Legal protection of databases

Data is the new currency in our contemporary digital era and as such it plays a vital role for the success of every business enterprise. Accordingly, databases are a key infrastructure component of the fast-growing digital economy. They are an important tool that could allow a business to harness and utilize the power of data at scale and with great speed. At the same time, the topic of the legal protection of databases is often overlooked.

The protection of databases within the EU is regulated by Directive 96/9/EC on the legal protection of databases (the Directive, Database Directive). The Directive was adopted by the EU legislator back in 1996 with 3 main goals in mind – i) to harmonise the legal protection of databases, ii) to stimulate investment in databases and thus foster the competitiveness of the European digital industry and iii) to safeguard the balance between the rights and interests of database producers and users. Article 1(2) of the Directive defines the term “database” as a collection of independent works, data or other materials arranged in a systematic or methodical way and individually accessible by electronic or other means. Recital 17 further clarifies that recordings and audiovisual, cinematographic, literary or musical work as such do not fall within the scope of the Directive. Further, it is established by recital 23 that the term ‘database’ does not cover computer programs which are used in the making of a database or the operation of a database. Additionally, it should be mentioned that the Directive applies both to electronic and non-electronic databases.

In general, there are four modes of protection that can be applied for a database – i) copyright protection, ii) “sui generis” right established by the Directive, iii) protection through contractual terms and iv) protection through technological measures. The focus of the analysis below would be on copyright protection and the “sui generis” right introduced by the EU legislator.

The copyright regime is laid out in Chapter II of the Database Directive. It must be noted that the copyright protection of a database does not extend to the contents of the database and is also without prejudice to any rights subsisting in those contents. Therefore, copyright in a database only protects the structure of the database and not its content. The only requirement for obtaining copyright protection for the structure of a database is for it to be original. Due to the utilitarian nature of databases such originality might be difficult to achieve but certainly not impossible. In general, originality can be accomplished through the actions of the author that are related to the selection of the content or the arrangement of the content.

The Court of Justice of the European Union (CJEU, the Court) provides valuable guidance as to the exact substantive meaning of the “originality” criterion for databases in its judgment in Case C-604/10 – Football Dataco Ltd and Others v Yahoo! UK Ltd and Others.  The CJEU clarifies that the concepts of ‘selection’ and ‘arrangement’ within the meaning of Article 3(1) of Directive 96/9 refer to the selection and the arrangement of data, through which the author of the database gives the database its structure. When it comes to the setting up of a database, the criterion of originality will be satisfied when, through the selection or arrangement of the data which it contains, its author expresses his creative ability in an original manner by making free and creative choices and thus stamps his ‘personal touch’. On the other hand, that criterion will not be satisfied when the setting up of the database is dictated by technical considerations, rules or constraints which leave no room for creative freedom. It is important to mention that the fact that the setting up of a database has required significant labor and skill of its author cannot as such justify the protection of it by copyright under Directive 96/9, if that labor and skill do not express any originality in the selection or arrangement of that data. This position of the CJEU is a rejection of the “sweat of the brow” copyright doctrine (this doctrine, which originated from common law jurisdictions, justifies the granting of rights to the author of a work as a reward for his efforts and diligence in creating the work, irrespective of creativity or originality). Thus, the Court concludes that first, the intellectual effort and skill of creating the data are not relevant in order to assess the eligibility of the database for copyright protection and second, the significant labor and skill required for setting up a database cannot as such justify copyright protection if they do not express any originality in the selection or arrangement of the data which that database contains.

The author of a database which is original in terms of its structure, and thus protected by copyright, will enjoy the following exclusive rights in view of the protected expression (i.e. the database structure):

  • carry out or authorize the temporary or permanent reproduction by any means and in any form, in whole or in part
  • carry out or authorize the translation, adaptation, arrangement and any other alteration
  • carry out or authorize any form of distribution to the public of the database or its copies (the text of the Directive clarifies that the first sale in the Community of a copy of the database by the rightholder or with his consent shall exhaust the right to control resale of that copy within the Community)
  • carry out or authorize any communication, display or public performance
  • carry out or authorize any reproduction, distribution, communication, display or performance to the public of the altered database

Article 6 of the Database Directive lays down the exceptions and the limitations applicable to the above exclusive rights of the author of a database. First, there is a mandatory exception stipulating that the performance of the above exclusive acts by a lawful user of a database which is necessary for the purposes of access to the contents of a database and normal use of its contents does not require the authorization of the author. Second, there are optional limitations that Member States could enact in their national legislation and thus limit the exclusive rights of the author of a database in the following scenarios:

  • in the case of reproduction for private purposes of a non-electronic database
  • where there is use for the sole purpose of illustration for teaching or scientific research, as long as the source is indicated and to the extent justified by the non-commercial purpose to be achieved
  • where there is use for the purposes of public security of for the purposes of an administrative or judicial procedure
  • where other exceptions to copyright which are traditionally authorized under national law are involved

In its Chapter III the Database Directive establishes a new “sui generis” form of protection for the contents of a database. This “sui generis” right is to be granted to the maker of a database who has made a substantial investment in the obtaining, verification or presentation of the contents of the database. The Directive defines the maker of a database as the person who takes the initiative and the risk of investing and it clarifies that any potential subcontractors are excluded from that definition. In a way, the “sui generis” right is similar to and may have been influenced by the “catalogue rule” which existed in some Nordic countries in the past. This “catalogue rule” provided protection against unauthorized reproduction for the producer of a catalogue, a table or another similar production in which a large number of information items have been compiled (Article 49 of the Swedish Copyright Act of 1960). The protection under the “catalogue rule” applied for a term of 10 years from the year when the collection was published.

