RESEARCH ARTICLES

 

Responsibility for data quality

 

 

DGN Gesmann-Nuissl^I; GK Kirchner^II

^IChemnitz University of Technology, Germany, Faculty of Economics and Business Administration. dagmar.gesmann@wirtschaft.tu-chemnitz.de
^IIChemnitz University of Technology, Germany, Faculty of Economics and Business Administration. gernot.kirchner@wirtschaft.tu-chemnitz.de

 

 

---

ABSTRACT

Everyone is debating about "Industry 4.0", but nobody exactly knows, who is responsible for the underlying quality of the used (big) data. This article is based on the research questions, why is it necessary 'especially in the time of "Industry 4.0"' that everyone strengthen their focus to data quality and related questions. The aim of the authors' is to answer first this new question with existing legal regulations. Regarding contractual liability they will elucidate, that the United Nations Convention on Contracts for the International Sale of Goods (CISG) is already applicable to the selling of data, irrespective of whether this data is embodied or unembodied. However, the question about the definition of "quality of data" still exists in the field of warranty. Furthermore, the authors will point out that in the field of legal product liability are similar issues to be discussed. In particular with focus on the Directive 85/374/EEC in the European Union (EU) they will exemplify how the community can evaluate if there is a data fault or not. A similar situation exists in the United States of America, so in the end the authors will focus on the Uniform Products Liability Act as basis for several state law codifications concerning product liability. However, finally in the opinion of the authors case law can only be a solution at first level regarding the responsibility of data quality; at the end only "technical standards" by private regulators can reliably and in an innovation-promoting manner close the nowadays existing gap.

Key phrases: Batch sizes of one; big data; cyber-physical systems; CISG, data faults; data as goods; data quality; Industry 4.0; liability; quality of data; unembodied data and warranty

---

 

 

1. INTRODUCTION

Everyone is debating about "Industry 4.0" - the fourth industrial revolution, which refers to the intelligent networking of machines and processes in the industry with the help of information and communication technology (Platform Industry 4.0 2019:Internet) - and autonomous cyber-physical systems are well known all over the world. In demarcation to the American approach "Industrial Internet Consortium (IIC)", which is more a cross-industry orientated approach in the field of the internet of things, "Industry 4.0" originally focused on the digitalisation of the German industry. Regardless of the precise definition, many autonomous cyber-physical systems are known, which are collecting data by using mostly wireless sensor networks and will be forwarded afterwards in a further step to a central hitch for further processing and analysing.

Therefore, everyone has to keep in mind, that the starting point of all these systems is a large amount of data "big data". For this purposes, "big data" mean a big amount of complex and mostly unstructured data, which are generated by (autonomous acting) cyber-physical systems and machines based on an electronic communication. After this collecting process, you have to use big data management systems to organise, administer and analyse such data. Ordinary data analysis methods are not able to fulfil the requirements to do this anymore, especially if you keep in mind the high velocity with which big data is generated all the time, which is why Russom (2011:6) describes big data as three Vs: volume, velocity and variety.

Systems, which are working based on big data, are very common and not only confined in the banking, communication and automotive sectors, but also in the healthcare industry and increasingly because of "Industry 4.0" in small and medium enterprises (SMEs). Especially the last mentioned fact will increasingly become of interest in the nearest future, not only in Germany where the authors are involved in the "Centre 4.0 of excellence for Small and Medium Enterprises (SME) Chemnitz", an initiative founded by the German Federal Ministry for Economic Affairs and Energy, but also across the globe.

Despite these well-known digitalisation efforts there is one initial main issue, which is not as well-known, although it carries a huge risk of liability for the whole big data industry and accordingly for the small and medium enterprises at national and international level by using big data applications. The underestimated challenge is the question of responsibility and liability for bad "data quality" in cases where damages occur whether itis related to human beings for example in the health industry or property.

To evaluate at a first instance the related risks with regard to bad or good quality data, the article gives an introduction about the liability for data faults in different settings, e.g. in the healthcare system and in the automotive sector as well. The overarching aim of the article should rather be to provide general legal results at a national and international level, in which especially in contractual relationships also the CISG (United Nations Convention on Contracts for the International Sale of Goods) is to be noted as International Convention on the law applicable to the international sale of goods and the legal regulations regarding the product liability as well. In addition to that, the article is also focusing on questions what exactly correctness of data or an agreement about a certain data quality mean. The article's purpose is therefore not only to identify legal liability challenges at a national and international level posed by using autonomous cyber-physical systems and big data applications but also to examine the effectiveness of existing laws.

 

2. RESPONSIBILITY AND LIABILITY REGARDING QUALITY OF DATA

The authors would like to refer to a discussion about big data analytics in healthcare. Parslow (2014:Internet) from MedeAnalytics has shown at first in this discussion a way to use smart watches and wearables to monitor patients, e.g. their heart rate, calorie consumption and other health indicators such as their physical activities and -relaxation times Hernandez (2014:Internet). After collecting all of these different types of health data from different patients, big data applications could show not only if a patient is ill, they could also "foresee and prepare for individual illnesses". That means even before the patients experience any symptoms about the threatening illness. Hence, big data enables today not only at a first level to identify potential health risks, but also by using big data for health reasons. It is possible to announce preventive measures to early ward off threatening illnesses or to treat diseases like diabetes as well. Exactly for that reason, there is a huge financial and operational potential for big data in the healthcare industry. The challenge today is, to clarify on a legal basis what will happen, if there is a fault concerning the "big data".

