Businesses typically spend a lot of time and money in the creation of databases, so it’s important to know if, when and how your databases can be protected by intellectual property rights. In this article our intellectual property solicitors explain the basics of intellectual property and other protection available to database owners.
We'll be covering:
- What is the law on database protection?
- What was the effect of Brexit?
- Database right in a nutshell
- Database right and copyright
- The right sort of investment
- How long does database right last?
- What does database right enable you to do?
- A ‘substantial part’ of a database
- Authorship and ownership of a database
- Limitations and exceptions to database rights
- Technical protection
- Which right applies – copyright or database rights?
- Practical steps you can take to protect your database
- Summary
What is the law on database protection?
Database right is based on the European Community Directive 96/9 on the legal protection of databases. This was implemented in the UK by the Copyright and Rights in Databases Regulations 1997, which remain in force as ‘retained EU law’ albeit with amendments following the UK’s departure from the EU.
The directive was originally created to address a particular problem, copyright protection for databases was uneven because the level of originality required by the law varied greatly. UK (and Irish) copyright law required little more than that the database not be copied from an earlier one: at the other extreme, Dutch law limited copyright protection to works that have their own original character with the personal imprint of the author – a very high standard for a database. The approach of the directive was two-fold: it harmonised the originality requirement, then introduced a tailor-made (or sui generis) new form of protection for what were becoming valuable assets, which UK law calls ‘database right’.
What was the effect of Brexit?
Under the Withdrawal Agreement, as of 1 January 2021, existing rights in the UK in databases were preserved but UK database owners lost the protection they had previously enjoyed under the laws of EEA Member States. New databases made by UK citizens, residents, and businesses are no longer eligible for protection in the remaining EEA Member States and new databases made by EEA citizens, residents, and businesses are not protected in the UK.
The amendments to the Regulations created a UK-only database right, effective from 1 January 2021. This is identical with the EU’s sui generis right except that it is available only to UK citizens, residents, and businesses, and gives protection only in the UK. In the EEA, new UK databases will have to be expressly protected via licensing agreements, by contract such as website terms and conditions, or by technological methods such as encryption. Copyright protection for original databases is not affected.
Database right in a nutshell
Database right is quite easily summarised:
- A database is a collection of individual pieces of information, systematically or methodically arranged so they can be accessed individually;
- A database will be protected by database right if the maker has made a substantial investment in obtaining, verifying or presenting the contents of the database;
- The person who makes the database will be the first owner of database right, but usually an employer will own the rights in databases created by their employees;
- The maker of a database must have a connection with the UK for database right to arise;
- Database right lasts for 15 years, but making substantial changes to the database restarts this period;
- The owner of database right can control the extraction and reutilisation of the whole or a substantial part of the database;
- There are limited exceptions for education and public administration; and
- Databases may also be protected by copyright, whether or not database right applies.
Database right and copyright
The two forms of protection for databases arise in different circumstances, and offer different, though parallel, forms of protection. In each case, though, it is important to distinguish between the database itself and the material in it.
The definition above applies to both copyright and database right. A database may be protected:
- As a copyright literary work – which gives protection for the intellectual creation involved in the selection and arrangement of materials;
- By a separate database right – protection for ‘a substantial investment in the obtaining, verification or presentation of the contents of the database’; and
- Both as a literary copyright work and by database right.
It is also important to note that there is a distinction between a database and its individual parts which may be protected by copyright in their own right separately from the protection that the database may have as a whole, but which are not protected by database right.
Nor does database right provide protection for software used to create the database. Any software used in making or operating a database is specifically excluded from database right, but is likely to be protected by copyright as a literary work. That said, as software is often developed in modular form, there may be some instances where a collection of software modules could be protected as a database. And it is also arguable that a website constitutes a database.
Equally, a compilation that does not satisfy the definition of database may still be protected by copyright as a literary work – copyright law has long recognised rights in railway timetables, football pools coupons, directories of solicitors, and other mundane collections of information.
The right sort of investment
Where copyright demands originality, database right looks for ‘a substantial investment in obtaining, verifying or presenting the contents of the database’. This need not be purely financial – it may take the form of human and technical resources and effort and energy. The law is not concerned with originality or creativity, though arguably investment is a proxy for these concepts. But it has to be the right sort of investment.
Judges have told us a lot about how to interpret this. The term ‘investment in obtaining the contents’ implies the use of resources to find existing independently created materials and to collect them as a database. Merely using a substantial amount of time and money in creating the contents is not sufficient – it is not the contents of the database that matter.
