that the term “any particular purpose” was established and should be retained. The Working Group agreed to retain subparagraphs (b) and (c) without amendment.


Subparagraph (d) covers only precontractual statements and potentially other statements made by the data provider. It was added that, while made in the context of the contract, such statements did not necessarily form part of the contract, and a question was raised as to whether subparagraph (d) had the potential to override the terms of the contract. Support was expressed for deleting the subparagraph. The Working Group notes that under applicable law, representations made by the data provider about the data could be incorporated into the contract or affect the interpretation of its terms.


Paragraph 3 - A question was raised about the meaning for data to be provided “in compliance with applicable law”, and whether it included the law applicable to the performance of the contract, or mandatory laws, such as data privacy and protection laws, that governed the activities of the data provider. It was discussed, that the requirement was concerned with mandatory laws whose application was preserved by article 2(4).


A concern was expressed that the rule in subparagraph (b) did not sufficiently acknowledge that data provided was often encumbered by intellectual property rights, trade secrets and other third-party rights. It was suggested that, rather than require the data to be provided “free from any right or claim of a third party which impedes” its use, subparagraph (b) should require the data to be provided “respecting any right or claim of a third party that may limit or specify” that use. In response, it was observed that the suggested amendment shifted the burden of procuring required consents from the data provider to the data recipient, and that it was preferable for the default rule to place that burden on the data provider. The default rule was modelled on articles 41 and 42 of the CISG, but applied only to rights and claims that impeded the use of the data under the contract or the default rules. This adaptation reflected a concern for ensuring that the data recipient could exercise its rights to use the data under article 9 and that it prompted the data provider to specify any limits on the use of the data in the contract.

The Working Group agreed to retain paragraph 3 without amendment.


Paragraph 4 - It was indicated that paragraph 4 was overly prescriptive, that it encroached on party autonomy, and that the consequences for a failure to agree were unclear. For these reasons, it was suggested that it should be deleted.

It was also noted that paragraph 4 reflected a common practice to establish an assessment procedure, which benefited both parties. It was suggested that the provision could be recast as a default rule in the context of the duty of the parties to cooperate. Pending further discussions, the Working Group agreed to delete paragraph 4.


Paragraph 5 - It was indicated that subparagraph (b) needed to be amended or deleted in light of the decision to delete paragraph 4. Nevertheless, it was observed that paragraph 5 still served a useful purpose as a default rule in the absence of any agreement between the parties on procedures for assessing conformity, and that therefore it could be retained in that context. It was added that, in any case, the agreement of the parties on the assessment procedure should be respected.


Paragraph 6 - It was indicated that paragraph 6 was overly prescriptive, that it was unfit for data transactions as conformity of data, was less easy to assess than conformity of goods, and that the consequences for failing to notify lack of conformity were unclear. It was added that the obligation to notify could penalise data recipients, especially small and medium-sized enterprises, which were not able to detect non-conformity in a timely manner. For these reasons, it was suggested to delete paragraph 6 so that the matter would fall under applicable law. A suggestion was also made to measure that time from assessment of conformity rather than discovery of non-conformity.

In response, others noted that the rule played a useful role in the management of contracts for the sale of goods (see articles 38 and 39 of the CISG) and might do likewise for data transactions.


It was noted that conformity assessment procedures consisted of monitoring data provision, inspecting data and notifying any lack of conformity. It was stressed that data was an experience good whose quality could be assessed only after use, and that therefore the rules applicable to inspection of tangible goods should be adapted to data transactions. It was added that notification was an informal notion compatible with various means of communication.


The Working Group agreed to delete paragraphs 4 and 6 in their current form, and to reconsider the content of those paragraphs, together with paragraphs 5 and 7, in the context of default rules on non-performance, possibly as a discrete article on conformity assessment (complementing the conformity standards in article 8 and remedies in article 12). It was stressed that such provision should specify the consequences for non-compliance, clearly identify the protected parties, and take into account the specific features of data transactions, including the “passive” provision of data.


