Standard contract term - what does it mean?

**Protagoras** · 29 November 2024, 14:21

Originally posted by interestedparty View Post

What does this standard contract term mean?

You shall own all right, title and interest in and to all of the Customer Data that is not Personal Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all such Customer Data.

It seems to be in all contracts? Why does it exclude personal data?

I can't say I've ever see such a clause. Are "Customer Data' and 'Personal Data' defined?
Is this an employment contract? The use of the personal pronouns 'you' is also rather interesting.

Do you have a contract reviewer who has expressed a view?

**interestedparty** · 29 November 2024, 14:23

It's a standard contract term that is in all of contracts to clients and they have questioned it. I've googled it and it seems to be in most companies' standard contracts?

**interestedparty** · 29 November 2024, 14:53

It's a standard contract term that is in all of our client contracts and they have questioned it. We've used it for years and I don't know who originally drafted it. I've Googled it and it seems to be in most companies' standard contracts?

**northernladuk** · 29 November 2024, 16:46

This clause outlines the ownership and responsibility related to "Customer Data" (which does not include "Personal Data"). Here's a breakdown of what it means:

"You shall own all right, title, and interest in and to all of the Customer Data that is not Personal Data":
- You (the person or entity this clause is addressed to) will own all the rights to the Customer Data, except for the data that qualifies as Personal Data. In other words, you have full ownership of the Customer Data, and that ownership does not extend to any data that is considered personal, such as identifiable information about individuals.
"and shall have sole responsibility for the legality, reliability, integrity, accuracy, and quality of all such Customer Data":
- You are solely responsible for ensuring that the Customer Data you own (again, excluding Personal Data) is:
  - Legal: It complies with laws and regulations.
  - Reliable: It is trustworthy and dependable.
  - Integrity: It has not been tampered with or altered improperly.
  - Accuracy: It is correct and up-to-date.
  - Quality: It meets certain standards or expectations for its purpose.

Summary:

This clause means that you own and are fully responsible for any Customer Data (that isn't Personal Data), and it's up to you to ensure that the data is lawful, reliable, accurate, and of good quality.

**WTFH** · 29 November 2024, 16:53

Originally posted by interestedparty View Post

It's a standard contract term that is in all of our client contracts and they have questioned it. We've used it for years and I don't know who originally drafted it. I've Googled it and it seems to be in most companies' standard contracts?

You’d need to think about why you are putting it into your contracts, what are you hoping it will cover/achieve, and is it relevant to the client you are presenting it to?

As for why a company does not “own” personal data, that’s covered under GDPR and whatever the name for the UK equivalent is.

But it’s your contract, you can put in what you want.
Clients can question it, at which point:
You need to be able to explain it to them, or change the contract wording, or walk away.

**hobnob** · 29 November 2024, 20:32

If you're asking "why is this clause in the contracts?" then you should ask the people who wrote the contract, i.e. your colleagues. I think the practical answer is "we copied and pasted from a previous contract as a standard template".

This is something that might make sense in some contexts, but not others. E.g. cloud hosting often has a shared responsibility model, which defines who is responsible for patches etc.
Cloud security shared responsibility model - NCSC.GOV.UK
The accuracy of the data is typically going to be the customer's responsibility, but that doesn't necessarily mean that the hosting company can dodge all responsibility. E.g. if someone puts dodgy videos on YouTube, Google can't just say "it's nothing to do with us, talk to the person who posted it".

If your company is doing data analysis, this type of clause might be useful to specify that your customer still owns their data, and you're not going to make it available to anyone else.

A privacy policy could also be relevant now that more companies are harvesting data for their LLMs.

However, if nobody at your company understands what the clause is for, you should hire a lawyer and/or take it out.

**northernladuk** · 29 November 2024, 21:47

Originally posted by hobnob View Post

If you're asking "why is this clause in the contracts?" then you should ask the people who wrote the contract, i.e. your colleagues. I think the practical answer is "we copied and pasted from a previous contract as a standard template".

Erm no. I very much doubt his colleagues wrote the contract. And no, I very much doubt that would be the response. You mean you should ask the legal/HR team who own that contract and they will refer back to the lawyer that wrote the contract for them.

This is something that might make sense in some contexts, but not others. E.g. cloud hosting often has a shared responsibility model, which defines who is responsible for patches etc.
Cloud security shared responsibility model - NCSC.GOV.UK
The accuracy of the data is typically going to be the customer's responsibility, but that doesn't necessarily mean that the hosting company can dodge all responsibility. E.g. if someone puts dodgy videos on YouTube, Google can't just say "it's nothing to do with us, talk to the person who posted it".

If your company is doing data analysis, this type of clause might be useful to specify that your customer still owns their data, and you're not going to make it available to anyone else.

Again I don't agree. This is a pretty standard ownership of company data and every company has data regardless of what they do.

A privacy policy could also be relevant now that more companies are harvesting data for their LLMs.

Privacy policies have been relevant since customers had data.

However, if nobody at your company understands what the clause is for, you should hire a lawyer and/or take it out.

HR, legal or security will know what it means. I would ask him exactly what he means when he says 'they have questioned it'. I think you've gone down the wrong track and if he explained exactly who 'they' is and the situation he's questioned it it will become much clearer. If it's standard, then there shouldn't be any question so again, I would ask (but I'm not bothered as I gave the answer) who 'they' is.

**interestedparty** · 30 November 2024, 16:48

Hi, as the person who asked the original question I will try to clarify:

Our contact was written many years ago, long before my time, and we probably paid a solicitor to provide what looks like a 'model' or 'standard' contract template which we then tweaked to fit our particular business. I doubt very much if any of my colleagues ever questioned it, or were ever questioned about it by clients. If your combined responses above mean that the client may use their customer data for market research, statistical/trend analysis, etc., but that their ownership doesn't extend to personal data, for example, personal email addresses, then that makes sense to me.

The only point I'm struggling with is when customer and personal data intersect, i.e., could some data be both, or will customer data purely relate to buying habits, monetary values, percentage growth, demographic split, age bands, etc, so at a macro level rather then specific personal details relating to an individual customer?

I'm very grateful for everyones input, these sites are great for this type of debate and knowledge sharing.

**WTFH** · 30 November 2024, 17:56

Originally posted by interestedparty View Post

Hi, as the person who asked the original question I will try to clarify:

Our contact was written many years ago, long before my time, and we probably paid a solicitor to provide what looks like a 'model' or 'standard' contract template which we then tweaked to fit our particular business. I doubt very much if any of my colleagues ever questioned it, or were ever questioned about it by clients. If your combined responses above mean that the client may use their customer data for market research, statistical/trend analysis, etc., but that their ownership doesn't extend to personal data, for example, personal email addresses, then that makes sense to me.

The only point I'm struggling with is when customer and personal data intersect, i.e., could some data be both, or will customer data purely relate to buying habits, monetary values, percentage growth, demographic split, age bands, etc, so at a macro level rather then specific personal details relating to an individual customer?

I'm very grateful for everyones input, these sites are great for this type of debate and knowledge sharing.

OK, let’s go back and try again:
What exactly are you offering your client that involves customer data? Are you providing storage, are you providing database software, what is it you are providing?
You seem obsessed with “it’s not my fault it’s been like this for years” and “what is customer/personal data”
What are you trying to sell?

Standard contract term - what does it mean?