Hunter (2016:1103) provides another example, in which it is most important and imperative that the data buyer can trust in a well-defined quality of the data from the data broker. That is important not only with focus on the buyer of the data' own economic interest, but also in the interest of the treated patients. Everyone has to keep in mind that especially health and medical data are valuable resources not only for academic research, but also for the pharmaceutical industry and the medicament companies. Hunter (2016:1103) namely mentions the pharmaceutical company Pfizer, which is one of the worlds' largest pharmaceutical corporations. A famous and well-known product from Pfizer is "Zithromax", an antibiotic that is used for malaria and useful for the treatment of e.g. middle ear infections, pneumonia, etc. According to Berger, who is in charge of overseeing the analysis processes at Pfizer, Pfizer spends 12 million US$ per year to buy anonymised health data from data brokers like IMS Health and Symphony Health Solutions (Tanner 2016:Internet). The aim of such data purchases is to optimise the pharmaceutical research, development and the production as well.

It is however, in cases such as these that it should be noted that if data of a bad quality has been received with regards to the research, development and production of a new medicine it can have major economic as well as brand damages. For example, a company invests millions of US$ in developing a new medicine and then the investor has to recognise that there is no need for the new medication or it has no effect due to the initial data that was incorrect, which was bought from a data broker. Regardless of the economic effect of incorrect data this could also lead to health risks for the patients or a contra-indicated effect by using the pharmaceuticals together with other substances. This could have a huge impact on any pharmaceutical company and the industry as a whole. These are all scenarios of the implications, if there was a wrong database at the beginning of the developing process. Thus the questions are raised about the responsibility and liability for faulty data in the field of big health data sales.

Another example of the relevance of the quality of health and medical data next to the development of new medicine is in the field of automated or even autonomous driving. Especially with regards to this issue, the Federal Ministry of Education and Research of Germany is funding a research project called "KomfoPilot - Personalised and context-sensitive driving style modelling in automated driving", in which the professorship of Gesmann-Nuissl is also involved. The aim of the project is to estimate and improve the life of the driver in real-time during automated driving. In particular with the help of wearables, high precision gaze motion measurement and movement tracking different information about the condition of the driver which are recorded and analysed. Depending on the results: the driving style of the automated driving vehicle and the information obtained from the user as well will be individually adjusted and amended so that the life and the inner well-being of the driver can be improved. For example, if an automated driving car recognises discomfort for the passengers, it can do more gently and earlier braking processes in the future.

Collected health and medical data in the mentioned research project "KomfoPilot" are invaluable as well. Future "big data" analysers for example in the insurance industries for vehicles, producer of vehicles, in particular electronic devices, services of cars and other electronic equipment, could be highly interested in buying such data for similar if not even higher investments as mentioned in the medical case before to offer their services on an individual basis. Notably in the automated and autonomous driving sector, such data will be used to improve the situation of each driver in an individual way. If in the future the data of each driver will be generated and analysed in this way, it is the opinion of the author that "big) data" will guarantee not only in this sector a huge amount of profit, but will also aid in the demand for mass fabrication in batch sizes of one (Bacidore 2018:Internet).

Without big data analysis especially related to this specific project of collecting medical and health data of drivers it would not be possible to realise the vision in the automotive sector and especially regarding autonomous driving. Therefore, future big players in this field have to make investments to buy or generate this data and they have to ask themselves the research questions about the responsibility and liability regarding the quality of this data. Only good data quality of the autonomously collected and machine systematised health and medical data of the driver can affect the product of an automated or even autonomous driving vehicle profitably. Otherwise, the automobile manufacturers investing in buying such data will not get the desired benefits. They will lose their goodwill and will be faced with claims for damages, because of unfulfilled legitimate expectations of their customers.

 

3. CONTRACTUAL LIABILITY: DATA FAULTS IN CONTRACTUAL RELATIONSHIPS

With the growth of big data applications, autonomously collected and machine-systematised data are part of considerations in commercial contracts. There is already an international commercial trade with the asset "data"; of course, data can be subject to a traditional sale contract. It is questionable, if the CISG is applicable to them as well.

The UN-Convention applies to commercial contracts of sale of goods (Art. 1 (1) CISG). According to case law, "goods" of Art. 1 (1) CISG typically are items that are, at the moment of delivery, "movable and tangible" regardless of whether they are solid, used or new, inanimate or alive (Ferrari 2013:38; differentiated Magnus 2012:44). Nevertheless, data are an intangible "informal" good, (Voit 2018:26) so it could be problematic whether the sale of data falls within the scope of the CISG.

However, data are generally considered to be "goods" as defined in Art. 1 (1) CISG, if they are stored and made available on a data carrier; in this case, they are adequately embodied. In respect of this, data, which are delivered via a data carrier, are qualified as "movable and tangible" and the scope of the CISG would be opened. If no data medium exists, the application of the Convention would be denied (Magnus 2012:44).

This distinction is not practical, since with each data transfer, even from machine to machine or from cloud to buyer, a transport medium could be defined with which the data move tangibly from the sender (seller/broker) to the recipient (buyer).