Article 9. Use of the [provided] data

1. Subject to paragraph 2, as between the parties to the contract:

(a) The data recipient is entitled to use the data [in perpetuity] for any lawful purpose and by any lawful means[, except that the data recipient is entitled to provide the data to a third party only as agreed by the parties];

(b) The data provider is entitled to continue using the data [only as agreed by the parties].

2. If the data is provided under paragraph (b) of article 6:

(a) The data provider shall provide the data recipient with the means necessary to use the data under the contract and these rules;

(b) The data recipient shall apply those means and is entitled to use the data within the limits of those means;

(c) [The data provider is entitled to continue using the data, including by providing it to a third party.] 

As between the parties and unless otherwise agreed:

(a) The data recipient is entitled to use the data for any lawful purpose and by any lawful means;

(b) The data recipient is entitled to use the data for an unlimited period of time;

(c) The data recipient is not entitled to provide the data to a third party;

(d) The data provider is entitled to continue to use the data; and

(e) The data provider is entitled to provide the data to a third party.

It was noted that the regime established by article 9 applied different default rules depending on the mode of provision of the data. There was extensive discussion on the various types of use, including whether access is linked to a system controlled by the data provider which may be akin to a “licence” model. However, the data recipient might be able to port the data to another system, in which case the arrangement would be more akin to a “sale” model. There was broad support to decouple the default rules on use of data from the mode of provision.


It was noted that the exercise of rights to use the data was linked to the technical means available to use the data. The exercise of those rights was subject to contract law and other applicable laws, including those whose application was preserved by article 2(4). The definition of “use” in article 1 may need to be revisited. It was observed that while the onward provision of data was specifically addressed in article 9, the porting of data was not.

The Working Group agreed to reinsert the word “provided” in the title of article 9, but to do so in square brackets, given that the article dealt with rights of the data provider in data which might not be regarded as “provided data”.


Paragraph 1 - Paragraph 1 establishes default rules defined by reference to (i) the purpose and means of use, (ii) the period of time for use, (iii) the exclusivity of use, and (iv) the involvement of third parties. Broad support was expressed for addressing these issues.

With respect to (i), there was agreement that the data recipient should be entitled to use the data for any lawful purpose and any lawful means.


With respect to (ii), there was agreement that the data recipient should be entitled to use the data beyond the term of the contract. However, the term “in perpetuity” was questioned. Granting a right in perpetuity could be seen to exceed the limits of domestic law and the freedom of contract, and could imply an obligation to support permanent access to the data. Accordingly, it was suggested to refer to the use of data “indefinitely” or “for an unlimited period of time”. A preference emerged for the latter formulation which, it was observed, signalled that the parties could depart from the default rule by limiting the period in the contract. It was added that, given the connection between the period of time for use and the term of the contract, default rules on contract termination could be desirable. It was observed that a right to use the data for an unlimited period of time did not imply that the right of the data recipient to access an information system controlled by the data provider survived the expiry or earlier termination of the contract.


With respect to (iii), there was broad agreement that the data provider should be entitled to continue to use the data. The economic importance of such a default setting was stressed, noting that data providers were commonly in the business of offering standardised data products to the market. However, it was noted that the data provider might be commissioned to develop a specific data product. In response, it was noted that such a transaction would ordinarily involve sophisticated parties who would address use rights in their contract and not rely on the default rules. A question about the need to retain the word “continue” arose, and it was explained that the term indicated that the data provider reserved the right to use the data regardless of its actual use.


With respect to (iv), there was agreement that, while the data provider should be entitled to provide the data to a third party, the data recipient should not be so entitled. The economic importance of such a default setting was stressed, noting that the onward provision of the data by the data recipient could undercut the data provider’s business.


A concern was expressed that a blanket prohibition on providing the data to third parties might be too restrictive, as there might be scenarios in which the data recipient could be justified in sharing the data with third parties. Examples were given of third-party service providers storing the data on behalf of the data recipient and third-party associates engaged in the joint exploitation of the data. It was generally agreed that the default rules should not prevent the sharing of data in these scenarios and that the rules should accommodate data pooling arrangements. The Working Group heard suggestions for accommodating such scenarios. One option, which received broad support, was to retain the default rule and to elaborate in an explanatory note the scenarios in which the parties might depart from the default rule. Another option was to refocus the default rule on transferring the rights to use the data. Yet another option was to define the concept of “data recipient” as a person interested in the content or semantic value of the data. These options did not receive consensus within the Working Group. It was noted that accommodating the scenarios in the default rules would offer little protection to the data provider, which had no control over how another (downstream) data recipient used the data.


