Go to Data Republic
All Collections
Getting started
Trust Centre
Data Republic's Legal Framework

Data Republic's Legal Framework

License the Data Republic platform and use Data Republic's Common Legal Framework for data exchange
Data Republic avatar
Written by Data Republic
Updated over a week ago

Introduction

At the heart of the Data Republic platform are the legal agreements with Participants. Agreement to and compliance with their terms provides the trust and transparency to facilitate data sharing between parties.

Below is a summary of legal agreements available and the use case for each:

In this article we will cover the agreements and their components in detail.

Data Republic Software Agreement

This is the foundational document among our legal components. The Data Republic Software Agreement is a typical SaaS (software as a service) license, which grants each Participant access to use the Data Republic Platform and establishes the rights and responsibilities of Data Republic and the Participant.

The Data Republic Software Agreement executed once offline by Customer.

The commercial terms for each license are covered in a Term Sheet which includes :

  • Any applicable modules (for additional functionality)
  • The term of the agreement (including any renewal terms)
  • The functional inclusions (number of users, Projects and Workspaces)
  • The fees associated with the license and any other fees incurred

Multiple Term Sheets can be executed depending on the Participant’s need.

Guest Agreement

In order to for a Data Republic Customer to conduct an exchange with a Guest, the Guest Participant must be approved by Data Republic and sign a Guest Agreement.

Once the Guest Agreement has been signed, the Guest will be granted access to the Project designated by the Customer for the exchange to occur. The Customer (Host Organization) will be responsible at all times for the actions of Guest Users (including the content of any data uploaded onto the Data Republic Platform and the conduct of any exchanges).

Developed in conjunction with leading legal experts, the Data Republic Common Legal Framework (CLF) is a balanced and functional framework for multi-party data sharing. The CLF defines the role and responsibilities of Participants, IP ownership, confidentiality, privacy, data destruction, etc.

Each Participant has the option to leverage the Common Legal Framework in order to conduct data exchanges with other Participants on the Data Republic Platform.

The Common Legal Framework has been designed to provide a high level of flexibility, control and confidence to Participants.  There are three data exchange modules:

Module

Module Application

1. Data Contributor Module

Uploading data for use within a collaboration project

2. Data Developer Module

Building data products on platform

3. Data Recipient Module

Receiving data or insights as part of the project

General rights & responsibilities*

  • Participants rights under each module are subject to Participant’s compliance with the terms in the relevant module, any other applicable module and the Data Republic Platform Licence
  • Participant acknowledges and agrees that each approved Data Licence shall constitute a stand-alone contract between each of the Participant, Data Republic and any other Data Contributor(s), Data Developer(s) and Data Recipient(s)
  • Participant warrants that its approval on Platform shall constitute a binding execution of such approved Data Licence by Participant

* Not exhaustive

Each module sets out the terms that will apply to Participants in an exchange according to the role they play (this may include one or multiple roles) and works with the Project specific Data Licenses. The Common Legal Framework forms a common shell for repeatable use and has been developed to be as broadly applicable as possible. Whereas, Data Licenses specifies the use case specific terms, including the permitted use of data.

Data Contributor Module

Uploading data for use within a collaboration project

Key Components

Key Rights and Responsibilities

Data

  • Provision
  • Use
  • Delivery
  • Matching
  • Security & Segregation
  • Every time data is provided, the Participant must outline data access terms, data characteristics, the types of data products permitted, whether matching is permitted and any special conditions
  • Data Republic must only use or access the data, or permit the data to be used or accessed to the extent approved in a project Data Licence. Data Republic must not take any steps to re-identify any individuals
  • Both Data Republic and the Participant will notify each other if they become aware that the delivery mechanism fails
  • If tokenised data is provided, additional data matching terms will apply
  • Data Republic must segregate Participant data from other Participant data, enforce adequate safeguards against interference or unauthorised access and notify Participant of any material amendments to security protocols

Intellectual Property

  • Unless otherwise agreed in the Data Licence, all rights, titles and interests in and to the Participant data, background Participant IP (developed off platform) and derivative materials remain owned by the Participant or its licensors and is not transferred to Data Republic

Audit

  • Participant has the right to conduct an audit of Data Republic (or engage an independent third party auditor to do so) to verify Data Republic is compliant with the CLF terms. Audit information is subject to confidentiality obligations.

Privacy

  • Participant must not transfer any PI data to Data Republic. PI data must only be provided in tokenised form
  • Participant must notify Data Republic upon updates to its privacy policy that may affect participation in matching

Warranties

  • Participant warrants that the data has been obtained legally and its use in accordance to any agreed Data Licence will not violate any applicable laws (including privacy and competition law) or infringe upon any IP right
  • Participant warrants that they have obtained all necessary consents from individuals for matching (when required)

Liabilities

  • Data Republic must procure that each data product recipient agrees to the terms of the relevant Data Licence

Termination

  • From the date of termination, Participant will cease to provide data and Data Republic will either return data or undertake secure data deletion
  • Users with rights to use a data product in line with an approved Data Licence may continue to use for the remainder of the term of data use but will receive no updates

