Data Protection and Its Importance for Brand Professionals

The rise of data protection and privacy rights cannot be ignored, and neither can its impact on brand professionals. In recent years, legislators and regulators on every continent have adopted the European Union’s approach to data protection and data privacy law. In some early instances, this was done with sector-specific statutes and now, in most cases, with generally applicable obligations on companies that collect, store, and process personal data, regardless of industry or context. For brand professionals, data protection and privacy now touch on everything from how bad actors are investigated and pursued to how a firm secures and uses its own client and customer data.

Access to Data for Enforcement Purposes

INTA established its Data Protection Committee (DPC) in 2016. One if its first goals was to advocate for reasonable access to personal data to investigate and enforce against infringers and other bad actors. The use of data privacy laws as a shield to help keep online infringers anonymous has raised challenges to intellectual property (IP) rights enforcement unforeseen by legislators. The Association has adopted a clear position on this topic in a Board Resolution on Reasonable Data Access for Enforcement Purposes, which the DPC helped to research and draft. While supporting the privacy rights of individuals, INTA’s position is that these rights are not contradictory to robust trademark protection, and appropriate safe harbors or other mechanisms should be put in place to enable the disclosure of no more information than necessary for identifying alleged infringers while safeguarding from liability the data controllers and other intermediaries that disclose that information.

Advocacy on Data Protection Legislation

Many jurisdictions worldwide are presently debating and introducing new data protection legislation. The DPC makes good use of the Board Resolution to advocate exceptions for the enforcement of IP rights in new data protection legislation. Examples of the Committee’s work include development of a standard letter from INTA to African governments that are considering the adoption of data protection laws and the submission of public comments on proposed legislation in India.

The Association is also currently forming an advocacy plan, including proposed language, for EU countries to use when implementing the recently enacted EU Directive on Measures for a High Common Level of Cybersecurity Across the Union (known as NIS2). INTA’s work on this front is important because it supports access to domain name registration data where needed to enable the enforcement of IP rights.

Debate on Data as an IP Asset

Within the DPC, we have had lively discussions around the notion of data as an IP asset in its own right, current possibilities for protecting data as an intangible asset through existing IP laws, and whether new IP laws are necessary to help fill in any gaps. The outcome of this debate is contained within a report to be published to coincide with INTA’s conference on The Business of Data: Innovation, Regulation, Security, and Ethics, being held in New York, March 22–23, 2023. The report follows from a global survey regarding the different traditions of various regions regarding this question, specifically where different types of data are protected through different legal theories, including via contract law, trade secret law, or other sui generis laws. Currently, the report comes to a nuanced conclusion, which will be the subject of further discussion in a panel session at The Business of Data Conference.

Data Privacy and Consumer Trust

For all brand professionals, consumer trust in a brand is key. Cyber incidents, including data breaches, can have a dramatic impact on consumer trust, as reported here in the INTA Bulletin. That is particularly true where preventative and protective measures in place at the time of the incident are found to be inadequate. A general lack of care for consumer data can quickly erode trust on an ongoing basis. The DPC therefore continues to work on updates to its Recommendations to Enhance Brand Value Through Data Protection and associated country-specific supplements, now augmented by a “Data Protection Checklist for Brand Owners,” which serves to help brand professionals spot issues and work towards data compliance. Learn more about the checklist.

Raising Awareness

The DPC’s remit includes raising awareness and providing education for INTA members on relevant data protection and privacy issues. To this end, the Committee has been instrumental in the creation of a number of webinars, including the Privacy and Cybersecurity Litigation Trends and Survival Kit for Brand Owners and Data Privacy 101―How to Ensure Data Protection and Enhance Brand Value in the Age of Data Privacy.

The field of data protection continues to evolve apace, and its influence on the everyday work of brand professionals continues to grow. The DPC has an important role to play in advocating for brand owners and delivering resources to brand professionals in this field.

Although every effort has been made to verify the accuracy of this article, readers are urged to check independently on matters of specific concern or interest. 

© 2023 International Trademark Association