There was broad support for formulating the default rule by replacing “only as agreed by the parties” with “unless otherwise agreed”. This expression could apply to each default rule and should therefore be inserted in the chapeau of paragraph 1. It was noted that the words could be regarded as redundant in view of article 3, however, there was broad agreement that such a proviso nevertheless served a useful purpose in clarifying the application of the default rules.


The Working Group concluded its deliberations on paragraph 1 by agreeing to formulate the default rules along the following lines:

As between the parties and unless otherwise agreed:

(a) The data recipient is entitled to use the data for any lawful purpose and by any lawful means;

(b) The data recipient is entitled to use the data for an unlimited period of time;

(c) The data recipient is not entitled to provide the data to a third party;

(d) The data provider is entitled to continue to use the data; and

(e) The data provider is entitled to provide the data to a third party.


The Working Group heard suggestions to establish default rules on the obligation of the data recipient to dispose of the data upon expiry or earlier termination of the contract and to respect third party rights when using the data. It was determined to consider these suggestions when considering on the obligations of the parties in article 11.

Paragraph 2 - There was a suggestion to delete paragraph 2 entirely and to leave the issue to contract interpretation. After discussion, the Working Group agreed to delete paragraph 2 and to revisit the issue in its future consideration of articles 5 and 6. It was noted that the rule contained in subparagraph (2)(c) had been superseded by the recast of paragraph 1.

Prior to this, there was a substantial discussion on paragraph 2 relating to the interplay of provisions relating to mode of provision, the impact on the “passive” provision of data, and the concept on means. A thorough summary of this discussion appears in the UNCITRAL final report (yet to be released), but given the decision to delete, this is omitted in this report.


Article 10 Derived data

1. As between the parties to the contract, the data recipient is entitled to use any data that it generates (“derived data”) by processing the data provided under the contract, including by combining the data with other data[, except that the data recipient is entitled to provide derived data to a third party only if it is sufficiently distinct from the data provided under the contract].

[2. In determining whether the derived data is sufficiently distinct for the purposes of paragraph 1, regard is to be had to:

(a) Whether data that is essentially identical to the data provided under the contract can be generated by processing the derived data, including by way of reverse engineering; and

(b) Whether the derived data can be used as a substitute for the data provided under the contract.]


The Working Group noted the complementary nature between articles 9 and 10. Article 10 was premised on the data recipient (i) not being entitled under article 9 to pass on the data to a third party, (ii) on data not being an object of property rights like goods, and (iii) the data provider having little control over the downstream processing of data.


Support was expressed for derived data to be “sufficiently distinct” from provided data, although the ability to apply the test in practice was questioned. One view was that the test should be applied to information contained in the data rather than the data itself.

The factors in paragraph 2 for applying the test were generally found appropriate. Additional factors were suggested, including the degree to which:

(a) The generation of the derived data involved investment;

(b) The derived data inferred additional insights;

(c) The derived data represented new content or semantic value unknown to the data provider;

(d) The onward provision of the derived data harmed the economic interests of the data provider that article 9 sought to protect.

It was suggested to present the factors in a non-mandatory, non-exhaustive list. All factors reflected a concern for the derived data to be distinct from the provided data in structure and value. It was cautioned that the additional factors should not replace the factors in paragraph 2, as investment and new content alone did not guarantee that the data could neither be reverse engineered nor substitute the provided data. The generation of derived data was also distinguished from the anonymisation and aggregation of personal data.

As this was a relatively new area for discussion and with time running short, the Working Group asked the secretariat to revise article 10 to reflect the various suggestions put forward.


Article 11 Common obligations of the data provider and data recipient

1. Each party shall cooperate with the other party when such cooperation may reasonably be expected for the performance of that party’s obligations under the contract and these rules.

[2. Each party shall give notice to the other party of any data breach affecting the provision of the data within a reasonable time after becoming aware of the data breach.]

