In a customer / supplier relationship who owns the data? It’s obvious isn’t it – the customer of course. In general, that’s true, provided there are no assignments of rights in the provider’s terms. As a customer, you do check the terms don’t you?
The data controller bears the primary responsibility for compliance with EU data protection laws so the provider might not want to take on that responsibility anyway. So that works for both the customer and the supplier then.
But what happens where the customer owes money to the supplier? First year law students know that if you take your car to a garage for repair, the garage can exercise a “lien” over the car to refuse to return it to you until you pay. Is it the same for data? Well, no actually. The UK Court of Appeal recently ruled that a provider can’t exercise a form of lien over the customer’s database even if the customer doesn’t pay the supplier’s invoices. This is because databases are intangible assets and liens apply only to tangible assets.
So, cloud providers, to ensure you can exercise rights over the data that you’re holding on behalf of your customer, you need to ensure you specifically write this into your customer contract. Need help writing your contracts? Check out my workshop on 1 October.
Image “Scales Of Justice Key Means Law Trial ” courtesy of Stuart Miles / FreeDigitalPhotos.net”.