Furthermore, everyone has to take note of the fact that the legal concept of a sale contract as an "exchange of tangible goods and services" has changed. In many legal systems, the provision of digital (intangible) content is already part of the purchasing law. For example, in Germany § 453 BGB (Civil Code) specifies, that the rules on the purchases of property apply to the purchases of rights and other objects (e.g. energy, know-how, etc.) in an appropriate manner. It may also be supported by an initiative of the European Union (EU), which is currently seeking full harmonisation of certain aspects concerning contracts for supply of digital content, taking as a base a high level of consumer protection. The Directive of the European Parliament and the Council on certain aspects concerning contracts for the supply of digital content, COM (2015) 634 final - 2015/0287(COD). Taking all of this into consideration and in view of Art. 7 CISG, which requests the Member States to take into consideration the interpretation of the UN-Convention to respect the international character of the UN-Convention and to promote a uniform trade and law, everyone has to treat the "data" as "goods" according to Art. 1(1) CISG. Despite a bit of confusion over sales of data in general, the Convention should not be interpreted to be overly hostile towards the sale of data. Rather the CISG should apply to the sale of data, regardless of embodied or not. Therefore, it would be inevitable that some of its provisions may have to be adapted, as data transactions also involve intellectual property transactions and may otherwise be qualified as mixed contracts, especially if the buyer of data merely acquires an access key or a license to use the data (Diedrich 1996:325).

 

4. CONTRACTUAL INFRINGEMENT: "POOR QUALITY OF DATA"

Art. 35 CISG outlines which requirements the seller has to meet in order to fulfil his delivery obligation in relation to conformity of the goods. The seller must deliver goods which are of the quantity, quality and description required by the contract and which are contained or packaged in the manner required by the contract (Art. 35 (1) CISG). Thus, it adopts a subjective standard, based on the promises or undertakings by the parties in connection with the specific transaction. With regards to Art. 36 (1) CISG the goods have to be faultless "at the time the risk passes to the buyer". If the seller fails to perform any of his obligations under the contract, the buyer may assert his rights under the CISG (Art. 36 (1), 45 ff., 74 ff. CISG), inter alia request for repair, and declare the contract void, declaration of price reduction or damages for breach of contract.

The linked key and research question is, whether a breach of contract can exist only because of the poor quality of the delivered goods, which is in the previously mentioned examples the "poor quality of the delivered data". In this context, the specific problem arises: Namely, what is good quality of data. However, data quality in general is not legally defined. Therefore, the parties have to define it in the context of their contractual agreement in order to trigger the desired legal consequences.

If there are no contractual quality agreements, the assumptions of Art. 35 (2) CISG apply, but they are not really tailored to digital content. According to this rule, the goods would have to be suitable for "normal use" (Art. 35 (2a) CISG) or have a quality which is "usual for goods of the same type" and may be expected as such by all buyers (Art 35 (2b) CISG). In detail: Art. 35 (2a) CISG requires the seller to deliver goods which are "fit for the purpose for which goods of the same description would ordinarily be used" and Art. 35 (2b) CISG requires the seller to deliver goods, which is fit for a particular purpose expressly or impliedly made known to the seller. Both do not fit with the digital content, which are usually - as shown in the examples - on the one hand very individually generated and on the other hand very individually used by the buyer (batch sizes of one).

In future this gap could be filled by case law, but also such judicially created criteria catalogues will become obsolete after a short time due to the technical development. In the opinion of the authors, therefore, "technical standards", which are created by private regulators (e.g. DIN, ISO); seem more suitable to concretise the mutual expectations. These standards would at least have the advantage that the adaptation to technical development would be granted on an ongoing basis (state of the art). Such an approach would be able to standardise information technology requirements in terms of functionality, interoperability and possibly other features such as accessibility, continuity and security.

As of today, such mentioned "preliminary work" of the jurisprudence or the standardisation organisation is still missing, but strongly recommended. Therefore, particular attention has to be spent on the design of the sales contract. The seller's performance and the expectation of the buyer must be therefore defined as explicitly as possible by contractual arrangements. In this way, the desired data quality is described in detail. It is important as well and has to be defined "when", "how" and "under which responsibility" the data are integrated into the digital environment of the buyer. The latter is relevant for passing the risk from the seller to the buyer as well as any possible contributory negligence of the buyer (Art. 77 (3) CISG).

 

5. LEGAL PRODUCT LIABILITY FOR DATA FAULTS

When referring back to the example mentioned previously related to the usage of data analysis to monitor patients for health reasons, it should be taken into account that the discussion about data faults in contractual relationship can only be a fruitful one, if there is a contractual relationship between the injured party and the violator. An example would be that of the health care example mentioned earlier. The contractual relationship of the use of smart watches and wearables to monitor patients would be between the hospital and the patient, there will be no contractual agreement between the patient and the "big data" provider who analysed the gained health data to foresee individual illnesses of the patient. In these specific cases it has to be taken into consideration where the legal liability lies if there was a fault in the initial data that was used as it could have serious financial as well as health risks involved. At the end this is not only a financial issue because of the costs regarding the treatment, it is a health issue as well, e.g. regarding possible unpleasant side effects of the medicine.