Data Developer Module

Building data products on platform

Key Components

Key Rights and Responsibilities

Data sandbox environment

  • Prior to accessing data within the environment to create a data product, the Participant must make a request through the Data Republic platform specifying the data to be used, the type of data product to be created and the intended use and recipients of such a data product
  • Access is subject to the approval of such a request by Data Contributors. Data Republic have no obligation to provide access prior to approval
  • Access is provided either to test the development of data products or create data products that may be made available to other Participants (permitted purpose)
  • Participant must not sell or licence the environment or any Participant data, nor allow any person to use or benefit from the environment other than is permitted
  • Participant must limit access to the environment to employees of Participant who require access

Data product development

  • Participant must not attempt to re-identify individuals or combine with external data that has not been explicitly approved
  • Participant must not modify, extract, copy, export, transfer, delete or remove data from the secure environment without approval from relevant Data Contributor(s)
  • Participant must not modify, merge, alter, adapt, translate, de-compile, disassemble, reverse-engineer or interfere with the environment or source code
  • Participant must create data products in compliance with any special conditions in the Data Licence

Intellectual Property

  • Data Developer owns all rights, title and interests (+ IP rights) in and to Participant algorithms (they are not transferred to Data Republic)
  • Data Republic own all rights, title and interests (+ IP rights) in and to the data sandbox environment
  • Participant assigns to Data Republic all rights, title and interests (+ IP rights) in and to the data products upon creation. Data Republic grants to Participant for an agreed period of time, a worldwide, non-exclusive, non-transferable licence to use the data product for the permitted purpose outlined in the Data Licence
  • The sandbox environment enables independent development of data products from multiple users which could be similar. Participant must not pursue any Claim against Data Republic in respect to alleged infringement of any patent arising out of a Participant algorithm and must impose the same on any 3rd party that receives IP rights subsisting in any Participant algorithm
  • Participant grants to Data Republic a worldwide, non-exclusive, non-transferable licence to use any patent rights arising out of or in relation to a Participant algorithm

Termination

  • Data Republic may retain and continue to use any data products from the date of termination, that been developed using Participant algorithms according to terms in the approved Data Licence
  • Upon Data Licence expiry Participant must cease accessing the secure environment and data

Data Recipient Module

Receiving data or insights as part of the project

Key Components

Key Rights and Responsibilities

Data products

  • Participant must only use data products for the permitted purpose, in accordance with any requirements, exclusions or special conditions, as outlined in the approved Data Licence
  • Participant must not copy or remove any Participant data from the Data Republic databases
  • Participant must not reverse engineer any data products that use or include Other Participant data
  • Participant must not sublicense, assign, transfer, sell or exploit any data product that uses Participant data without written consent in the Data Licence and if applicable a EULA being in place with the relevant permitted sublicensee
  • Participant must not combine data products on Platform with third party information without written consent in the Data Licence
  • Participant must not take any steps on Platform to seek to re-identify any individuals except in respect of a data product that has been provided on both a fully matched and tokenised basis or as otherwise agreed in an approved Data Licence

Intellectual Property

  • Data Republic or its licensors (Data Contributors) own all rights, title and interests (+ IP rights) in and to any data products
  • Data Republic grants to Participant for an agreed period of time, a worldwide, non-exclusive, non-transferable licence to use the data product for the permitted purpose outlined in the Data Licence

Sublicensees

  • All third parties who use or receive data products from Participant must be approved by Data Republic and the relevant Data Contributor(s) as permitted sublicensees and prior to receiving data products from Participant, enter into a sublicense agreement (EULA) with Participant

Data Recipient Undertaking

  • Data Recipient will not be permitted to use a data product until it has agreed to the terms of an approved Data Licence in respect of that data product, which will include an undertaking
  • The Data Recipient Undertaking covers indemnity and consequential loss

Termination

  • Participant may retain and continue to use any data products from the date of termination, that have been developed solely using Participant data or are derived from, but do not incorporate, Other Participant data in its original form, but will cease to receive any data updates in respect of such data products
  • Participant must immediately cease to use any other data products and must terminate the use of such by any permitted Sublicensees, but only in relation to the Other Participant data incorporated or included

Commercialization of data is an option on Data Republic, not a requirement.  Many of the exchanges are collaborative between organisations, and data fees are not a feature.

Third-Party Exchange Module

Participants are able to use their existing legal arrangements for third party data sharing and exchange, by selecting the Third Party Exchange Module. 

The Third-Party Exchange Module sets out that the multi-party exchange functionality will be made available to the Participant to conduct exchanges with third parties who may or may not be a Participant. These exchanges will be carried out on the Data Republic Platform, but will be governed according to the Participant’s own legal arrangement.  

Participants are able to conduct third party exchanges with both other Participants and with third parties that are not Data Republic Participants (Third Party Users)

Privacy-Preserving Matching Module

The Privacy-Preserving Matching Module sets out the terms on which a Participant is able to use the Data Republic Privacy-Preserving Matching feature for data tokenisation and matching services. 

The functional aspects of Data Republic's Privacy-Preserving Matching feature can be found in the Privacy-Preserving Matching User Guide.

