Precision Agriculture: Guiding Principles to Help Agribusiness Innovators Protect Data Privacy While Developing Breakthrough Farm Management Tools
Is your company committed to privacy? Precision agriculture and cloud-based, smart technology tools are being adopted at a rapid pace on farms and thereby generating more and more producer data. Agribusiness innovators have new guidance from a consortium of industry leaders when it comes to protecting the privacy of producer data. Recently, the National Farmers Union, John Deere, DuPont Pioneer, Beck’s Hybrids, the American Farm Bureau Federation, and other critical players in the agricultural industry established the Privacy and Security Principles for Farm Data (the Principles).
The Principles aim to establish guidelines for Agriculture Technology Providers (each, an ATP) to use when building their own company principles, policies and practices related to the collection, use, and retention of producer data. The Principles are keenly crafted to mirror accepted and tested guidelines from across the privacy sector. For example, the Principles mandate concepts of
All of these concepts are found in the OECD Privacy Framework and the Generally Accepted Privacy Principles.
How to Implement the Principles in Your Agribusiness
Although the Principles are a step in the right direction for the agricultural industry, it is up to producers and ATPs to build these concepts into their contracts and company policies and procedures. That is, the Principles are guidelines, not requirements, and the agricultural industry will need to implement them in order to benefit from this great effort.
Implementing the Principles requires a top-down executive commitment to the organization which builds a culture of privacy and data security. It is not enough to agree on the Principles publicly only to discard the same in day-to-day practice. To truly be committed to the Principles, a company may want to consider establishing an over-arching information privacy and security program with consideration towards commonly used tools for implementation of the same, like Privacy by Design, a Privacy Impact Assessment process, Incident Management, a Risk Assessment Procedure, and the like.
Who Owns the Data?
In addition, a critical issue for producers is the concept of data ownership, and this is clearly reflected in the Principles’ concept of Data Ownership. Nevertheless, even if an ATP agrees that producers own this information (and implements contracts that say the same), producers should be careful to understand the license rights granted to ATPs when handing over such information. Even though a producer might own information that they give to an ATP, the license granted to the ATP may look, act, and feel like ownership.
This example from a photo-sharing service is directly on point to the implementation of the Principles’ concept of ownership because mere ownership may not tell the whole story. Producers may want to review license grants set forth in contracts and policies from ATPs before sharing information to make sure the license is limited solely to the use cases that the producer agrees upon. Similarly, ATPs should review their contracts and policies to make sure that the spirit of the Principles’ ownership concept is upheld and provides proper Notice and Choice to producers regarding license rights in shared information. Instagram arguably lost some consumer goodwill due to this backlash, and an ATP could quickly lose producer goodwill if caught in a similar issue.
Alternatively, ATPs who wish to obtain licenses that permit them to aggregate and use producer data should draft and implement policies that clearly define the scope of the desired usage and ensure producers understand and agree with the scope of usage. ATP policies and agreements should strive to ensure that the interests of both ATPs and producers are aligned and producers adequately understand and are in agreement with the licensed use of the producers data. Proper alignment of the interests of both ATPs and producers should result in tangible benefits to both parties and mitigate the risk of misunderstandings and disagreements over future data usage.
Offering Data Privacy as a Competitive Edge
Additionally, with data privacy being a key issue for producers, ATPs may want to consider using strong information privacy and security practices as a competitive edge against other ATPs who are less committed. For example, the startup social network ello is garnering excitement from its user community by promising an ad-free experience when all of its competitors make the bulk of their money through advertising revenue. ATPs can take a similar approach and highlight their commitment to the Principles as a marketing tool. If a producer is given the choice between an ATP with contract terms and policies that clearly match the Principles versus an ATP that has not considered these issues, the producer may be inclined to choose the privacy-focused ATP.
Information privacy and security are clearly important considerations to producers and ATPs. The agriculture industry has taken a great leap in demonstrating a commitment to quality practices in this area by establishing the Principles, and it is up to this industry as a whole to implement what has been agreed upon.
In 2014, the Fortune 1000 will spend roughly $2.4 billion on managing privacy, with an average of $76 per employee, or $204 per $1 million in revenue. If your organization has not taken a deep look into how the Principles will impact your business, consider reaching out to counsel and/or privacy professionals for assistance in getting started. If your organization has an established privacy program, you may also want to audit your program against the Principles to make sure it is up to date with what your customers expect.
This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader must consult with legal counsel to determine how laws or decisions discussed herein apply to the reader's specific circumstances.