 

6. LEGAL PRODUCT LIABILITY IN THE EU - DIRECTIVE 85/374/EEC

In the EU the Council of the European Communities Directive 85/374/EEC of 25^th July 1985 is on the approximation of the laws, regulations and administrative provisions of the European Union Member States concerning liability of defective products and therefore also relevant to the discussion concerning liability for bad (big) data quality as product quality in the EU. This discussion based on past considerations of Kirchner (2017:753). According to this directive the producer shall be liable for damages caused by a defect in the product regardless if there was a fault of the producer or not. That means that the producer has to proof and demonstrate, that the data fault was unavoidable, even if actions were taken in due care. One inducement behind the Directive 85/374/EEC was the following, mentioned in the second recital of the directive:

"Whereas liability without fault on the part of the producer is the sole means of adequately solving the problem, peculiar to our age of increasing technicality, of a fair apportionment of the risks inherent in modern technological production."

At the end, the Directive 85/374/EEC could establish such a fair apportionment of the arising new risks without having to focus on special issues, even if the liability exists in the Business-to-Business (B2B) sector as well. For that you always have to keep in mind, that damages in the meaning of the Directive 85/374/EEC, which are to be replaced, means only damages caused by death or by personal injuries or damages to, or destructions of, any item of property other than the defective product itself, with a lower threshold of 500 European currency units (ECU), provided that the item of property is of a type ordinarily intended for private use or consumption, and was used by the injured person mainly for his own private use or consumption, see Art. 9 of Directive 85/374/EEC.

Without further investigations, readers could conclude that the Directive 85/374/EEC is exactly regulating the mentioned issues with regard to data faults as defective products. However, this would be too fast and not enough considered, because the Directive 85/374/EEC determines in Art. 1 that the producer shall be liable for damages caused by a defect in the product and product in the meaning of the Directive 85/374/EEC means according to Art. 2 of Directive 85/374/EEC only "all movables, with the exception of primary agricultural products and game, even though incorporated into another movable or into an immovable." Therefore, further investigations are recommended to exploit, whether data are movables in the meaning of the Directive 85/374/EEC or not.

 

7. EMBODIED DATA IN THE SCOPE OF DIRECTIVE 85/374/EEC

Therefore and for the first instance, data faults can only lead to a liability of the "big data" analyser according to the Directive 85/374/EEC, if the data fault is related to movables, or in other words if the authors are talking about embodied data (e.g. CD, DVD, disk, flash store, etc.), similar to the above mentioned initial situation concerning the CISG. Nevertheless, this result does not mean an ordinary liability for data faults; it focuses only on the well-known normal product liability because of defective movables, which provide wrong data.

For example, Germany had to transpose the Directive 85/374/EEC in national law as well as mentioned in Art. 288 of the Treaty on the Functioning of the European Union (TFEU). According to the second paragraph of Art. 288 TFEU, a directive shall be binding, as to the result to be achieved, upon each Member State to which it is addressed, but shall leave to the national authorities the choice of form and methods. Therefore, Germany had implemented the Directive 85/374/EEC in the Product Liability Law (PLL), (Ensthaler & FueBler & Gesmann-Nuissl 1997:19, 65; Gesmann-Nuissl & Ensthaler & Mueller 2012:13). Keeping this background in mind, the wording of § 2 PLL should not be surprising, because the PLL is only applicable if there is a product in the meaning of movables. Regardless of, it is recognised and not to be discussed further that even software with a data media can be movables in the meaning of the PLL (Beckmann & Mueller 1999a:14; Cahn 1996:2903; Hamdan & Guenes 2017:8; Rolland 1990:16; Spindler 1996:550; Taeger 1995:145). However, there was and is no clear decision concerning embodied data, but it makes no sense to differentiate between software and (big) data in that understanding. The conclusion can only be the use of the PLL with regard to embodied software and data as well.

 

8. UNEMBODIED DATA IN THE SCOPE OF DIRECTIVE 85/374/EEC

Difficulties are arising with regard to the questions if there is a legal liability for data faults, if there is no embodied data but a data fault. In these cases, the authors are talking about unembodied data, which are transferred by email, cloud services, oral or in another unembodied way.

If this would be the only interpretation according to the wording of the Directive 85/374/EEC, the authors had to conclude that there is no legal liability because unembodied data are not the same as movables. Movables in the authors understanding require a sensual perceptibility and delimitation in space or in other words corporeality (Fritzsche 2018:5). That is to say, if there is no related body for the data the authors cannot assume that this is still embodied data. The application of the Directive 85/374/EEC and of the PLL as well could not be approved, similar to the first comprehension in the scope of the CISG, where the authors have shown, that the industry needs data, which are "movable and tangible" in principle, for the application of the CISG.

Nevertheless, this cannot be the result in the discussion if there is a legal liability for data faults without embodied data. This discussion did not note that the Directive 85/374/EEC is an international directive, which was only implemented in different national legal systems. Therefore, everyone has to keep in mind that they have to interpret international law with regard to its international character and to the aim of uniformity in its application.

This also confirms Art. 7 (1) CISG, which says: In the interpretation of this Convention, with regards to its international character and for the need to promote uniformity in its application and the observance of good faith in international trade. The same result can be found in the recitals of the Directive 85/374/EEC in which you can read that at the present stage the harmonisation resulting from this directive cannot be total, but opens the way towards greater harmonisation. The authors would also like to refer to the second recital of the directive, which mentioned, that only a liability without fault on the part of the producer is the means of adequately solving the problem, particularly to our age of increasing technicality, of a fair apportionment of the risks inherent in modern technological production.

