Databases are more than simply a collection of data; they are an incredibly valuable commercial asset that can contribute greatly to your business’s success. If you hold valuable data, knowing your legal rights around database protection is essential.
In this article, our intellectual property solicitors explain what database rights are and why they are important to your business. They explain when a database is protected by database rights, when those rights might be infringed, and the steps you can take to address any infringement and protect these valuable assets.
If you’re a business owner or manager concerned about protecting your company’s databases, you’re in the right place. Our expert intellectual property solicitors can advise you on your rights, explain the protections available, and help you respond if your data is misused.
We'll be covering:
- What is the database right?
- Who can own database rights?
- What level of work or investment is needed to qualify for database rights?
- What are the practical steps you can take to protect your database?
- Can more than one person or company own the rights in a single database?
- Can database rights be assigned or licensed?
- How long do database rights last?
- Are UK database rights recognised outside the UK?
- What actions could infringe database rights?
- What are the consequences of infringing database rights?
- Summary
What is the database right?
The database right is a standalone intellectual property right subsisting in ‘a collection of independent works, data, or other materials which are arranged in a systematic or methodical way and are individually accessible by electronic or other means.’
This definition of a ‘database’ is fairly wide and can cover items such as:
- Intranets.
- Websites.
- Purchase order systems.
- Document management systems.
- Knowledge management systems.
- Customer lists.
- Mailing lists.
- Employee lists.
The database right arises automatically, provided the creator made a ‘substantial investment’ in obtaining, verifying, or presenting the contents of the database. It does not protect the information itself but rather its compilation. If a database is protected by the database right, third parties cannot extract or re-utilise its contents without the owner’s consent.
In addition to protection by the database right, a database or parts of it may be protected by copyright. Copyright can protect the creative aspects of a database, such as the selection or arrangement of its contents, provided it constitutes the author’s own intellectual creation. The information contained in the database may qualify for copyright protection in its own right. For example, where the database comprises photographs, each photograph may be protected as a copyright work.
Database software is expressly excluded from protection by the database right. Instead, the software code may be protected by copyright as a literary work.
If you want to understand the scope of copyright protection and how it applies to business assets, take a look at our detailed guide on copyright protection.
Who can own database rights?
Whoever makes the database owns the database right. ‘Making’ a database involves investing in obtaining, verifying, or presenting the information contained in it. If you commission a third-party contractor to create a database for your business, your business likely owns the database right, since you invested in its creation. Nevertheless, you should always put the issue beyond dispute by ensuring the contractor assigns all intellectual property rights to you. By contrast, unless there is an agreement to the contrary, any copyright that subsists in the database will be owned by the contractor in accordance with established principles of copyright ownership.
When an employee creates a database during the course of their employment, their employer owns both the database right and copyright in it.
What level of work or investment is needed to qualify for database rights?
The database right only subsists in a database if its maker expended a ‘substantial investment’ in obtaining, verifying, or presenting its contents. For these purposes, any type of investment may qualify, be it financial, human, or technical, and ‘substantial’ can relate to quality, quantity, or both.
The ‘investment’ required for the database right to subsist refers to the obtaining, verifying, or presenting existing information in the form of a database. It does not cover the creation of the underlying data. The upshot of this distinction is that businesses that create data cannot rely on the database right to protect a database containing it unless the business has made a further ‘substantial investment’ in the organisation and arrangement of the data into the database in which it is stored.
If you are unsure about the level of work required for a ‘substantial investment’ for the purposes of the database right, speak to us. Our intellectual property solicitors will advise on the steps you should take and the records you should keep to ensure you benefit from database right protection and have the evidence necessary to enforce your rights.
What are the practical steps you can take to protect your database?
Prevention is better than cure and taking proactive steps to protect your business’s databases can significantly reduce the risk of unauthorised access, theft, use, or destruction.
Depending on the nature of the databases you need to protect and the extent of your business’s resources, the types of steps you might consider taking include:
- Considering which intellectual property rights subsist in your databases and ensuring you own all relevant rights. If a database was created by a third-party contractor, you should ensure your contract with them effectively assigns all intellectual property rights to you.
- If your business creates the underlying data as well as the database, ensure you make a ‘substantial investment’ in the database’s organisation and arrangement, so you benefit from protection from the database right.
- Keeping detailed records of the investment you made in the creation of your databases.
- Limiting access to your databases to those who need it to fulfil their roles.
- Implementing effective password policies to ensure access is available only to those who need it.
- Periodically reviewing your access controls.
- Keeping track of third parties to whom you have granted a licence to use your databases to ensure they adhere to the terms of their licences.
- Placing appropriate intellectual property notices in prominent places. The notices should alert anyone viewing the database to the fact that it is protected by the database right and copyright.
- Updating your databases regularly. The database right generally lasts for 15 years from the end of the year in which it was made. If you subsequently update the database by making a further ‘substantial investment’ in it, the term of protection restarts. By regularly updating your database and keeping a record of those updates, you can potentially benefit from database right protection indefinitely.
