The Anatomy of a Data License Agreement

Data is gold now in the digital world, and Software-as-a-Service (SaaS) companies collect a ton of it. Licensing access to data has become a huge business model that a lot of companies do in addition to their actual product. If you’re planning to license your data, you should have an appropriate agreement in place. This post will give you a high level overview of what goes into a Data License Agreement.

  1. Recitals – This part of the agreement clearly lays out who the parties are, what they do, and what they’re bringing to the table in this integration. For example, “Acme Corp develops, markets, and sells —“, “Beta Corp develops, markets, and sells —“, “Acme Corp wants to license its data to Beta Corp.” It’s important to be specific in these recitals about what exactly you do, and what the intended result is.
  2. License Grant – Here, you will specifically lay out that you are granting a license to your Customer to utilize your data solely for specific purposes (which can be in an Exhibit).
  3. Use Restrictions – An important section where you will lay out that the data can only be used for specific purposes, and your customer is not allowed to use it for any other purpose. This section is what will give you a right to terminate an agreement and pursue damages if you find that your customer is misusing your data.
  4. Reservation of Rights – Clearly stating that you reserve all the rights to your product and data that you are not explicitly granting to your customer according to the agreement.
  5. Fees and Payment – Lay out what you are charging for the data and how you will be accepting payment. You can get unique here, if you are setting up an arrangement where you share data in exchange for data.
  6. Confidential Information – Set your definitions and rights around what is considered confidential information, and how you expect it to be protected. Best practice would be to set the definition of confidential information in a broad way.
  7. Data Security – The data being shared is likely to be regulated personal information – so it is important to set forth specific data security requirements for your Customer, including requiring reasonable legal, organizational, physical, administrative, and technical safeguards in accordance with industry standards such as SOC 2 Type II and ISO 27001.
  8. Intellectual Property Ownership – Specifically lay out who owns what in terms of intellectual property. The data that is the subject of this agreement belongs to you, and your customer is simply getting a limited, revocable, non-exclusive license to use it (unless otherwise negotiated).
  9. Disclaimer of Warranties – Best practice here is to disclaim all warranties and clearly state that the data that is the subject of this agreement is provided as-is and you are not offering any specific warranties to cover it.
  10. Indemnification and Limitations of Liability – Often negotiated sections on what type of indemnification is offered between the parties, and what, if any, limitations are set for liabilities. As data is being shared here, pay particular attention to any data breach carveouts in this section.
  11. Term and Termination – Specifically lay out how long the license to the data lasts, and under what circumstances the agreement can be terminated – including for convenience, for breach, for bankruptcy, etc. Further, it is best practice to specifically lay out data retention requirements – such as how the data must be deleted or returned, and what kind of certification is required to confirm deletion.
  12. General Provisions – such as Entire Agreement, Force Majeure, Notice, Waiver, Severability, Assignment, Compliance, Choice of Law, Relationship of the Parties as Independent Contractors, Waiver, and Counterparts to the agreement.
  13. Exhibits – Recommended for these agreements, as stated above, are a License Grant exhibit, Data Security exhibit, Data Protection Addendum, and relevant notices.
  14. Data Broker Registration – Certain data privacy laws and regulations, such as the CCPA and CPRA, will require your company to register as a “Data Broker” if you are licensing out data. Review this registration process, and make sure you are compliant with the relevant laws and regulations.

Let us Help

This post is just a high level overview of the what goes into a Data License Agreement.

There are many more nuances and specifics around this type of agreement, and you should have an experienced attorney help you through drafting the right one to make sure you and your customers are protected.

Kader Law can help you draft, edit, or negotiate these agreements. If you’re interested, feel free to contact us.

This post is not legal advice, and does not establish any attorney client privilege between Law Office of K.S. Kader, PLLC and you, the reader.