720-891-1663

Legal, Privacy

Are Privacy and Trade Secrets on a Collision Path?

Leave a comment

I don’t think so, but one attorney does. I will let you decide. It is an interesting but misguided position. Here goes. Other than what is in square brackets, everything below is Jenny’s position. I don’t blame her; her job is to protect her client’s interests.

She says that you can’t patent a dataset and that is absolutely true. If you are OpenAI and you have trained your LLM on large amounts of [in my opinion, other people’s ] data, you can’t patent the result. It is possible that, maybe, you can patent the software, but even that is dicey.

Trade secrets must (a) be valuable to someone, (b) secret and (c) protected – kept secret – by reasonable means.

[Here is my first issue with her. This data that her clients have so aggressively collected doesn’t belong to them. It is your data and my data which her clients have scraped, bought and, in some cases, stolen or at least taken without permission. How can that be their trade secret?]

Second generation privacy laws, which are now the law in about a dozen states, require transparency.

Some laws – not yet in the United States but yes, in the EU, require algorithm transparency. Data and algorithm transparency and trade secrets have a hard time coexisting. [I give her that, but I suggest that since – as I claim – the data isn’t theirs anyway, it can’t be a trade secret. Algorithms, yes, but we will fight over the degree of transparency and I think we can come to some resolution].

Some of the privacy laws come with a private right of action. [Personally, I think this is good. Companies said, after the California private right of action came into force, that the world was going to end. The reality is that there have been very few private lawsuits as a result. Attorneys General don’t have enough resources to go after any but the MOST egregious violations, so allow private attorneys to fill the gap.]

She also points out that juries are awarding large verdicts in trade secret cases such as $2 billion in Appian Corp. v. Pegasystems. [ A quick look at that case indicates that is a case of one company breaking into another company’s computers and stealing trade secrets. What does that have to privacy laws? Nothing. That is just a diversion.]

She says that companies in a variety of industries such as food, retail and medical are using CONSUMER data fed into AI models to become more efficient.

[Does telling consumers what you are doing make that any less valuable? It turns out that it does because when you tell consumers what you are doing, they object. A very recent case in point is Zoom. They quietly changed their terms of service to allow them to use – I would say steal – all your data to train their AI and when that fact hit the media the firestorm was so great that they were doing a ‘just kidding’ dance that would make Fred Astaire jealous. Another case. When Apple forced Facebook and others to get people to opt into using their data, people dramatically overwhelmingly said NO! Apple said that one change alone is costing them $10 billion a year. That is really why they want to keep this secret.]

[It is fair that exactly how they are using each company uses each data element is proprietary, but I don’t think that is what consumers want to know about. They want to know what data elements you are using and why you want to use it.]

The privacy laws are, she says, broadly defining collecting, for example, health information to include: “collect’ means to buy, rent, access, retain, receive, acquire, infer, derive, or otherwise process consumer health data in any manner.” [OK, what is the problem here. If you aren’t worried about blowback – which they absolutely are – tell people what data you are buying or otherwise acquiring].

Washington’s My Health, My Data law (MHMD) provides consumers with the right to confirm whether a company is collecting, sharing or selling consumer health data concerning the consumer, and to access such data, including a list of all third parties and affiliates with whom the regulated entity or the small business has shared or sold the consumer health data. [I am not clear how this is a trade secret. Who you are buying data from or selling data to is a secret? Again, only because you are worried that consumers will revolt if they know.]

The attorney suggests that, for example, a better solution would be, if the consumer wants you to delete the data you have on them, you should not have to delete the results of processing the data. [For example, if you know that I am looking at baby products and buying new baby supplies they could likely assume you are pregnant. They want to only have to delete the fact that you are looking at baby products but not the fact that you may be pregnant. Sorry, it is my data. The fact that you massaged it to be able to sell me diapers does not make it any less my data.]

[The article is longer and goes into more detail, but fundamentally, the argument is that her clients have some sort of right to our data. They stole it fair and square by telling us that if you use their service or someone else’s service, you give up your rights to your data. They don’t like the fact that most people don’t agree with that and that disagreement screws up their business model.]

Stay tuned, this fight is far from over. Credit: JDSupra

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2024 CyberCecurity, All rights reserved. Privacy Policy