In the age of AI, who owns what?
Metaphorical robots are infiltrating organisations and reinventing business processes due to the rapid rise in Robotic Process Automation (RPA), which has become a readily available solution offered by ICT service providers. A year ago, says 4IR guru Arthur Goldstuck, “only 6% of South African enterprises were using robotics. Then came the RPA explosion. Now the figure stands at 37% (in Engineering News, 2019).”
But, the rush to release robots in search of profitability should not come at the expense of the valuable data on which organisations are built. Robots bring profits, yes, but they also bring challenges around ownership and these can prove costly down the line.
Many SA business owners are concerned with practical questions, like: When you guide your organisation down the dynamic path to process automation, software bots, machine learning and artificial neural networks, what’s the smartest, safest way to proceed? Who owns the output? Can the underlying data be owned? And if so, who owns it?
First, what exactly is AI?
According to DataRobot CEO Jeremy Achin in BuiltIn.com (2017), AI generally falls into two broad categories: ‘narrow AI’, which is a simulation of human intelligence, often focused on performing a single task extremely well, and ‘Artificial General Intelligence’ or AGI, which refers to machines with a general intelligence that, like a human being, can solve almost any problem. At present, most organisations deal with narrow artificial intelligence, in the form of algorithms, as part of a greater process of machine learning.
This is an important concept to understand because, in machine learning, the rules are actually created by the algorithms – not by the developers of the algorithms.
What does the law say?
A distinction has to be drawn between the output in the form of material embodiments, like compiled databases, and the underlying data. Although data is a protectable interest, our case law seems to suggest that it may not be capable of being owned. This is different to material embodiments of data, which are generally protected by copyright law.
Legal regimes vary across borders but, at the risk of generalising, the underlying principle has been that only things created by humans can be protected by copyright. The two forms of copyright works that are relevant are computer programs and literary works and, under SA copyright law, the author of a computer-generated copyright work is the person who undertook the arrangements necessary for its creation. So when algorithms make the arrangements, who owns the copyright in the work? Humans do.
To reiterate, the ‘author’ is either the person who first makes or creates the work (in the case of a literary work) or the person who exercises control over the making of the program (in the case of a computer program). And even if AI plays an integral part in creating a set of database structures and databases, our law provides that copyright is owned by the human author of the work (or by their employer, if they’re employed).
Other issues to consider
Where there’s an external service provider analysing business processes and implementing solutions, the authorship question rears its head because, without taking a written assignment of the copyright, the service provider – not the organisation to which services are being delivered – may end up as the copyright owner.
Given the uncertainty, the ownership of intellectual property in the context of AI should be contractually regulated upfront – and the parties should decide, prior to the development of the AI system, who will own what.
From a business continuity point of view, it is a good idea for the organisation to ensure that it receives a perpetual license to use the AI algorithms. The license may also make provision for placing the source code and implementation documentation in escrow.
A specific and focused restraint of trade clause could also be included in the contract to prevent the service provider from implementing a similar AI solution for the benefit of a competitor down the line. The organisation should craft a specific sector in the industry that it wishes to ring-fence by the restraint, and only to the degree that is reasonably required to protect the confidential information.
The contract should also include the necessary confidentiality clauses, to establish what confidential information is and how it should be treated.