However, the mentioned risks does not only affect movables in the meaning of corporeal things, as you could see in the previously provided example concerning using smart watches and wearables to monitor patients. Broad discussions about autonomous cyber-physical systems, which are using big data for their operations, a liability regardless of a fault on the side of the producer of the data are not only important, it is a necessary requirement to trustily use such modern technologic in the industry and in daily life. (Beckmann & Mueller 1999b:18; Braeutigam & Klindt 2015:1139; Kilian 1972:114) Therefore, not only an interpretation at each national level is requested, so that each member state of the European Union can discuss the term movables. Requested is an independent international and identical interpretation to receive a full-harmonized legal framework regarding the liability of a producer at the end. (Taeger 1996:259; Wagner 2017a:9) support this with regard to the interpretation from the Commission of the European Communities in 1988. There was a written question No. 706/88 by Mr. Gijs de Vries (LDR-NL) if the EEC directive on product liability (Directive 85/374/EEC) does also cover computer software. The answer given by Lord Cockfield on behalf of the Commission was that according to Art. 2 of Directive 85/374/EEC "the Directive [consequently] applies to software in the same way, moreover, that it applies to handcraft and artistic products."

Finally, regarding the liability for data faults there can be no differences between embodied and unembodied computer software. Because if that would be the case, the injurer would have the possibility to decide which liability he or she would like to choose, the one which applies to unembodied or the one which applies to embodied computer software. A distinction in this direction makes no sense and is unjustifiable because there is no reason why the jurisprudence should distinct and therefore it cannot convince (Taeger 1996:262 with reference to Triaille 1993:219; Wagner 2017b:15). The same result applies for data, because computer software is no more or less than a combination of binary information or data (Andrees, Bitter, Buchmueller & Uecker 2014:106).

Summarised the authors can conclude, that if they interpret the international Directive 85/374/EEC with regard to its international character and to the aim of uniformity in its application to receive a fair apportionment of the risks inherent in modern technological production - data faults lead to a liability of the data producer with or without its fault regardless of whether embodied or unembodied data are affected. Movables in the context of the Directive 85/374/EEC mean un-/embodied data as well. In conclusion, in the European Union there is no need for other rules regarding data faults in which is no fault of the producer.

 

9. DATA FAULTS IN THE MEANING OF THE DIRECTIVE 85/374/EEC

In the interpretation of the Directive 85/374/EEC the question arises, in which cases the injured party can claim for damages, in other words if there were data faults when can the injured party claim damages. To answer this question one has to look at the definition when a product is defective in the meaning of Art. 6 of Directive 85/374/EEC. There the product or data fault is defined, that there is a defect when the product or in this study the data does not provide the safety which a person is entitled to expect, taking all circumstances into account, including the presentation of the product, the use for which it could reasonably be expected for to be used and the time when the product was put into circulation.

That means that the person who is in charge of the case has to examine in an objective way, which obligations the data producer has in the special case, in particular depending on the affected area, to make sure, that there is no more danger because of the produced and published data than necessary inter alia for people. (Hoeren 1989:143) However, this is not a new aspect in the discussion about defective products, because the discussion about the safety duties of a producer is already known and in the meaning of the Directive 85/374/EEC and the legal product liability there is and can be no other standard valid. Depending on the potential of the risk, you have to evaluate the quality requirements for the delivered date. (Ensthaler et al. 1997:67)

In the medical healthcare environment, it can be concluded that the quality of data must be of an extremely high quality. For European countries, there is proof for this statement in the new legal Regulation 2017/745/EU of the European Parliament and of the Council of 5^th April 2017 on medical devices as well. In this regulation, which will become effective on 26^th May 2020, you can see that medical devices in the meaning of the Regulation 2017/745/EU are more than instruments, apparatuses and so on, but also software. The producer of medical devices is also required to fulfil the obligations which are mentioned e.g. in Art. 10 of Regulation 2017/745/EU. According to Art. 10 (9) of Regulation 2017/745/EU the manufacturer shall for example establish a quality management system which shall cover all parts and elements of a manufacturers' organisation dealing with the quality of processes, procedures and devices. It shall furthermore govern the structure, responsibilities, procedures, processes and management resources required to implement the principles and actions necessary to achieve compliance with the provisions of this Regulation.

After taking all of the factors discussed into consideration the authors have concluded that indeed legal product liability is applicable for both embodied and unembodied data. However, in the evaluations of each case you have to carefully check if there is a data fault or not. Also concerning legal product liability there are no detailed legal checklists or legal guidelines for this examination, because it has to be an individual assessment of each case at the end. Within this, you have to evaluate, what the user can expect, in particular, depending on which risks will arise from the data. Therefore, for example, the expectations might be higher in the field of pharmaceutical productions with a high risk potential in comparison to the autonomous driving vehicles as mentioned at the beginning, but only then if you merely focus on the well-being of the driver without his life or his health being endangered. Regardless of each individual decision for these cases, which could for sure be different, you can see that all of these examples are very much open for interpretation and debate. Exactly that point is the up to date issue, which unfortunately arises from the necessary individual assessment of each case.

