Who Really Owns Your Data? A Look at the Legal Debate on Data Ownership in South Africa

Who Really Owns Your Data? A Look at the Legal Debate on Data Ownership in South Africa

As data becomes increasingly central to digital service delivery, one legal question continues to stir debate: Can data be owned? While the law in South Africa has yet to provide a definitive answer, a recent decision by the Supreme Court of Appeal (SCA) has spotlighted the contractual and intellectual property risks that arise when data ownership and return obligations are poorly defined in agreements.

The case of Inzalo Enterprise Management Systems (Pty) Ltd v Chief Albert Luthuli Municipality (ZASCA 85, 11 June 2025) illustrates the growing tension between service providers and clients over who controls data when an agreement comes to an end.

Background: Technology Services and the Fight for Data Access

Inzalo, a private IT service provider, had entered into an agreement with the Chief Albert Luthuli Municipality to supply, install and manage an integrated financial and administrative software system. The contract covered critical functions such as revenue collection, payroll, treasury and project management, HR and asset control systems.

When the agreement was terminated, the Municipality demanded the return of all data files stored within the Inzalo EMS system. Inzalo resisted, prompting the Municipality to launch an urgent High Court application for access to its data.

The High Court sided with the Municipality, ordering Inzalo to hand over the requested data. Crucially, the court found that the Municipality was entitled to the data it had captured or processed through the system, and that Inzalo had no right to withhold it.

Appeal Court Takes a Closer Look: What Counts as “Municipality Data”?

On appeal, however, the Supreme Court of Appeal disagreed with the sweeping nature of the High Court’s order.

The SCA found that the order failed to distinguish between different categories of data. Some of the materials requested, such as software applications, configuration files, and full system backups, contained proprietary information belonging to Inzalo, including source code and intellectual property embedded in the designated software.

Importantly, the agreement explicitly confirmed Inzalo’s ownership of the intellectual property underlying the software, and did not give the Municipality any proprietary claim over those elements. The SCA concluded that the High Court’s order was overly broad and lacked the necessary factual distinctions to determine ownership.

As a result, the matter was referred back to the High Court for a detailed factual inquiry, including oral evidence, to clarify what specific data the Municipality is entitled to.

Lessons for Businesses: Define Data Ownership Clearly in Contracts

This case sends a clear message to both public and private sector entities in South Africa: data rights must be clearly defined in your contracts.

The SCA flagged two major drafting failures:

  • The agreement failed to define what constitutes “captured data”;
  • It lacked clear terms on how data should be returned or what form of data must be returned, when the contract ends.

Without detailed contractual language distinguishing operational data from proprietary software and backups, disputes over data ownership are inevitable.

Why This Matters: Data Ownership and Intellectual Property Rights

The issue here isn’t just about who owns files. It’s about the deeper question of intellectual property in software systems, cloud platforms, and data-driven tools. Without a clear separation between client data and vendor IP, service providers may inadvertently be forced to surrender protected materials. Conversely, clients may risk losing access to critical records needed to continue operations.

The case also raises broader concerns:

  • Is data a commodity that can be legally “owned”?
  • Does ownership change depending on how the data is stored or processed?
  • Can a service provider claim ownership over metadata, system logs, or full backups that contain intertwined proprietary and user data?

What Happens Next?

The High Court must now determine, through oral evidence, the precise nature of the data in dispute and whether the Municipality can lawfully claim a right to its return. Until then, the question of “who owns what data” remains unanswered in a definitive legal sense, but the Inzalo judgment provides a crucial roadmap for managing this uncertainty through clearer contractual drafting.

Takeaway for Legal and Tech Professionals
If your business provides or uses data management services, do not leave data ownership, access, and return protocols to assumption. Address the following in your contracts:

  • Define “data” and distinguish it from proprietary software or configurations.
  • Specify post-termination obligations around data return or transfer.
  • Clarify intellectual property rights in all system components and backups.

As data continues to fuel decision-making, compliance, and revenue, these legal questions are no longer theoretical, they’re operational risks.

Categories

Recent Posts
Social Media
Facebook
Twitter
WhatsApp
LinkedIn