Databases can be a valuable commercial asset and generally time and money is invested in their creation and maintenance.

The law protects this investment in two ways:

  • under the law of copyright and the specific rules that apply in relation to databases; and/or
  • under the Copyright and Rights in Databases Regulations 1997 (the "Regulations"), which implemented into UK law the provisions of European Directive 96/9/EC on the legal protection of databases and came into force on 1 January 1998, by way of a "database right".

This basic guide explains the circumstances in which protection will arise and sets out some practical steps designed to make the most of any rights that exist.

What is a database?

A database is defined in the legislation as "a collection of independent works, data or other materials which are arranged in a systematic or methodical way and are individually accessible by electronic or other means."

This is a wide definition which will cover traditional mailing lists and lists of customers as well as telephone directories, encyclopedias and card indexes, whether held electronically or in paper form. There is however a distinction to be drawn between a database and its individual components.  Database right protects the collection of data, not its constituent elements.  These elements may or may not be protected in their own right separately from any protection afforded to the database as a whole. 

Any software which is used in the making or operation of a database is specifically excluded from protection as a database, software instead generally being protected by copyright as a literary work.  Nevertheless, as software is often developed in modular form, it is possible that in some cases a collection of software modules may attract protection as a database.  Also, some elements of a computer program (for example, on screen look up tables which users may search in order to find information) may constitute a database.

Database rights

Provided a set of data comes within the definition of a database, it will qualify for protection in its own right under the Regulations (irrespective of whether it benefits from protection under copyright) if there has been a "substantial investment" in obtaining, verifying or presenting the contents of the database (the "Database Right").

Investment includes "any investment, whether of financial, human or technical resources" and substantial means "substantial in terms of quantity or quality or a combination of both".

The maker of a database is defined as the person who "takes the initiative in obtaining, verifying or presenting the contents of a database and assumes the risk of investing in that obtaining, verification or presentation" and such person is the first owner of the Database Right. This definition is in contrast to that of an owner in copyright since where a database is commissioned, the commissioner will usually be the "maker" and first owner of the Database Right. If the database is made by an employee in the course of their employment, the employer will be regarded as the maker and therefore the owner of the Database Right subject to any agreement to the contrary.

A person infringes a database right if they extract or re-utilise all or a substantial part of the contents of a protected database without the consent of the owner. 'Extraction' means the permanent or temporary transfer of the contents to another medium by any means or form.  This would cover, for example, copying some or all of the contents of one database into another database.  'Re-utilisation' means making the contents of a database available to the public (not necessarily for the first time) by any means.  It should be noted that extracting or re-utilising a substantial part of the contents can result from the repeated and systematic extraction or re-utilisation of insubstantial parts of the contents of a database.

In a number of cases, the CJEU has drawn a distinction between the acts of extraction and re-utilisation and mere consultation of a database.  It is clear that where the creator of a database makes the contents of the database accessible to the public, the consultation of that database does not, by itself, constitute an infringement of database right. This was recently assessed by the court in 77m Limited v Ordnance Survey Limited [2019] with Mr Justice Birss confirming consultation moves into extraction only when an individual takes a substantial part of all the contents of a database and then transfers this into another medium which can then be used. Simply consulting a database to learn something about a particular entry does not constitute an infringement in itself.

There are a number of "permitted acts" set out in the Regulations. The Database Right in a database which has been made available to the public is not infringed by fair dealing with a substantial part of its content in certain defined circumstances, for example when someone with a right to use the database extracts data for teaching or research and not for any commercial purpose (provided they indicate the source of the material). Extraction and re-utilisation is also permitted when it is not possible by reasonable inquiry to ascertain the identity of the maker and it is reasonable to assume that the Database Right has expired.

Like copyright, Database Right is an automatic right which exists as soon as the database exists in a recorded form. Database Right lasts for either 15 years from the end of the year in which the making of the database was completed or, if it was published during that period, 15 years from the end of the year in which the database was first made available to the public.

If there is a substantial change to the contents of the database then the 15 year protection period recommences for the database in its amended form. This includes a substantial change "resulting from the accumulation of successive additions, deletions or alterations, which would result in the database being considered to be a substantial new investment".