 

10. U.S. PRODUCT LIABILITY LAW

While the majority of states have a more or less uniform product liability law in Europe because of the Directive 85/374/EEC, in the United States of America exists no federal product liability law for all states. Therefore, as for many other legal regulations in the U.S., the requirements and the results with regard to the product liability are depending on the jurisdiction of the state in which the discussion concerning product liability arise, taking into account that only approximately twenty states in the U.S. have a codified product liability law. Regardless of this disunity, the key fact of the product liability in the U.S. is similar to the European approach: If any injuries occur because of a defective product, each person in the supply chain can be held responsible because of strict liability, negligence or because of a breach of agreed warranty of fitness. Even if normally, and therefore similar to the Directive 85/374/EEC, Product Liability in the U.S. is a strict liability mixed with elements of the negligence-approach. (Vihul 2014:9)

Therefore, it should be expected that in the U.S. product liability law are similar issues as already mentioned regarding contractual relationships and the product liability law in the European Union. To underline these challenges as global issues, in the following explanations the authors would like to focus on the existing common aspects in the product liability legislation in the United States, which other countries should take into consideration as well. Maybe due to these common rules could exactly be one of the reasons why the Department of Commerce of the United States decided to create a Model Law with regard to product liability, the so-called Uniform Products Liability Act (PLA). This new Model Law has updated the original Model Product Liability Act from 1995, which was implemented by the American Legislative Exchange Council (ALEC) and basis for several state law codifications concerning product liability. In particular, for that reason, it shall be the main emphasis of further comments.

If the jurisprudence is discussing a definition or the meaning of a term, then first of all everyone has to look at the law itself, whether there is a legal definition, which may be helpful to go on with further discussions and interpretations. In Sec. 2 (H) of PLA there is such a definition which defines product in the following way: "Product" means any object, substance, mixture, or raw material in a gaseous, liquid, or solid state, possessing intrinsic value which is capable of delivery either as an assembled whole or as a component part and is produced for introduction to trade or commerce. Therefore, the initial situation in the scope of the PLA is similar to the above-mentioned ones. Notwithstanding, even in the U.S. courts consider software as product concerning strict product liability. (Armour & Humphrey 1993:7) Finally, in a similar way to the European approach there should be no differences between software and data faults at the end, so that also in the U.S. a legal product liability approach for data faults is already established.

This result is also confirmed by the legal Restatement (Third) of Torts: Products Liability issued by The American Law Institute. In § 19 of the Restatement a product is in principle defined as tangible personal property, but even electricity can be a product, when the context of distribution and use is sufficiently analogous to the situation of tangible personal property. At the end, although it might not be convincing , why there should be any difference with regard to embodied or unembodied data, if in specific situations even electricity can be a product in the meaning of product liability in the U.S. In the opinion of the authors it was already confirmed by the California Court of Appeal in 1985 (Fluor Corp. v. Jeppesen & Co., 170 Cal. App. 3d 468, 216 Cal. Rptr. 68, 476) with regard to a plane crash because of an Adirondack Airport Approach Chart which was physically right, but showed incorrect defective information. Concerning this case, the court concluded, "although a sheet of paper might not be dangerous, per se, it would be difficult indeed to conceive of a saleable commodity with more inherent lethal potential than an aid to aircraft navigation that, contrary to its own design standards, fails to list the highest land mass immediately surrounding a landing site".

 

11. DATA FAULTS IN THE MEANING OF THE PLA

In conclusion, data faults can also in the U.S. lead to claims for damages concerning the Product Liability in the meaning of the PLA. Nevertheless, in addition to this above-mentioned topic, the authors have to ask again, what does a data fault mean or more in general a defective product with regard to the PLA. At the beginning of this investigation, everyone should focus on Sec. 4 of PLA. In this section, the model law defines the product liability standard or in other words the quality standard for products and therefore - as you have learned above for data as well. You have to distinguish by law between manufacturing defects, design defects, failures to warn and express warranties. Concerning data faults, the design defects would be in the opinion of the authors much more of interest compared to the other mentioned ones, because these are the defects, which in the majority influence e.g. further investment decisions or developments. Claims for damages because of an express warranty or because of an inadequate warning or instruction with respect to the danger and safe use of the delivered data are hard to imagine. Therefore, focus should lie on the design defects, because these defects are the main emphasis in the practical discussion. This is due to the fact, that data are inter alia unreasonably dangerous when they left to the control of the data manufacturer because data are defective in design. Trumpetter & Meinken (2016:567) discussed this affect under the headline "Monetary dangers of data quality errors".

That means that at a first instance, the manufacturer knew or, in light of then-existing scientific and technical knowledge, reasonably should have known of the danger that caused the claimants harm. Furthermore, there had to exist a technologically feasible and practical alternative design that would have reduced or avoided a foreseeable risk of harm without significantly impairing the usefulness or desirability of the product to the group of persons who are the intended users of the product. Compared to the regulations in the European Union the authors can therefore conclude, that in the U.S. there are two main issues to be examined. First, there has to be a danger because of the product. Secondly, there has to be an option for the manufacturer to reduce or avoid the foreseeable risk. At the end the jurisprudence is talking about the safety duties of the manufacturer as well, so that the person who is in charge of the data has to evaluate the quality requirements for the delivered data, depending on the potential of risk, which was caused in the data itself. A similar approach has been discussed regarding the application of strict products liability of defective software. (Weber 1992:484). An approach which is and should not only be common in the European Union and in the United States of America, because without this legal product or data liability you have no chance to solve all the issues, which arise in the nowadays digital age of increasing technicality. In addition, on the other side, "courts should trust in their ability to use the concept of duty to appropriately limit the scope of liability" (Reutiman 2012:203), only then you can have a fair apportionment of the risks inherent in modern big data applications.

