Two years ago, when the Ag Data Transparent effort began, I predicted that most ag tech platforms would build out "ag data use policies" to address issues of privacy, security, and sharing that surround ag data. These agreements are far easier to understand than other forms of contracts lawyers like to use for ag data platforms, such as terms of service, privacy policies, or license agreements. However, today, many companies have yet to establish data use policies, Therefore, here is my step-by-step guide to creating an ag data use policy.
Before drafting a data use policy, however, the company leaders should sit down and determine their guiding principles for collecting, storing, and using ag data. I previously wrote about how to undertake this exercise: Guiding Principles.
With the guiding principles in hand, the first step in drafting a data use policy is to identify the the types of ag data the company collects. It is amazing how many companies do not understand that this is key to building a contract for data collection. If you do not define what data you collect, the rest of the agreement is mostly worthless, since no one knows to what information the contract applies. (Ag Data Transparent and AgGateway have both published ag data categories that can help on this point).
Second, the policy should explain the ownership rights in the collected data. Most companies like to say "the farmer owns their data" in their marketing materials, but they need to put this statement in their data use policy to make it count. Once ownership is established, then rights can be granted in that data to both the provider and third-party integrations, if allowed by the owner.
Step three involves defining transfer, sharing, and access rights to the data that has been collected. My approach when drafting is to break this section of a policy in sub-categories to explain what rights each category of person has to access and use ag data. For example, trusted advisors might have access to view and edit data, while landlords might only have access to view data.
Fourth, the data use policy should explain what happens to ag data upon termination of the user's account. The end of the contract creates a number of issues: (a) can the user delete their data; (b) do aggregated datasets remain with the provider; and (c) how long must the provider retain the data on their servers before they can also delete.
Fifth, the policy should explain the complications that arise with integrations. What rights do third-party integrated service providers have in the ag data? Does the farmer have the right to consent to sharing data with integrated providers?
Sixth, the policy should address what happens if there is a data breach. When and how will the provider notify the user if an unfortunate event arises that compromises data?
Finally, there are number of traditional legal terms that should also be incorporated into data use policies, including choice of law, indemnity, warranties, and notice provides. This is not an exhaustive list, but it is a start.
These steps may seem like a lot of work, but the result, if done correctly, is a contract that is simple and easy for a farmer to understand. Too many ag tech providers view online agreements solely as a way to protect the company instead of what they should be--a tool to communicate the agreement between the farmer and the tech provider. More companies should spend the time and energy to create ag data use policies.