Interpreting "substantial investment"

In British Horseracing Board v William Hill [2004], the Court of Justice of the European Union (CJEU) gave guidance on the application of the rules relating to database rights, significantly reducing the scope of protection given to the maker of a database under the Regulations. The case involved a database operated by the British Horseracing Board (BHB) containing information relating to races, horses' registration details, jockeys, fixture lists, race conditions, entries, runners etc. It cost BHB approximately £4 million a year to maintain. William Hill displayed a small, specific amount of information from BHB's database on its website. BHB brought an action, alleging that William Hill's use of the information infringed BHB's database right.

The CJEU considered whether there had been "substantial investment" by BHB in obtaining, verifying or presenting the contents of the database. The Court decided that the expression "investment" refers to the resources used to seek out existing independent materials and collect them together to construct a database. The protection did not cover the investment involved in actually creating the data which made up the contents of the database. On the facts, the Court found that BHB had made substantial investment in the creation of the data itself but not in obtaining, verifying or presenting the contents of the database.  There was, therefore, no substantial investment that qualified for database right. 

The CJEU went on to consider the question of what constituted an extraction or re‑utilisation of a "substantial part" of the contents of a database. The Court observed that the question should be addressed both quantitatively and qualitatively. In order to determine whether the data constituted a substantial part in the quantitative sense, the data extracted or re-utilised must be assessed in relation to the total volume of the content of the database. The use by William Hill of the information from the database represented a very small part of BHB's whole database. There was therefore no extraction or re-utilisation of a substantial part in the quantitative sense.

In order to determine whether the data constituted a substantial part in the qualitative sense, the Court said that reference must be made to the scale of investment in the obtaining, verification or presentation of the contents of the database that are extracted and/or re-utilised (and not the value of the contents extracted). Since no separate effort had been employed to obtain, verify or present the particular part of the database used by William Hill, such part could not be substantial in the qualitative sense

The same result was reached in the cases of Fixtures Marketing v Oy Veikkaus, Fixtures Marketing v OPAP and Fixtures Marketing v Svenska [2004].  The CJEU gave its judgment in these three cases contemporaneously with its judgment in BHB v William Hill. Fixtures Marketing (FML) brought actions against the three defendant organisations alleging that they had extracted and/or re-utilised data from football fixture lists for the English Premier League and its Scottish equivalent, which FML develops and administers at a cost of over £11.5 million a year.

As in BHB v William Hill, the CJEU ruled that only investment to seek out existing materials and collect them into a database will give rise to a database right. Resources used for the creation of materials that make up the database will not be sufficient to give rise to protection.

The Court held that neither the obtaining, verification, nor presentation of the contents of a football fixture list reflected substantial investment which could justify protection by database right. FML could therefore not rely on database right to prevent the use of its data by the defendants.

What should be taken from the CJEU's ruling?

  • Protection given to the maker of a database by database right is not as wide as was previously thought.
  • Database right only arises where the maker of the database has invested substantially in obtaining or verifying data from independent sources.
  • Investment in actually creating data which forms part of a database will not automatically result in a database right. Organisations creating data must make separate investment in the organisation and arrangement of the database itself in order to gain protection.

In 77m v Ordnance Survey the UK Court further considered "substantial investment".  The UK Court was satisfied that the considerable investment by the defendant (both in human resource and economic terms) in maintaining its database of addresses was sufficient to amount to the 'substantial investment' required for the database to be  protected by database right. Given the number of addresses taken from the database by the claimant, the Court found that the claimant had extracted a substantial part of the contents of the defendant's database and that this amounted to database right infringement.

Copyright protection for databases?

In respect of copyright, the CJEU has made clear the Database Right is a harmonising measure which means that national copyright cannot give any greater protection to databases than that which is provided by Database Right. Accordingly, the circumstances in which a database might attract copyright protection are extremely limited, if available at all. In Stan James, the CJEU clarified the relationship between copyright and Database Right by stating:

Directive 96/9 must be interpreted as meaning that, subject to the transitional provision contained in Article 14(2) of that directive, it precludes national legislation which grants databases, as defined in Article 1(2) of the directive, copyright protection under conditions which are different to those set out in Article 3(1) of the directive”.

