Privacy and Security Principles for Farm Data

It has been nearly a year since American Farm Bureau Federation led a consortium of interested ag technology providers (ATPs) and industry stakeholders in an effort to bring some standards to the growing ag data field.  I thought it was worth taking another look at the result of these efforts, the Privacy and Security Principles for Farm Data.

Privacy and Security Principles for Farm Data

The recent evolution of precision agriculture and farm data is providing farmers with tools, which can help to increase productivity and profitability. 

As that technology continues to evolve, the undersigned organizations and companies believe the following data principles should be adopted by each Agriculture Technology Provider (ATP).

It is imperative that an ATP’s principles, policies and practices be consistent with each company’s contracts with farmers. The undersigned organizations are committed to ongoing engagement and dialogue regarding this rapidly developing technology.

Education: Grower education is valuable to ensure clarity between all parties and stakeholders. Grower organizations and industry should work to develop programs, which help to create educated customers who understand their rights and responsibilities. ATPs should strive to draft contracts using simple, easy to understand language. 

Ownership: We believe farmers own information generated on their farming operations. However, it is the responsibility of the farmer to agree upon data use and sharing with the other stakeholders with an economic interest, such as the tenant, landowner, cooperative, owner of the precision agriculture system hardware, and/or ATP etc. The farmer contracting with the ATP is responsible for ensuring that only the data they own or have permission to use is included in the account with the ATP.

Collection, Access and Control: An ATP’s collection, access and use of farm data should be granted only with the affirmative and explicit consent of the farmer. This will be by contract agreements, whether signed or digital.

Notice: Farmers must be notified that their data is being collected and about how the farm data will be disclosed and used. This notice must be provided in an easily located and readily accessible format. 

Transparency and Consistency: ATPs shall notify farmers about the purposes for which they collect and use farm data. They should provide information about how farmers can contact the ATP with any inquiries or complaints, the types of third parties to which they disclose the data and the choices the ATP offers for limiting its use and disclosure.

An ATP’s principles, policies and practices should be transparent and fully consistent with the terms and conditions in their legal contracts. An ATP will not change the customer’s contract without his or her agreement.

Choice: ATPs should explain the effects and abilities of a farmer’s decision to opt in, opt out or disable the availability of services and features offered by the ATP. If multiple options are offered, farmers should be able to choose some, all, or none of the options offered. ATPs should provide farmers with a clear understanding of what services and features may or may not be enabled when they make certain choices.

Portability: Within the context of the agreement and retention policy, farmers should be able to retrieve their data for storage or use in other systems, with the exception of the data that has been made anonymous or aggregated and is no longer specifically identifiable. Non-anonymized or non-aggregated data should be easy for farmers to receive their data back at their discretion.

Terms and Definitions: Farmers should know with whom they are contracting if the ATP contract involves sharing with third parties, partners, business partners, ATP partners, or affiliates. ATPs should clearly explain the following definitions in a consistent manner in all of their respective agreements: (1) farm data; (2) third party; (3) partner; (4) business partner; (5) ATP partners; (6) affiliate; (7) data account holder; (8) original customer data. If these definitions are not used, ATPs should define each alternative term in the contract and privacy policy. ATPs should strive to use clear language for their terms, conditions and agreements. 

Disclosure, Use and Sale Limitation: 

An ATP will not sell and/or disclose non-aggregated farm data to a third party without first securing a legally binding commitment to be bound by the same terms and conditions as the ATP has with the farmer. Farmers must be notified if such a sale is going to take place and have the option to opt out or have their data removed prior to that sale. An ATP will not share or disclose original farm data with a third party in any manner that is inconsistent with the contract with the farmer. If the agreement with the third party is not the same as the agreement with the ATP, farmers must be presented with the third party’s terms for agreement or rejection.

Data Retention and Availability: Each ATP should provide for the removal, secure destruction and return of original farm data from the farmer’s account upon the request of the farmer or after a pre-agreed period of time. The ATP should include a requirement that farmers have access to the data that an ATP holds during that data retention period. ATPs should document personally identifiable data retention and availability policies and disposal procedures, and specify requirements of data under policies and procedures.

Contract Termination: Farmers should be allowed to discontinue a service or halt the collection of data at any time subject to appropriate ongoing obligations. Procedures for termination of services should be clearly defined in the contract.

Unlawful or Anti-Competitive Activities: ATPs should not use the data for unlawful or anti-competitive activities, such as a prohibition on the use of farm data by the ATP to speculate in commodity markets. 

Liability & Security Safeguards: The ATP should clearly define terms of liability. Farm data should be protected with reasonable security safeguards against risks such as loss or unauthorized access, destruction, use, modification or disclosure. Polices for notification and response in the event of a breach should be established.

The undersigned organizations for the Privacy and Security Principles of Farm Data as of November 13, 2014.

1 Comment