Your business might spend a lot of time and money in the creation of databases, so it’s important to know if, when and how your databases can be protected by intellectual property rights or database rights. Here our expert IP solicitors explain the basics of IP and other protection in databases.
We'll be covering:
- The legal definition of a database
- Common legal issues in databases
- Common law and database information rights
- What is a sui generis database right?
- Which right applies – copyright or database directive?
- Creating the data that forms the databases
- Authorship and ownership of a database
- Definition of a ‘substantial part’ of a database
- Independent material and databases
- Protecting your database against extraction and re-utilisation
- Patents and databases
The legal definition of a database
Under the Copyright and Rights in Databases Regulations 1997 which implemented into UK law the provision of the EU Database Directive 96/9, a database is defined as: a collection of independent works, data or other materials which:
- are arranged in a systematic or methodical way;
- and are individually accessible by electronic or other means.
Common legal issues in databases
There are two forms of protection for databases that arise in different circumstances and offer different forms of protection.
A database that falls within the definition above may be protected:
- As a copyright work – this is literary copyright protection for ‘the intellectual creation involved in the selection and arrangement of materials’. That is those databases that meet the requirement for ‘creativity’ of the work and are known as ‘creative databases’. Database copyright protects the structure of a database and not the contents, and protects the recorded form of the database.
- By a separate database right – this is sui generis protection for ‘an investment (in human and technical resources and effort and energy) in the obtaining, verification or presentation of the contents of the databases’. Whilst such databases may not be creative, they require a quantitatively or qualitatively substantial investment in terms of resources and/or time spent and are therefore protected and known as ‘non-creative databases’. In some countries, such as in the USA, there is no proper legal protection for non-creative databases. Unlike database copyright, the separate database right protects the contents of a database. This restricts the extraction or re-utilisation of the whole or a substantial part of the contents without the owner’s permission.
- Both as a literary copyright work and by a separate database right.
It is also important to note that there is a distinction between a database and its individual parts which may be protected in their own right separately from the protection that the database may have as a whole.
For example, the Directive does not provide protection for software used to create the database or for material contained in the database. As such, any software used in making or operating a database is specifically excluded from being protected as a database and instead is normally protected by copyright as a literary work. However, as software is often developed in modular form, there may be some instances where software modules could be protected as a database.
Equally, a compilation that does not satisfy the definition of database may still be protected by copyright as a literary work.
Other issues in relation to databases include:
- ownership where employee creates database – protection is given to the database author(s) or creator(s)
- effects of multiple ownership
- ownership where content has been absorbed from other databases
- role of contracts in overriding legislation
- handling personal data – EU Data Protection Directive 95/46 gives data subjects various rights including the right to be informed when their data is being processed and can limit what the owner of a database can legitimately do with that database
- confidential information – information contained in a database which is not in the public domain may also be protected under the law of confidence.
Common law and database information rights
A database is ‘a collection of independent works, data or other materials which are arranged in a systematic way and are individually accessible by electronic or other means’ (regulation 6) and a database right subsists in a database where there has been ‘a substantial investment in obtaining, verifying or presenting the contents of the database’ (regulation 13, Database Regulations).
Case law derived from judicial decisions provides some guidelines to how to interpret regulation 13. The term ‘investment in obtaining the contents’ was explored in British Horseracing Board Ltd and others v William Hill Organisation Ltd  as implying resources which were used to find existing independently created materials and to collect them as a database. Using a substantial amount of time and money in creating the contents is not sufficient. The Court ruled that only investment to seek out existing materials and collect them into a database will give rise to a database right. Resources used for the creation of materials that make up the database will not be sufficient to give rise to protection.
British Sky Broadcasting Group Plc and others v Digital Satellite Warranty Cover Ltd and others  concluded that customer lists may constitute a database into which the necessary investment in obtaining the contents has been made even if the company does not create new information by putting a customer’s details into the database but simply records pre-existing information in a systematic way.