When devising the “sui generis” right, the EU legislator was driven by the fact that the heightened use of digital recording technology creates significant risks for database makers that the contents of their databases may be easily copied and rearranged by electronic means, without authorization, so that a database of identical content would be produced which, at the same time, does not infringe any copyright in the arrangement of the contents (i.e. the structure). The clear aim of the Database Directive is to protect the position of makers of databases against misappropriation of the results of their financial and professional investment which is made for the obtaining and collection of the contents of a database. As per the meaning instilled in the Directive, investments are not seen only in financial terms but also in the expending of time, effort and energy.

The effect of the “sui generis” right is that the rightholder is provided with a tool that empowers her to prevent the extraction and/or the re-utilization of the whole or a substantial part, evaluated qualitatively and/or quantitatively, of the contents of a database. The Directive defines “extraction” as the permanent or temporary transfer of all or a substantial part of the contents of a database to another medium by any means. In turn, “re-utilization” is defined as any form of making available to the public all or a substantial part of the contents of a database by the distribution of copies, by renting, by on-line transmission or other forms of transmission. The scope of the “sui generis” right expands further by preventing also the extraction and/or re-utilization of also insubstantial parts of the contents of a database under certain pre-defined conditions and when this is done systematically. In this sense, Article 7(5) of the Directive postulates that the repeated and systematic extraction and/or re-utilization of insubstantial parts of the contents of a database which imply acts that are conflicting with the normal exploitation of that database or which unreasonably prejudice the legitimate interests of the maker of the database shall not be permitted by Member States.

The “sui generis” right can be transferred, assigned and also be the subject of a licensing agreement. It applies irrespective of the eligibility of the database for copyright protection and also irrespective of the eligibility of the contents of the database for copyright protection. Protection of a database under this right is also without prejudice to the rights that exist with regards the contents of the database. The term of protection for the “sui generis” right runs from the date of completion of the making of the database and expires 15 years from the 1st of January of the year following the date of completion. However, if the database was made available to the public prior to the expiry of the above period, then the term of protection shall expire 15 years from the 1st of January of the year following the date when the database was first made available to the public. It is interesting to note the position in Article 10(3) of the Directive which could potentially create a situation of a perpetual “sui generis” right. In this sense, paragraph 3 reads that any substantial change (from a qualitative or quantitative perspective) to the contents of a database, which would result in the database being considered to be a substantial new investment, evaluated qualitatively or quantitatively, shall qualify the database resulting from that investment for its own term of protection – i.e. there will be an extension with another 15 years for the amended database.

When a database is made available to the public, the maker of that database cannot prevent the lawful users from extracting and/or re-utilizing insubstantial parts of its contents. Any contractual provisions that contradict with this principle would be null and void. In turn, when it comes to the actions of the lawful users of a database, they are under a general obligation not to perform acts which conflict with normal exploitation of the database or unreasonably prejudice the legitimate interests of the maker of the database.

Article 9 of the Database Directive stipulates certain optional exceptions to the “sui generis” right which Member States could enact. In this sense, Member States are entitled to allow lawful users to extract or re-utilize a substantial part of the contents of a database, without the authorization of the maker of the database, in the following scenarios:

  • in the case of extraction for private purposes of the contents of a non-electronic database;
  • in the case of extraction for the purposes of illustration for teaching or scientific research, as long as the source is indicated and to the extent justified by the non-commercial purpose to be achieved
  • in the case of extraction and/or re-utilization for the purposes of public security or an administrative or judicial procedure

One last point to be made is that case law excludes investments in data creation from the scope of the “sui generis” right. In this sense, the CJEU postulates in its judgment in Case C-203/02 (The British Horseracing Board Ltd and Others v William Hill Organization Ltd), that the expression “investment in … the obtaining … of the contents” of a database in Article 7(1) of the Database Directive must be understood to refer to the resources being used to seek out existing independent materials and collect them in a database. Therefore, it does not cover the resources used for the creation of materials which make up the contents of a database. The CJEU further points out that  the purpose of the protection by the “sui generis” right is to promote the establishment of storage and processing systems for existing information and not the creation of materials capable of being collected subsequently in a database. The Court takes the same position also in its judgment in Case C-444/02 (Fixtures Marketing Ltd v Organismos prognostikon agonon podosfairou AE (OPAP). One consequence of this stance is that the “sui generis” right will not apply to databases that are generated by way of contemporary smart technologies and sensors, such as Internet of Things (IoT) devices or AI tools. This is so because the generation of such databases is deeply interlinked with the mere creation of their content. The effect of the CJEU conclusions would be that spin-off databases (databases which are by-products of main activities where the main activity effectively generates the data) will not be protected under the “sui generis” right. Thus, most machine-generated data will remain out of the scope of the “sui generis” right, to the extent it is created rather than collected. This situation could very well change in the near future as the European Commission announced in its Action Plan on IP that it will come forward with an initiative to revise the Database Directive. It is very likely that this review will be under the aims of promoting access and sharing of machine generated data and data generated in the context of the Internet of Things ecosystem.