Customer lists may constitute a database in which the necessary investment in obtaining the contents has been made, even if the company does not create new information by putting a customer’s details into the database but simply records pre-existing information in a systematic way. And in a case involving address data provided by the Royal Mail, the judge considered that investment in verifying the data was precisely the sort of investment that supported database right. While about 90 per cent of the information could be verified easily, the rest had to be checked with local authorities, which cost millions.
How long does database right last?
The right lasts 15 years from when the database was made, but if the database is published in this time, then the term is 15 years from publication. A substantial change to the contents of the database starts the term running anew, and a substantial change may comprise a lot of insubstantial changes, so in principle many databases will have perpetual protection.
What does database right enable you to do?
Database right allows the owner of the right to take action to prevent extraction or re-utilisation of the whole or a substantial part of the contents of the database. Where insubstantial parts are repeatedly extracted, they may add up to a substantial part, if the repeated acts unreasonably prejudice the legitimate interests of the database right holder or conflict with a normal exploitation of the database.
‘Extraction’ can mean simply consulting the database and using information found there: there is no need for anything analogous to copying and pasting. Even a temporary transfer is considered to amount to an extraction.
Re-utilisation means any form of making available to the public by the distribution of copies, by renting, by online or other forms of transmission. Using a dedicated meta search engine to enter a search query on the defendant's website, which would directly search through the contents of the claimant's database, constitutes re-utilisation of the claimant's database, as does providing access to aggregated search results if that is detrimental to the substantial investment made by the maker of the database.
A ‘substantial part’ of a database
What constitutes a 'substantial part' is still not entirely clear, although it has to be looked at quantitatively – how much of the data contained in the database has been taken – and qualitatively – how much of the maker’s investment in the database has been affected.
In one case, the judge reckoned that ‘quantitatively substantial’ could not simply mean the numerical majority of the records. He thought that 14 per cent and 11 per cent of the records both lay at the lower end of what could be regarded as quantitatively substantial, but even 11% represented a qualitatively significant part of the database, as its creation had required substantial resources.
Authorship and ownership of a database
Definitions of authorship and ownership differ depending on the rights arising in the work:
- Database Copyright
The term ‘author’ is used to identify the person (or persons) who created the database copyright work. The owner may be someone else. The first copyright owner is generally the author of the work unless the work is made by an employee in the course of his or her employment in which case the employer is the first copyright owner unless there is any agreement to the contrary. - Database Right
The maker of a database, the person who ‘takes the initiative in obtaining, verifying or presenting the contents of a database and assumes the risk of investing in that obtaining, verification or presentation’, is the first owner of database right. More than one person might undertake those tasks, in which case database right may be jointly owned. The maker of the database (or at least one of joint makers) has to be a UK citizen or habitually resident in the UK, a UK company or partnership, or a resident of the Isle of Man or incorporated there.
Databases will often be put together by employees, in which case the employer owns both copyright and database right in what their employees create in the course of their employment. The rule does not apply where the creator is an independent contractor or freelancer rather than an employee. If you have non-employees working on databases for you, make sure that you own the rights in the resulting database (as well as any copyright works, including databases, they might create for you). It is also advisable to write something into contracts of employment to catch instances where it might not be clear that the employee is doing something in the course of their employment.
If there is no express term of any agreement about the ownership of a database then the court is likely to find that where it is held on the employer’s system, the database or list of information will belong to the employer. The nature of the employee’s profession or occupation may also affect the question of database ownership: a IT manager can move between jobs easily despite not taking any contact details with them, but a journalist has long-term contacts that they would need to carry on using in a future job.
Limitations and exceptions to database rights
The range of activities permitted without having to get the consent of the owner of the database right is very limited – copyright law, by contrast, has many permitted acts and limitations. The right to make use of a database also depends in the first place on whether it has been made available to the public, and whether the person claiming to be allowed to use it is a lawful user - a person who has the right to use a protected database through a licence from the database right holder, or through other means.
Fair dealing with a substantial part of a database made available to the public will not infringe database right if the part is extracted by a lawful user of the database, but only for the purpose of teaching or illustration and not for any commercial purpose. The source must be indicated. This only permits the extraction of material from the database – it does not allow reutilisation of the material, such as making it available to the public.
There are also a number of exceptions to protection, for public administration purposes.
If the maker of the database cannot be identified, and it is reasonable to assume that database right has expired, users can freely extract and reutilise substantial parts of the database. However, given that the act of keeping a database up to date results in the term of protection being constantly refreshed, it will rarely be possible to rely on this provision; and if it is applicable, the database will be badly out-of-date!
The law prohibits database right owners from trying to override these exceptions by using contractual terms. If a database is not protected by database right, though, contractual restrictions on what you can do with it are permitted, so – a little paradoxically – you might have no rights to use a database that isn’t protected by database right in the first place.