Pennwell Publishing (UK) Ltd and others v Ornstien  confirmed that if there is no express term of any agreement regulating the ownership of a database then the court is likely to find that where the database is held on the employer’s system, the database or list of information will belong to the employer. The Penwell case also concluded that the nature of the employee’s profession or occupation may affect the question of database ownership. Whilst a sales representative can move between jobs easily despite not taking any contact details with him, a journalist has long-term contacts that he would need to carry on using in any job he did. However, even in the case of a journalist the court may conclude that such a list is not a personal list maintained by him separate from his work and for his own use.
Noteworthy points arising from case law:
- Protection granted by a database right to its maker is not as wide as was originally contemplated
- Database rights only arise where the maker of the database has invested substantially in obtaining or verifying data from independent sources
- Investment in creating data that forms part of a database will not automatically result in a database right. Parties creating data must make separate investment in the organisation and arrangement of the database itself to gain protection
- The reduced scope of protection under database rights may result in database makers seeking to rely more on copyright to protect investment.
What is a sui generis database right?
Article 7(1) of the Database Directive of 1996 established a sui generis database right for the maker of a database to prevent extraction or re-utilisation of the whole or a substantial part of the contents of the database.
The right is infringed if an unauthorised party extracts the whole or a substantial part of the contents of the database in which that right subsists or where insubstantial parts are repeatedly extracted.
Re-utilisation means any form of making available to the public of all, or a substantial part, of the contents of a database by the distribution of copies, by renting, by online or other forms of transmission (Article 7(2)(b)).
The sui generis right prohibits the extraction or re-utilisation of any database in which there has been a substantial investment in obtaining, verifying or presenting the data contents. There is no requirement for creativity or originality and the right lasts 15 years from the date the non-creative database was made but if the database is published in this time, then the term is 15 years from publication.
A sui generis right granted under the Directive does not apply to databases created by companies located outside the European Union. Therefore, European companies presently have greater protection for their databases than companies in the USA.
The legislation provides that the first owner of the database right is the 'maker' of a database. The maker is the person who takes the initiative in obtaining, verifying or presenting the contents of a database and assumes the risk of investing in the same. The database right enables the owner to prevent others from extracting and/or re-utilising all or a substantial part of the contents of their database.
Which right applies – copyright or database directive?
|Subsistence||Databases are treated as a class of literary works and may receive copyright protection under the Copyright, Designs and Patents Act 1988. For copyright protection to arise the selection and/or arrangement of the contents of the database must be original. A special test of originality applies to databases created after 27 March 1996. Such databases are original ‘if, and only if, by reason of the selection or arrangement of the contents of the database the database constitutes the author's own intellectual creation’.||A database right subsists in a database where there has been a substantial investment in obtaining, verifying or presenting the contents of the database. Provided a set of data comes within the definition of a database, it will qualify for protection in its own right under the Regulations (irrespective of whether it benefits from protection under copyright) if there has been a ‘substantial investment’ in obtaining, verifying or presenting the contents of the database.Investment includes ‘any investment, whether of financial, human or technical resources’ and substantial means ‘substantial in terms of quantity or quality or a combination of both’.|
|Duration||Protection lasts for 70 years from the end of the calendar year in which the author dies.||Protection lasts for 15 years from the end of the calendar year in which the making of the database was completed (or 15 years from the end of the calendar year in which the database was first made available to the public). If the owner makes a ‘substantial change’ to the contents resulting in a ‘substantial new investment’, the amended database will qualify for a new 15-year term.|
