MODELS AND METHODS IN MODERN SCIENCE
International scientific-online conference
36
PROTECTION OF BIG DATA THROUGH CONTRACTUAL
CONSTRUCTS (SEPARATE TYPES OF OBLIGATIONS)
Tojiboev Sarvar Zafarovich
Tashkent State University of Law
Lecturer of the Department of Civil Law
https://doi.org/10.5281/zenodo.15707096
Today, Big Data technologies are widely used in various fields, including
medicine, finance, industry, education, and public administration. With the help
of these technologies, large amounts of data are analyzed, and decision-making
processes are carried out effectively. However, when working with Big Data,
ensuring data security, confidentiality, and integrity remains a pressing issue.
Systems storing large amounts of data are at risk of cyberattacks and
possible information leaks by internal staff. In this case, ensuring the
confidentiality of information is recognized as the main issue. Also, storing data
correctly and unchanged can lead to incorrect decision-making due to data
corruption or manipulation. In such cases, the contractual approach to data
protection is one of the most effective methods.
With the development of modern technologies, the concept of Big Data has
reached a completely new level. The analysis of large volumes of data opened up
new opportunities for enterprises, research centers, and government agencies.
At the same time, issues of confidentiality and legal protection of information
are becoming increasingly relevant. In particular, Non-disclosure agreement
(NDA) There are serious debates among scientists and experts about how it
works in the Big Data environment.
The development of Big Data technologies allows companies and research
centers to develop business strategies using large amounts of information. At the
same time, the confidentiality of personal data is becoming an increasingly
important issue.
NDAs are often created to prevent the disclosure of confidential
information to third parties. But since Big Data is constantly being updated and
developed, there are ongoing debates about how to protect this data. For
example, the effectiveness of data anonymization and encryption methods is still
questionable.
Some scientists believe that strict restrictions on information protection
can slow down innovation. For example, if large amounts of data are unusable
due to NDA, significant research in the fields of medicine or artificial intelligence
may be delayed.
MODELS AND METHODS IN MODERN SCIENCE
International scientific-online conference
37
Other researchers believe that the spread of personal data increases the
risk of cybersecurity. For example, laws such as GDPR (General Data Protection
Regulation) are aimed at strengthening information protection in the European
Union. The NDA serves as an important tool for protecting the interests of a
company or individual.
A. Tojiboev emphasizes that this agreement is widely used in the activities
of startups and notes that the Non-disclosure agreement (NDA) is widespread
among the owner of the startup and the investor.
Considering the views of these scholars, in our opinion, the subject of the
NDA agreement should be precisely
the implementation of necessary measures to
prevent the dissemination or non-dissemination of any personal, commercial, or
other information.
It is noted that all existing subjects of civil law participate as
parties to the contract. In general, this agreement defines the obligations of the
parties not to disclose information. Companies reduce the risk of data leakage by
signing this document before sharing their data with third parties.
Big Data and Artificial Intelligence (AI) are closely interconnected. Training
AI models requires a large amount of data. However, due to NDA, access to some
data may be limited, which can affect the quality and accuracy of analyses. For
example, in the field of medicine, real patient data is necessary for the
effectiveness of AI models, but their confidentiality is required.
Big Data technologies allow organizations to collect, store, and analyze vast
amounts of data. However, these processes raise important legal issues
regarding ensuring the confidentiality and security of personal data. In this
regard,
Data Processing Agreement (Data Processing Agreement - DPA)
is of
significant importance.
According to the analysis provided by WilmerHale, the DPA agreement is
crucial for understanding and evaluating legal issues related to big data.
An article published in the Stanford Law Review highlighted the importance
of the DPA agreement in managing and protecting personal data. The
Washington University Open Scholarship also discussed the role of the DPA
agreement to ensure confidentiality in the big data era
1
.
According to the provisions of the GDPR, the DPA agreement defines the
rights and obligations of the parties to protect personal data.
A DPA agreement is an agreement that defines the rights and obligations of
the parties in the process of processing personal data, concluded between the
owner (owner) of the information as a controller and the information processor.
MODELS AND METHODS IN MODERN SCIENCE
International scientific-online conference
38
This agreement is necessary to ensure the legal and safe processing of personal
data
2
.