Can more than one person or company own the rights in a single database?
Databases are frequently compiled by several individuals working together. Where they do so in the course of their employment, their employer owns the database right. Where they do it outside of their employment, they would own the database right jointly.
Can database rights be assigned or licensed?
Yes, databases can be assigned or licensed to third parties, and businesses can generate significant income from commercialising their databases.
A database can be sold in its own right or can form part of the assets to be sold in a business sale. Some databases, like marketing lists, are routinely licensed to third parties in return for a fee. If the database to be sold or licensed contains personal information, you must ascertain whether the database falls within the remit of the General Data Protection Regulation, more commonly known as GDPR. If it does, you must comply with the legislation.
The definition of ‘personal information’ under GDPR is wide and covers any information relating to an identified or identifiable living person, such as their name, address, or email address. Examples of databases that likely contain personal information include marketing databases, customer databases, and HR databases.
The GDPR covers the ‘processing’ of personal data. The collation of data for the purposes of a database almost certainly amounts to ‘processing’, so it would come within the scope of the legislation. The maker must comply with the relevant requirements when creating the database. For example, they must provide the data subject with specific information, including the name and contact details of the data controller, being the person or organisation who decided the purpose and manner for which the data would be processed. Anyone buying a database may want assurances that the seller complied with GDPR requirements before proceeding with the transaction.
Selling and licensing a database amounts to processing data under the GDPR, so in addition to the requirements relating to creating the database, the parties have legal obligations in relation to the transaction itself. For example, they must inform the data subjects that their personal data is being transferred. The buyer will generally only be able to use personal information from the database if the data subjects have agreed to their information being transferred.
Data protection legislation is complex, and the penalties for breaching it can be severe. Seeking legal advice on its potential impact on any proposed sale or licence of your database is advisable.
How long do database rights last?
The database right lasts for 15 years from the end of the year in which the database was made or, if it was published, 15 years from the end of the year in which it was made available to the public.
On the face of it, this period of protection appears significantly shorter than that afforded by copyright, which, for example, in the case of literary works, is 70 years following the author’s death. If you make further ‘substantial investment’ in the database by updating it, the 15-year term restarts. You can extend your protection indefinitely by regularly updating your databases.
Are UK database rights recognised outside the UK?
When the UK left the EU, reciprocal recognition for database rights between the UK and the EU ceased. UK databases created on or after 1st January 2021 are only protected by the database right here. Any databases created before that date continue to enjoy EU-wide protection.
What actions could infringe database rights?
Third parties infringe the database right by extracting or re-utilising all or a substantial part of a protected database. Either large parts or small but significant parts of a database can amount to a ‘substantial part’.
‘Extraction’ means the permanent or temporary transfer of all or a substantial part of a database to another medium by any means or in any form. ‘Re-utilisation’ means making the database contents available to the public by any means. Repeated and systematic extraction or re-utilisation of small parts of a database can amount to infringement.
In some cases, database misuse might also amount to copyright infringement, particularly if creative or original elements of the database are copied without permission. For more information on this topic read our guide to copyright infringement.
What are the consequences of infringing database rights?
The remedies available to a database owner whose rights have been infringed include:
An injunction
An injunction is a court order preventing any further infringing acts. Injunctions are powerful remedies and are often endorsed with a penal notice, meaning a breach may constitute contempt of court for which the infringer can be imprisoned.
Damages or an account of profits
Damages and an account of profits are financial remedies. The rights owner can elect whichever they prefer based on the circumstances of the case. If you elect an account of profits, the infringer must pay you the net profit they made from their infringing activities. If you opt for damages, the amount you receive will depend on the basis on which those damages are calculated. For example, if you routinely licence your database, your damages may be based on your standard licence fee.
It might be possible to claim additional damages in cases involving ‘flagrant’ infringement. Flagrancy requires deceit or a ‘couldn’t care less’ attitude and may be appropriate in cases where the infringement was deliberate and intended to enable the infringer to secure a financial advantage that exceeds the damages he would ordinarily have to pay.
Delivery up or seizure
Delivery up or seizure ensures that any copies of the database remaining in the infringer’s possession cannot be reused or put on the market.
Many database right claims are settled before they reach trial, through negotiations between the parties’ legal advisors. Our intellectual property solicitors are expert negotiators and will seek a settlement that ensures you receive all the relief you would be entitled to following trial, without you having to incur the expense of litigation.
Summary
The database right is a powerful right interpreted strictly by the courts. Databases are integral to your business’s commercial operations and, in turn, its success, so taking steps to enforce your rights against infringers is essential.
Our intellectual property solicitors have vast experience in intellectual property matters, including database right claims. They will take swift, decisive action to halt the infringement, prevent any ongoing harm to your business, and secure the relief to which you are entitled.