|Ownership||In general, the copyright owner is the person who creates the work except for a copyright work created by an employee in the course of his or her employment - in this case it is the employer who is the first owner of the copyright. However, with commissioned works, a consultant will be the legal owner of copyright in a work created on behalf of the party commissioning it unless ownership is dealt with otherwise contractually.||The maker of a database is the first owner with the maker defined as the person who ‘takes the initiative in obtaining, verifying or presenting the contents of a database and assumes the risk of investing in that obtaining, verification or presentation’. If the database is made by an employee in the course of his employment the employer will be regarded as the maker and the owner of the database right, subject to any agreement to the contrary. Where a database is commissioned the commissioner will usually be the ‘maker’ and first owner of the database right.|
|Infringement & Remedies||Infringement will arise by temporarily or permanently reproducing the database, translating, adapting or altering the database or distribution or communication to the public of copies of it without authorisation of the owner. Remedies for infringing materials or materials used to create infringing copies include an injunction prohibiting further infringement, damages for the loss incurred, an account of the profit made, the right to seize the infringing articles and order for the delivery up by the infringer of the infringing articles.||A person infringes a database right if they extract or re-utilise all or a substantial part of the contents of a protected database without the consent of the owner. However, extracting or re-utilising a substantial part of the contents can result from the repeated and systematic extraction or re-utilisation of insubstantial parts of the contents of a database. The remedies for infringement are broadly the same as for copyright and include equitable remedies together with damages and an order for the delivery up or seizure of copies which have infringed the database right. The claimant can also seek an account of profits as well as damages.|
Creating the data that forms the databases
Anyone that creates, organises or administers databases or extracts or re-utilises the contents of databases belonging to others, should examine their approach to the use of such data and take any necessary practical steps.
It is important to:
- Consider if the database potentially qualifies for protection. If so, does it attract copyright/database right protection?
- Who is the owner of the database? Are any licences to use the database and should an assignment of rights in such database be obtained
- Review contracts relating to commissioned databases and employment contracts. Do such contracts deal expressly with ownership/assignment of copyright and database rights?
- Update databases regularly to ensure the 15 year protection period recommences.
- Protect against infringement by using copyright notices (© [Owner] [Year] All rights reserved) and some text to the effect that the set of data may be protected by database right.
- Keep a record of the ‘financial, human or technical resources’ put into a database as proof of substantial investment ensure that separate investment in the organisation and arrangement of the database itself is made in addition to any investment in the creation of the data.
Authorship and ownership of a database
Definitions of authorship and ownership differ depending on the rights arising in the work:
- Database Copyright
The term ‘author’ is used to identify the person (or persons) who created the database copyright work whereas ‘copyright owner’ is used to identify the person who owns the copyright in that database. These are not necessarily the same person. This distinction is relevant because permission to use a copyright work is normally granted by the owner whereas the duration of copyright protection is usually calculated with reference to the death of the author. Pursuant to UK law, copyright in a database lasts for 70 years from the end of the calendar year in which the author of the database dies. The first copyright owner is generally the author of the work unless the work is made by an employee in the course of his or her employment in which case the employer is the first copyright owner unless there is any agreement to the contrary.
- Database Right
In contrast to copyright the maker of a database is the first owner and is defined as the person who ‘takes the initiative in obtaining, verifying or presenting the contents of a database and assumes the risk of investing in that obtaining, verification or presentation’.Database right lasts for 15 years from the end of the calendar year in which the making of the database was completed and although this is shorter than the duration of copyright, if a ‘substantial change’ to the contents of a database which constitutes a ‘substantial new investment’, the amended database will qualify for a new 15-year term. This means that an indefinite term of protection is available for databases that are continually updated.
Definition of a ‘substantial part’ of a database
What constitutes a 'substantial part' is still not clear, although case law has established that it may be tested both in terms of quantity and quality.