 

12. CONCLUSION

First, the authors showed, that especially in the time of "Industry 4.0" it is necessary that everyone strengthen the focus towards data quality and the related questions about responsibility of data quality and consequences in cases of any data faults. This will be a not to be underestimated fact in the whole discussion about implementation of new techniques, e.g. in the medical health sector but in the automated or autonomous driving field as well, the fields specifically discussed in this article, but not limited to only these fields.

Regarding contractual liability the authors have shown, that the CISG is already applicable to the sale of data, irrespective of this data being embodied or unembodied. Nevertheless, there is not only in the contractual liability one issue still existing, the question about the definition of "quality of data". Of course, Art. 35 CISG provides a broad definition what exactly conformity of the delivered goods means. However, all the mentioned requirements do not fit in the digital age and in particular to the sale of data, because data are on the one hand very individually generated and on the other hand very individually used by the buyer. Therefore, the only conclusion in the scope of the CISG at this moment can be, that there is no exact definition of what is "usual" concerning data quality, so the seller's performance and the expectation of the buyer must be defined as explicitly as possible within contractual arrangements.

Furthermore, the authors have pointed out that in the field of legal product liability there are similar issues to be discussed as the authors already mentioned regarding the contractual liability. First at all also the Directive 85/374/EEC in principle requires movables to be applicable, but in this case as well the authors had to conclude, that in particular because of the international character and the aim of uniformity in application movables in the context of the Directive 85/374/EEC mean embodied or unembodied data, so that especially in the European Union there is no need to ask for other legal liability rules for data fault cases in which is no fault of the producer. Nevertheless, in the evaluations of each case you have to carefully check if there is a data fault or not. For that purpose you have to especially evaluate, what the user can expect, in particular depending what risks will arise. Expectations for example in the pharmaceutical sector with a high risk potential will be higher than in other sectors without a risk for life or health of the affected people.

The authors concluded that a similar situation was found in the United States of America, where they only focused on the Uniform Products Liability Act as basis for several state law codifications concerning product liability. Even in this legal product liability regulation the authors had to conclude, that data are products, not only because software are products as well, but also because the Restatement of the Law codified that even electricity can be a product, when the context of distribution and use is sufficiently analogous to the situation of tangible personal property. Further similarities in this discussion the authors found regarding the inspection whether there is a data fault in the meaning of the PLA. Even concerning this issue, the jurisprudence uses in the U.S. is a similar approach as in the European Union to examine which quality requirements for the delivered data exist, depending on the potential risks, which was caused within the data itself.

Therefore, the main emphasises in the future will not be a discussion about legal possibilities to ensure a certain data quality, even if there will arise new issues concerning responsibility in the digital age. However, at this moment regarding the issue of jurisprudence it cannot only rely on the CISG in contractual relationships, the global legal product liability laws are applicable as well. Instead of this, everyone will have to increasingly discuss how the industry can define data quality, so that even without separate contractual agreements everybody will know what is "normal" or "usual" in the meaning of data quality. In the opinion of the authors in the future, this issue can be clarified only at a first level by case law. At the end of this discussion only "technical standards" by private regulators can reliably and in an innovation-promoting manner close the nowadays existing gap in the context of liability for data faults.

 

REFERENCES

ANDREES M, BITTER T, BUCHMUELLER C & UECKER P. 2014. Information Liability - Information Quality, In Hoeren T. Big Data and Law. 1st ed. Munich: CH Beck. (pp 106.         [ Links ])

ARMOUR J & HUMPHREY WS. 1993. Software Product Liability. Technical Report. CMU/SEI-93-TR-13, ESC-TR-93-190 (8):7.         [ Links ]

BACIDORE M. 2018. Batch-size-of-one manufacturing and digitalization take center stage. [Internet:https://www.controldesign.com/articles/2018/batch-size-of-one-manufacturing-and-digitalization-take-center-stage/; downloaded on 07 February 2019.         [ Links ]]

BECKMANN K & MUELLER U. 1999a. Information submitted online: Products in the meaning of Product Liability Act? MultiMedia und Recht - MMR (1 ): 14-15.         [ Links ]

BECKMANN K & MUELLER U. 1999b. Information submitted online: Products in the meaning of Product Liability Act? MultiMedia und Recht - MMR (1 ): 18.         [ Links ]

BRAEUTIGAM P & KLINDT T. 2015. Industry 4.0, the Internet of Things and the law. Neue Juristische Wochenschrift - NJW (16):1139.         [ Links ]

CAHN A. 1996. Product liability for embodied intellectual achievements. Neue Juristische Wochenschrift - NJW (44):2903-2904.         [ Links ]

CALIFORNIA COURT OF APPEAL. 1985. Fluor Corp. v. Jeppesen & Co., 170 Cal. App. 3d 468, 216 Cal. Rptr. 68, 476.         [ Links ]

DIEDRICH F. 1996. Maintaining Uniformity in International Uniform Law via Autonomous Interpretation: Software Contracts and the CISG. 8 Pace International Law Review (303):325-332.         [ Links ]

ENSTHALER J & FUEBLER A & GESMANN-NUISSL D. 1997. Legal aspects of quality management. 1st ed. Berlin & Heidelberg: Springer. (pp 19, 67.         [ Links ])

