No one can truly own a piece of data, the only thing that can be possessed is an aggregation or collection of such data, provided there has been a relevant investment in carrying out that aggregation or collection. In this article we will consider the types of intellectual property rights that can be utilised to protect collections of data and the individuals' rights in personal data that are beginning to present a challenge for commercial exploiters of data.
The same data can be exploited by different parties in totally different ways and, done properly this can be achieved without diminishing the value of data for any of its beneficiaries. We now live in a world in which more data is being generated and captured than ever before and with the growth of the Internet of Things - computing devices embedded in everyday objects, enabling them to send and receive data - the scale of this data explosion grows exponentially year on year.
Until 1997 and the implementation of the EU Directive 96/9/EC on the legal protection of databases (the Database Directive) through UK national Regulations (The Copyright and Rights in Databases Regulations), datasets could only be protected in the UK as works enjoying literary copyright. To qualify for copyright protection there was a requirement of originality but it was not a challenge to meet; the requirement was for sufficient skill, judgment or labour to be expended by the author of the compilation to make it his own work. Data concerning the entrants in a greyhound race was held to attract copyright protection (BAGS v Wilf Gilbert (Staffordshire) Ltd) under this test in 1994.
The protection offered by copyright may still cover the structure of a database or the work as a compilation but, for qualifying datasets, it is now supplemented by a standalone database right created by the Database Directive. There will be a database right if three criteria are satisfied:
If the criteria to establish a qualifying database are satisfied, the "maker" will be the first owner of the database right. In a data chain that has a number of players all coming into contact with the data in some way (and no doubt wanting to exploit it), identifying the maker will likely be the most difficult task. The maker will be the entity who:
This requires an assessment of who is doing what in the process and who is ultimately economically and commercially responsible for it happening. The entity actually engaged in the collecting or the presenting may not be the "maker", particularly where someone else has brought that entity in to provide a service. Subcontractors, for example, are explicitly excluded from the definition of maker. The entity who made the commercial decision to collect the data and made the investment in carrying it out will be the maker. This suggests that entities towards the top of the chain are more likely to be the maker. To complicate matters further, more than one entity may take the initiative or assume the risk and, if so, they will jointly own the database right.
There is potentially enormous value that can be generated from exploiting data aggregations, for example, by producing market intelligence, targeting ads or simply by better predicting the wants or needs of individuals based on the trends in the data. In addition, with that potential comes a need to identify who is able to exploit it and, more importantly, who can stop others from exploiting it. Identifying who in that chain owns the aggregation of the data will, therefore, be crucial in determining who has the economic rights to the aggregation.
Of course, like all intellectual property rights, the ownership of database right can be allocated in contract. Given the overlapping responsibilities and roles of those in the data chain, it will be important to put in place appropriate ownership provisions in the relevant agreements. Where ownership has not been appropriately provided for, we can expect to see significant disputes between those involved, given the potential value in data captured from the IoT. The ability of database owners to rely upon database right in resolving these disputes is debatable, however, so clear contractual provisions are more important than ever.
The aim of the Database Directive was to encourage the creation of more databases within the EU. In 2005 the European Commission published a report which identified serious flaws in the provisions of the Database Directive and concluded that it had failed in its objective. The report proposed various ways of remedying the situation (including getting rid of the database right altogether) but the Commission did not act upon any of the proposals.
Although infringement of database right is often pleaded alongside other causes of action in data breach cases (often along with breach of confidence or misuse of confidential information claims) it is not an easy right to defend and. as a result. it has proven to be of limited use to database owners. It remains to be seen whether the UK government will take advantage of the opportunity afforded by Brexit to significantly reform the protection given to databases.
There has long been an inherent tension between the rights of individuals in their own data and the rights of those compiling databases including that personal information. The right of Data Subject Access (through s.7 of the Data Protection Act in the UK) means that individuals are entitled to know what personal data relating to them a data controller holds and, ordinarily, to receive a copy of that data. Although this process can be disruptive to business, it rarely poses a threat to the integrity of the database or the rights of the data controller. However, with the forthcoming General Data Protection Regulation into which will be enshrined a right to data portability, the tension between personal data rights and the interests of database owners become clearer.
The right to data portability means that data subjects will have a new, express right to obtain a copy of their personal data from the data controller in a commonly used and machine-readable format and have the right to transmit those data to another controller (for example, an online service provider). In exercising their right, the data subject can request the information be transmitted directly from one controller to another, where this is technically feasible (although that will not always entail the original data controller having to delete the data). This move to greater rights over personal data for individuals is mirrored by a trend for greater rights to content for consumers.
On 7 February 2017, The Council, European Parliament (EP) and European Commission negotiators reached an informal agreement on the text of the Commission's proposal for a Regulation on the portability of online content services in the EU. This means that there should be fewer barriers to cross-border portability of content, so that consumers can also access online content that they have subscribed to or bought in their own Member State when they are temporarily present in another Member State. Although audio visual content is, of course, technically very different to personal data in databases, the move to create cross-border access rights in subscribed-for content is indicative of a general move to expand individuals' entitlement to access information in which they have an interest.
The move in public policy towards greater transparency and individual rights of access at a time when data is becoming increasingly valuable to those who can collect and control it, is one of the many challenges faced by data aggregators. Uncertainty around the future of database right in light of Brexit is another. Database owners must take all contractual and practical steps possible to clarify, secure and protect their interests whilst accepting that in the future not all data can be secured.
If you have any questions on this article please contact us.
Heralded by some as the future of financial transactions, there is no doubt that blockchain technology has the potential to shake up the world of finance. Already, financial institutions are looking to capitalise on the technology to create fast and low-cost payments for customers, investing millions of pounds in the process. However, the usefulness of blockchain technology is not limited to finance and banking.
2 of 4 Insights
3D printing technology is increasingly being used for commercial purposes.
3 of 4 Insights
There has been a great deal of talk about Virtual Reality (VR) being the 'next big thing'. Some have even predicted that it will be bigger than social media. Not that much has been said, however, about the legal considerations around this technology and the implications its increasing ubiquity might have for intellectual property rights holders.
4 of 4 Insights