In Beechwood House Publishing Ltd v Guardian Products Ltd and another  the judge HHJ Birss QC applied the test from British Horseracing Board v William Hill  on quantitative and qualitative substantial parts. On the quantitative approach, he considered the volume of data extracted as against the volume of data in the database as a whole. On the qualitative approach, he considered the scale of investment in obtaining, verifying, or presenting the content of the database irrespective of whether it amounted to a quantitatively substantial part of the whole. In terms of the quantitative question, he noted that a quantitatively substantial part should be assessed in relative terms and as such ‘quantitatively substantial’ could not require the numerical majority of the records. 6,000 records out of 43,000 equalled roughly 14% and 4,783 out of 43,000 equalled 11% and in the judge’s view, 11% or 14% of the data was at the lower end of what could be regarded as quantitatively substantial. However, even 11% represented a significant part of the volume of the database as its creation had required substantial resources.
It is also important to note that the repeated and systematic extraction or re-utilisation of insubstantial parts of the contents of a database may amount to a substantial part.
Independent material and databases
The European Court of Justice (ECJ) ruled on the meaning of ‘independent materials’ of a database in the context of a topographic map for the purposes of Article 1(2) of the Database Directive (96/9/EC). In Freistaat Bayern v Verlag Esterbauer GmbH C 490/14, the Land of Bavaria published topographic maps covering the Federal state of Bavaria whilst Verlag Esterbauer was an Austrian publisher publishing tour books and maps for cyclists. Land of Bavaria claimed unauthorised scanning of its topographic maps and the subsequent extraction and reuse of geographical information by Verlag Esterbauer for the creation of its own specialised maps.
The Court was asked to clarify whether geographical data extracted from a topographic map for a third party to produce and market another map retains sufficient informative value after extraction so as to be held to be ‘independent materials’ of a database within the meaning of Article 1(2) which provides that a database is ‘a collection of independent works, data or other materials arranged in a systematic or methodical way and individually accessible by electronic or other means’.
Simply put, the question was whether a topographic map is a database for the purposes of the Directive and the answer handed down by the ECJ was yes. The ECJ held that the term ‘database’ should be given a wide scope, that the concept of ‘database’ is specifically defined in terms of its function and that the classification as a ‘database’ within the meaning of Article 1(2) is dependent on the existence of a collection of ‘independent materials’ which are separable from one another without their informative, literary, artistic, musical or other value being affected. The informative value of material from a collection is not affected if it has autonomous informative value after being extracted from the collection concerned.
Protecting your database against extraction and re-utilisation
Extraction means ‘the permanent or temporary transfer of all or a substantial part of the contents of a database to another medium by any means or in any form’, and can be broadly equated with the restriction on copying in copyright law. This would for example cover copying the contents of a database to a USB stick. If a person extracts all or a substantial part of the contents of a database without the owner’s permission a breach of that database occurs. Provided that the database right is established (the relevant substantial investments have been made in creating a protectable database) the scope of acts by third parties that may constitute extraction is potentially significantly extensive and is not limited to physical copying of data by technical means.
Re-utilisation means ‘making the contents available to the public by any means’. This would include distributing copies, renting and by online or other forms of transmission. If a person re-utilises all or a substantial part of the contents of a database without the owner’s permission a breach of the database right occurs.
Common strategies against data extraction and re-utilisation include network monitoring (including inbound and outbound email and web communications traffic), database encryption, up-to-date anti-malware protection with antivirus, anti-spyware, personal firewalls and host-based Intrusion Prevention System (IPS) functionality.
Another helpful approach is also to include ‘seeds’ (deliberately inserted fake information) in the database to trace and prove infringement (as seen in Beechwood House Publishing Ltd v Guardian Products Ltd).
Patents and databases
A patent is granted to protect a new invention. While it is possible to argue that an algorithm is new and unique, a database is a collection of data generally stored and accessed electronically from a computer system. As such if it is implemented using an existing database application (like Oracle or Microsoft SQL Server) there is nothing new or unique about the database.
It is also not possible to patent a collection of data and as such the contents stored in a database are not patentable. However, if unique code in the database has been created, it is possible that the code may be patentable but not the database as a whole.
Using a copyright to protect the database is more likely to be a better option although there will be many ways to create a similar product which is sufficiently ‘different’ and as such will not violate any copyright.