Big data technologies require the processing of large volumes of personal
data, which makes issues of confidentiality and security even more relevant. As
parties to the DPA agreement, we can see that large giant corporations in the
field of ICT usually act as data processors. In general, today in our country,
organizations operating in the public and private sectors are considered parties
to this agreement. For example, in the field of mobile communications (Beeline,
Mobiuz, Ucell), in the field of the Internet (Uztelecom), and the Single Portal of
Interactive Public Services of the Republic of Uzbekistan (Digital Government
Project Management Center) my.gov.uz are information processors in
accordance with the DPA agreement.
In our opinion, the DPA agreement is an important legal tool for ensuring
the protection of personal data in the big data process. The DPA clearly defines
the rights and obligations of the parties and ensures the safe and legitimate
processing of personal data.
The development of the digital economy and Big Data technologies
increased the need for service level agreements (SLA)
. The SLA Agreement is
a legal document that defines the conditions for the provision of services based
on Big Data, the content of which determines the quality of service, the limits of
liability, and the rights and obligations of the parties.
Scientists note that the SLA agreement plays an important role in Big Data
relations not only in terms of service quality, but also in terms of data
confidentiality and protection. These contracts serve as a legal basis between
service providers and users.
The subject of the SLA agreement must clearly define the level of service
provision, confidentiality and security of information, responsibility and dispute
resolution, as well as the boundaries of responsibility between the service
provider and the client. In our view, this agreement can be manifested through
collaboration with service and intellectual property agreements (license
agreement, copyright agreement, etc.) in our national legislation. Only a natural
question arises about which institution's rules or methods are applied for
liability for non-performance of obligations in this area.
If we define the SLA as a service agreement, in addition to the general
provisions on the obligation, special provisions may apply. In particular,
according to the rules for the provision of services, if the service provider
MODELS AND METHODS IN MODERN SCIENCE
International scientific-online conference
39
(contractor) does not fulfill the contract for the provision of paid services in full
or to the proper extent, he is obliged to fully compensate the customer for the
damage caused, but not more than twice the cost of the services specified in the
contract. If this is done by business entities, enhanced civil liability is provided.
These provisions are reflected in Article 706 of the Civil Code.
3
.
If it is deemed necessary to apply the rules for the protection of intellectual
property for the SLA agreement, the seizure of the objects by means of which the
exclusive rights established by Article 1040 of the Civil Code were violated, as
well as the material objects created as a result of such violation, can also be
carried out by mandatory publication of information about the fact of the seizure
or destruction and the inclusion in it of information about the ownership of the
violated right. The main point for this is the reflection of the exclusive right to
the data or database that is the subject of the SLA agreement
4
.
In general, according to the doctrine of contract law, the parties may
conclude a mixed contract, which contains elements of various contracts. The
rules on contracts constituting its components apply to the relations of the
parties under such a contract. These provisions are reflected in Article 354 of
the Civil Code.
In our opinion, it is advisable to apply the rules for the protection of
intellectual property in both the provision of services and the SLA agreement.
Based on the principle of freedom of contract formation, the parties are
allowed to conclude contracts not provided for by law. This rule is enshrined in
Article 354 of the Civil Code. Thus, contracts such as NDA, DPA, and SLA are also
considered a separate type of obligation, and the parties may conclude such
contracts on the basis of information relations.
However, NDA, DPA, and SLA agreements (hereinafter - agreements in the
information sphere), their content, or related provisions, are not yet
encountered in either information legislation or civil legislation. In this case, it is
advisable to include in the draft of the Information Code of the Republic of
Uzbekistan provisions related to such a contract, liability arising from it, and
their protection.
Moreover, in accordance with the doctrine of civil legislation, civil liability
for breach of obligations consists in assigning to the debtor who failed to fulfill
the obligation the obligation to pay damages, penalties in favor of the creditor.
Consequently, in accordance with the general doctrine, it can be concluded
that if the parties fail to fulfill or duly comply with the obligations stipulated in
MODELS AND METHODS IN MODERN SCIENCE
International scientific-online conference
40
the agreements in the field of information, the other party is obligated to
compensate for damages and penalties.