Technical protection
Common strategies against data extraction and re-utilisation include network monitoring (including inbound and outbound email and web communications traffic), database encryption, up-to-date anti-malware protection with antivirus, anti-spyware, personal firewalls and host-based Intrusion Prevention System (IPS) functionality.
Another helpful approach is to include ‘seeds’ (deliberately inserted fake information) in the database to trace and prove infringement. They don’t stop data extraction, but they do help to prove it has happened.
Which right applies – copyright or database rights?
| Copyright | Database Right | |
| Subsistence | Databases are treated as a class of literary works and may receive copyright protection under the Copyright, Designs and Patents Act 1988. For copyright protection to arise the selection and/or arrangement of the contents of the database must be original. A special test of originality applies to databases created after 27 March 1996. Such databases are original ‘if, and only if, by reason of the selection or arrangement of the contents of the database the database constitutes the author's own intellectual creation’. | A database right subsists in a database where there has been a substantial investment in obtaining, verifying or presenting the contents of the database. Provided a set of data comes within the definition of a database, it will qualify for protection in its own right under the Regulations (irrespective of whether it benefits from protection under copyright) if there has been a ‘substantial investment’ in obtaining, verifying or presenting the contents of the database. Investment includes ‘any investment, whether of financial, human or technical resources’ and substantial means ‘substantial in terms of quantity or quality or a combination of both’. |
| Duration | Protection lasts for 70 years from the end of the calendar year in which the author dies. | Protection lasts for 15 years from the end of the calendar year in which the making of the database was completed (or 15 years from the end of the calendar year in which the database was first made available to the public). If the owner makes a ‘substantial change’ to the contents resulting in a ‘substantial new investment’, the amended database will qualify for a new 15-year term. |
| Ownership | In general, the copyright owner is the person who creates the work except for a copyright work created by an employee in the course of his or her employment - in this case it is the employer who is the first owner of the copyright. However, with commissioned works, a consultant will be the legal owner of copyright in a work created on behalf of the party commissioning it unless ownership is dealt with otherwise contractually. | The maker of a database is the first owner with the maker defined as the person who ‘takes the initiative in obtaining, verifying or presenting the contents of a database and assumes the risk of investing in that obtaining, verification or presentation’. If the database is made by an employee in the course of his employment the employer will be regarded as the maker and the owner of the database right, subject to any agreement to the contrary. Where a database is commissioned the commissioner will usually be the ‘maker’ and first owner of the database right. |
| Infringement & Remedies | Infringement will arise by temporarily or permanently reproducing the database, translating, adapting or altering the database or distribution or communication to the public of copies of it without authorisation of the owner. Remedies for infringing materials or materials used to create infringing copies include an injunction prohibiting further infringement, damages for the loss incurred, an account of the profit made, the right to seize the infringing articles and order for the delivery up by the infringer of the infringing articles. | A person infringes a database right if they extract or re-utilise all or a substantial part of the contents of a protected database without the consent of the owner. However, extracting or re-utilising a substantial part of the contents can result from the repeated and systematic extraction or re-utilisation of insubstantial parts of the contents of a database. The remedies for infringement are broadly the same as for copyright and include equitable remedies together with damages and an order for the delivery up or seizure of copies which have infringed the database right. The claimant can also seek an account of profits as well as damages. |
Practical steps you can take to protect your database
What can you do to maximise legal protection for your databases? In consultation with your legal adviser, look at these points.
- Consider whether the database potentially qualifies for protection. If it does, will copyright or database right, or both, protect it?
- Does the material in the database have its own protection (for example, is it confidential, or does it comprise copyright works)? By focussing on protecting the database, you might be missing the important assets that need protecting.
- Who is the owner of the database? Have any licences to use the database been given to third parties?
- Review contracts relating to commissioned databases and employment contracts. Have you obtained assignments from non-employees who have worked on it?
- Update databases regularly to ensure the 15 year protection period recommences. Make sure this is logged.
- Protect against infringement by using copyright notices (© [Owner] [Year] All rights reserved) and some text to the effect that the set of data may be protected by database right.
- Keep a record of the ‘financial, human or technical resources’ put into a database as proof of substantial investment ensure that separate investment in the organisation and arrangement of the database itself is made in addition to any investment in the creation of the data.
Summary
Databases are commercially important assets, and having a form of tailor-made IP protection for them is valuable. However, database right is selective and will not protect all databases: the purpose for which the operator put it together is crucial, and if exists merely to serve your internal business purposes you might have to look elsewhere for protection (for example, trade secrets law). Nor will database right give you protection outside the UK: the benefits of the EU-wide scheme were lost with Brexit. Outside the UK, you’ll need to rely on other intellectual property rights, along with contractual restrictions and technical protection measures to limit access.