End User License Agreement

Data Republic participants include analytical firms that create derived data products that might include aggregations, maps, scores and other outputs that are several steps removed from the raw data provided by one or more data contributors.  If these data product producers sell a data product to a non-participant, then the EULA can be used to protect the interests of data owners, to the extent that their intellectual property still exists within.

FAQs

Do I need to sign all of the modules?

Data Republic’s Legal Framework comprises the Data Republic Software Agreement and five modules. The Data Republic Software Agreement is mandatory because it is a license to access and use our core Software as a Service (SaaS) platform. The Data Republic Software Agreement sets out Data Republic’s standard terms; the rights and obligations of users (use case, time frame, users, confidential info) when using Data Republic.

With the Data Republic Software Agreement in place, participants can then leverage the additional modules depending on the nature of the projects they wish to conduct on Data Republic.

The additional modules fall into three categories:

1. The Common Legal Framework Modules for data exchange and analysis under a common legal framework managed by Data Republic:

  • Data Contributor Module
  • Data Developer Module
  • Data Recipient Module

2. The Third Party Exchange Module which permits customers to apply their own legal frameworks to data exchange and analysis projects with third parties.
3. The Privacy-Preserving Matching Module for tokenization and matching services

For more information on how the separate modules function, see this help article.

Why aren’t all the data exchange terms (Common Legal Framework) in one big module instead of being split up?

There is a split between the modules to show the differences between the obligations of different types of users (i.e. The users making the data product would sign a different module to the participant who is contributing data to a project). Depending on your role in a particular project, some of the modules may not apply to you.

Can I use my legal agreement to define the terms of a project with another organization on Data Republic?

Yes, participants are able to use their existing legal arrangements for third party data sharing and exchange by selecting the Third Party Exchange Module.

The Third Party Exchange Module sets out that the multi-party exchange functionality will be made available to the Participant to conduct exchanges with third parties who may or may not be a licensed Data Republic Participant. These exchanges will be carried out on the Data Republic Platform, but will be governed according to the Participant’s own legal arrangement.

What is the purpose of End User License Agreements (EULAs)?

The EULA enables derived data products created via projects on Data Republic (for example aggregations, tools, maps, reports or scores) under the Common Legal Framework to be licensed to a non-participant.

The EULA sets out the rights and obligations of the Data Custodian, data product developer and end-user when licensing or selling an approved data product.

Do we need to agree to the Privacy-Preserving Matching Module every time we conduct a matching project?

No. The terms of the Privacy-Preserving Matching Module will apply to any tokenization and matching activities that you undertake using the Data Republic Privacy-Preserving Matching feature.

How much responsibility do I take on if I bring on someone with a Guest License to Data Republic?

Guest Licenses enable participants to collaborate with trusted partners without those trusted partners being required to obtain a full Data Republic Software Agreement. This can significantly help accelerate outcomes from your Data Republic Software Agreement.

We provide tools to help participants to determine the privileges granted to Guests, and therefore what they are permitted to do on the platform, however, Data Republic ultimately holds participants responsible for their guest’s activity within their ‘invited projects’.

As such, we recommend only provisioning Guest Licenses to organizations you know and trust.

When should we have a non-disclosure agreement with Data Republic?

We have a standard form Mutual Non-Disclosure Agreement which we can enter into with you if you would like to have detailed discussions before signing up to the Data Republic Software Agreement.

However, if you have a Data Republic Software Agreement with us, then there is no need, as comprehensive confidentiality provisions have already been agreed to.

Does Data Republic own my intellectual property (IP)?

No. Data Republic will never own your IP.

Under the Common Legal Framework (the optional common legal framework for data exchange and analysis governed by Data Republic) we do have specific terms that can appear a bit like we do, but these terms apply in a very limited context and only to avoid complexity in multi-party data exchanges.

Under the Common Legal Framework, the general approach is that all parties retain the intellectual property in whatever it is they bring to the platform (that could be in data sets, algorithms or other ways of combining and analyzing data).

When a data product is created, there is a compilation of multiple distinct forms of IP which have distinct ownership (data IP, developer IP etc.).

In order to avoid a convoluted shared IP ownership situation, the default position in the Common Legal Framework is that each party will retain ownership in the distinct forms of IP that comprises the data product, and that Data Republic will own the IP in the data product as a compilation. Data Republic then licenses the data product to the data recipient.

Data Republic’s ownership of the IP in the data product is limited to the extent that the owners of the background IP have licensed the IP comprised in the data product. In practical terms, this means that Data Republic can only use the data product as agreed to by the parties who own the underlying IP.

If required, this default position can be amended in the Data License with the agreement of each of the relevant parties to the exchange.

Why can’t I have explorer access to Data Republic?

Data Republic is concerned with meeting the risk management and confidentiality requirements of its participants. We are considering whether a short-form agreement may be possible, along with functional privilege restrictions for an explorer role on the platform might be possible. In the interim, our team are keen to assist you with demonstrations of the Data Republic Platform.

View Data Republic Software Agreements


Did this answer your question?