FERRARI F. 2013. Article 1 CISG. In Schlechtriem P & Schwenzer I. Eds. Commentary on the Uniform UN Sales Convention (CISG). 6th ed. Munich: CH Beck. (Recital 38.         [ Links ])

FRITZSCHE J. 2018. § 90 BGB. In Bamberger G, Roth H, Hau W & Poseck R. Eds. Beck's online commentary BGB. 47th ed. Munich: CH Beck. (Recital 5.         [ Links ])

GESMANN-NUISSL D & ENSTHALER J & MUELLER S. 2012. Technology Law - Legal Basics of Technology Management. Berlin & Heidelberg. Springer Vieweg. (pp 13.         [ Links ])

HAMDAN M & GUENES M. 2017. § 2 ProdHaftG. In Ruessmann H. juris Practice Commentary BGB, vol. 2.3. 2nd ed. Saarbrucken: Juris. (Recital 8-9.         [ Links ])

HERNANDEZ D. 2014. Big data healthcare: The pros and cons of remote patient monitoring. [Internet:https://medcitynews.com/2014/03/big-data-healthcare-pros-cons-remote-patient-monitoring/; downloaded on 25 October 2018.         [ Links ]]

HOEREN T. 1989. Product liability for software - At the same time a critical response to Bauer. Produkthaftpflicht International - PHI (4):143.         [ Links ]

HUNTER P. 2016. The big health data sale. EMBO reports (17):1103-1104.         [ Links ]

KILIAN W. 1972. Strict Liability. In Goerlitz A. Hand lexicon of Jurisprudence. Vol. 1. Munich: Ehrenwirth. (pp 114.         [ Links ])

KIRCHNER G. 2017. Big Data Management: The liability of the Big Data user for data errors In Taeger J. Law 4.0 - Innovations from the law-scientific laboratories. 1st ed. Edewecht: OLWIR. (pp 753-759.         [ Links ])

MAGNUS U. 2012. Art. 1 CISG. In Staudinger JV. BGB. 16th ed. Berlin: Sellier - de Gruyter. (Rrecital 44.         [ Links ])

PARSLOW W. 2014. How big data could be used to predict a patient's future. [Internet:https://www.theguardian.com/healthcare-network/2014/jan/17/big-data-nhs-predict-illness; downloaded on 25 October 2018.         [ Links ]]

PLATFORM INDUSTRY 4.0. 2019. What is Industry 4.0. [Internet:https://www.plattform-i40.de/I40/Navigation/DE/Industrie40/WasIndustrie40/was-ist-industrie-40.html; downloaded on 07 February 2019.         [ Links ]]

REUTIMAN JL. 2012. Defective Information: Should Information Be a Product Subject to Products Liability Claims. Cornell. Journal of Law and Public Policy 22(1):203.         [ Links ]

ROLLAND W. 1990. Product Liability Law . 1st ed. Munich: Rehm, § 2. (Recital 16 ff.         [ Links ])

RUSSOM P. 2011. Big Data Analytics. TDWI Research 2011(4):6-8. (4th Quarter 2011.         [ Links ])

SPINDLER G. 1996. Tort law and international private law problems of the Internet, in: Zeitschrift für Urheber-und Medienrecht - ZUM 1996:550-551.         [ Links ]

TAEGER J. 1995. Non-contractual liability for defective computer programs. 1st ed. Tubingen: Mohr Siebeck. (pp 145-146.         [ Links ])

TAEGER J. 1996. Product and producer liability for damages caused by faulty computer programs. Computer und Recht - CR 1996:259-260.         [ Links ]

TANNER A. 2016. How Data Brokers Make Money Off Your Medical Records. [Internet:https://www.theguardian.com/healthcare-network/2014/jan/17/big-data-nhs-predict-illness; downloaded on 03 January 2018.         [ Links ]]

TRIAILLE J-P. 1993. The EEC Directive of July 25, 1985 on liability for defective products and its application to computer programs. Computer Law and Security Report - CLSR 1993 (5):219.         [ Links ]

TRUMPETTER J & MEINKEN N. 2016. Monetary dangers of data quality errors. Controlling - Magazine for successful corporate Management 2016:567-576.         [ Links ]

VIHUL L. 2014. The Liability of Software Manufacturers for defective Products. The Tallinn Papers 2014 (2):9.         [ Links ]

VOIT W. 2018. § 631 BGB. In Bamberger G & Roth H & Hau W & Poseck R. Eds. Beck's online commentary BGB. 47th ed. Munich: CH Beck. (Recital 26.         [ Links ])

WAGNER G. 2017a. Intro. ProdHaftG. In Habersack M. Munich Commentary on the Civil Code: BGB. Vol. 6: Law of Obligations - Special Part IV, §§ 705-853, Partnership Company Law, Product Liability Act. 7th ed. Munich: CHBeck. (Recital 9, 11.         [ Links ])

WAGNER G. 2017b. § 2 ProdHaftG. In Habersack M. Munich Commentary on the Civil Code: BGB. Vol. 6: Law of Obligations - Special Part IV, §§ 705-853, Partnership Company Law, Product Liability Act. 7th ed. Munich: CH Beck. (Recital 15.         [ Links ])

WEBER LA. 2012. Bad Bytes: The Application of Strict Products Liability to Computer Software. St. John's Law Review 66(2):484.         [ Links ]