Questions to Ask About Your Data Privacy Policy

AgGateway recently introduced its latest whitepaper on data privacy best practices for the agricultural industry. For those unfamiliar with AgGateway, it is a non-profit consortium of businesses serving the agriculture industry, with the mission “to promote, enable and expand eBusiness in agriculture.” AgGateway’s 200 members come from the crop protection, seed, grain, ag retail and other industries. AgGateway’s latest whitepaper provides not so much the “best practices” for ag technology providers, but a list of questions ag technology providers should ask when drafting their policies. These same questions are ones farmers should ask before clicking “I accept” the terms:

Here are a few of the questions AgGateway says farmers should consider before signing up, and ag tech providers should incorporate when drafting their policies. My brief comments follow each question:

Can data be anonymous if it includes geospatial information?  It is possible to do this. But ag tech providers should be careful to include enough aggregated data so that one farmer looking at anonymous aggregated data cannot reverse engineer the results to figure out whose data it is.

Should a farmer be allowed to have raw, aggregated, or anonymized data deleted? A farmer should be able to delete raw data, but once it is aggregated or anonymized it may be impossible to delete. Data can be like raindrops, once aggregated in a puddle or stream it may be impossible to delete.

Should contractual agreements have a time restriction or limitation on use when a contract expires or is terminated? Yes, as a general principle data agreements should expire unless renewed or extended, causing raw data to be deleted.

Should companies inform farmers about the purposes for which they collect and use farm data? Yes. This is a fundamental principle. Farmers should know how their data is being used by ag tech providers.

Should the data privacy and use policy guarantee that the recipient’s other contracts and obligations comply with the policy? This is an important principle. If a farmer uploads data to Company A, Company A should not be allowed to circumvent the privacy policies by transferring the data to Company B, which is not bound by the same obligations. Ag tech providers should require their subcontractors to abide by their policies.

Should farmers be made aware that disclosure of farm data may be required through subpoena or other court order? I have mixed feelings about this one because it is not the ag tech provider’s role to educate farmers on the workings of the legal system. Any information, stored anywhere in the United States, is subject to disclosure from a potential subpoena or court order. What is important here is that the ag tech provider promise to notify the data owner if it receives a subpoena for the data owner’s files. This gives the data owner a chance to intervene with the court that served the subpoena.

AgGateway’s questions are thought provoking and should be considered by ag tech providers who are drafting or revising their privacy policies. Farmers too, should use these questions when deciding which data sharing technology platform to engage.  I encourage you to read the entire whitepaper, as it includes many more questions than I have listed here.

Here is a link to finding the Whitepaper on AgGateway's website:  AgGateway Whitepaper.