[3. Each party shall give notice to the other party of any impediment to the use of the data arising from a right or claim of a third party without delay after becoming aware of the right or claim.]

The aim of article 11 is to assist the parties in the performance of the contract and, as such, was linked to article 9.

Paragraph 1 contained a general duty of cooperation, however it was noted that this approach was rare in uniform contract law texts. Nevertheless, the view was expressed that the default rules should promote cooperation between the parties in performing the contract, possibly under the good faith principle.

It was considered that it is not appropriate to formulate paragraphs 2 and 3 as obligations. The consequences of non-performance were not specified, although it was noted that similar rules were common in business practice and that non-performance entailed compensation for damages. Another view was that the consequences should be dealt with in the context of article 12 (Non-performance).

It was suggested to limit the application of paragraph 2 to serious data breaches; however the Working Group is yet to define this notion. It was alternatively suggested to require notification of all circumstances hindering data provision.

Reference was made to Principle 32 of the ALI/ELI Principles (on the duties of a supplier in the context of onward supply) as inspiration for a possible new rule to supplement paragraph 3 on passing obligations to respect third-party rights in provided data.

After discussion, the Working Group agreed to redraft paragraph 1 in light of the principle of good faith and to place paragraphs 2 and 3 in square brackets.


Article 12. Non-performance

1. Nothing in these rules affects the application of any rule of law that may govern the legal consequences of a failure of a party to perform its obligations under the contract or these rules.

[2. If the data provider fails to perform its obligations under articles 6 or 7, the data recipient may require performance by the data provider in accordance with applicable law.]

[3. If the data provider is entitled by law to claim restitution from the data recipient of data provided under the contract, that requirement may be met by the data recipient erasing the data from any information system under its control, provided that the data provider remains in a position to use the data.]

The Working Group did not have time to discuss the provisions of Article 12. We will deal with article 12, the introductory articles and then review the provisions covered.

______________________


Passive” provision of data

It became apparent on Day1 that the Working Group would benefit form a session dealing with the meaning of the passive provision of data. As Chair I proposed that we allocate time on Thursday morning for this purpose. I anticipated a discussion of 30 minutes; however, the discussion took some 90 minutes. The ALI/ELI Principles deal with this concept, and so I approached the Observers from the ALI and the ELI, both of whom were present and had made beneficial contributions. At the suggesting of the ALI Observer, I also requested one of the US delegates to join in the introduction of this discussion. In addition, multiple delegates and observers provides example and made useful contributions.


The Working Group observed that the notion of “passive” provision was confusing and risked being conflated with giving access to the data. It also risked blurring the line between data provision and supply of digital content and services. Reference was made to Principle 10 of the ALI/ELI Principles, which established a special set of default terms that applied where, in light of the passive nature of their anticipated conduct under the contract and their lack of meaningful influence on the transaction, the data provider could not reasonably be expected to undertake any responsibilities of the sort described for the other types of data provision contracts addressed in the Principles.


There was a broad range of diverging views were expressed on how the default rules should apply to such transactions. Three views may be summarised here. First, their distinguishing feature lay not in the mode of data provision, but in the absence of any undertaking by the data provider as to data quantity or quality. It was therefore suggested that it was sufficient to accommodate “passive” provision in the default rules on data conformity. It was observed that the revised article 8, paragraph 2(a), already incorporated the notion of reasonable expectations. Second, such transactions were distinguished by the data provider undertaking to give access not to data but rather to the system where the data was held, which raised questions of scope. Third, the “passive” provision of data represented one end of a spectrum of data provision contracts in terms of the undertakings by the data provider as to data access, conformity and use.


No firm conclusion was necessary; however the discussion provided the delegates and observers with a greater understanding of the nature of the “passive” provision of dat



 
 
 

Recent Posts

See All
Working Group VI update

WORKING GROUP VI REPORT DRAFT NEGOTIABLE CARGO DOCUMENTS CONVENTION UNCITRAL, by Working Group VI, is developing a convention about...

 
 
 

Comments

15137557_371407073207709_522874985258349
  • LinkedIn
  • 2657544_media_social_website_youtube_icon
  • 287692_mail_icon
bottom of page