For more information on Copyright see our article: Copyright law: the basics

What about databases that are not protected by either database right or copyright?

The Database Directive 96/9/EC only applies to databases protected by database right or copyright.  This means that the creator or other holder of a database that is publicly accessible is free to restrict by contractual terms how the contents of the database are used by third parties.  This is not possible for databases protected by database right or copyright because parts of the Database Directive prevent contractual restrictions on the use of protected databases.

What does the future hold?

In 2005, the European Commission assessed whether the Database Directive was still fit for purpose.  It concluded that it had not achieved its objective of encouraging investment in database production across the EU.  The European Commission carried out a second evaluation of the Directive in 2018, reaching broadly the same conclusion and noting that the Directive may not be able to meet the growing digital challenges of AI and big data.  However, it decided to retain the Directive in its current form because of a lack of a clear consensus about change/abolition.

The latter evaluation was welcomed by many following the ever-increasing awareness of the types and uses of data that may underpin the digital economy in the future. However, the evaluation does raise a number of questions, for example there is no equivalent right in the USA (the world's largest database-producing market) and it is increasingly difficult to distinguish between data "creation" and "obtaining" of data due to the increase use of automated data gathering. Therefore it is likely the protection of database rights will be re-considered in the not too distant future.

Brexit

The Regulations limit the ability to qualify for a database right to those who are nationals of EEA states. Therefore, when the UK leaves the EU, there will be no obligation for EEA states to recognise UK nationals as eligible to qualify for the database right in the EEA. However, provisions have been made by the UK to replace references to EEA with UK in the Regulations in order to ensure that UK nationals are still eligible to qualify for the database right in the UK post Brexit.

Yet there will remain no obligation on other EEA states to provide database rights to UK nationals, residents or corporations and therefore UK database owners may find their rights are unenforceable in the EEA. This means that after Brexit in the EEA it would be necessary for those entities to rely either on any copyright in the relevant database, contractual arrangements to protect that database and/or other forms of protections such as restrictive licensing agreements.

Database rights that exist in the UK prior to exit will continue to exist in the UK for the remainder of their duration. Thus those who wish to use databases protected by such rights will continue to need the permission of the right holder.  Additionally, limited copyright protection for databases will continue to subsist under CDPA 1988 at UK national level and immediate changes to UK copyright law following Brexit are not anticipated.

Practical steps for dealing with databases

Anyone creating, organising or administering databases, or anyone extracting or re-utilising the contents of databases belonging to others, should review their position in relation to the use of such data. In particular:

  • Review any databases that potentially qualify for protection.
  • Review contracts relating to commissioned databases and employment contracts.  Also review any contracts where a database may be created and/or enhanced as a consequence of providing a service (such as a customer database created in the context of a sales agency) where the ownership position may not be clear.
  • Update databases regularly to ensure the 15 year protection period recommences.
  • Protect against infringement by using copyright notices (© [Owner] [Year] All rights reserved) and some text to the effect that the set of data may be protected by database right.
  • Keep a record of the "financial, human or technical resources" put into a database as proof of substantial investment, and be sure to make separate investment in the organisation and arrangement of the database itself in addition to any investment in the creation and maintenance of the data.

Confidential information

It is worth noting that information contained in a database which is not in the public domain may, in addition, be protected under the law of confidence.  For more information, please see our guide onConfidential Information.

Data Protection

It is not the intention in this guide to deal with data protection issues. However, it is important to remember that ownership of database rights does not necessarily give the owner unfettered rights to exploit the data contained in the database in all circumstances.  The  General Data Protection Regulation and the Data Protection Act 2018 (together the "legislation") deal with the use of personal data held both manually and in automated form and will therefore often be applicable to databases. Personal data is defined as any information relating to an identified or identifiable natural person ("data subject") who can be identified from those data or from the data together with other information in the possession or likely to come into the possession of the holder of the data ("data controller").

The legislation attempts to protect personal data in a number of ways, for example:

  • Data controllers must register with the Information Commissioner.
  • Data controllers must comply with certain principles, for example to process data fairly and lawfully.
  • Data subjects are given rights in respect of the data held about them, for example the right to object to the direct marketing of their personal data.

Data controllers must therefore ensure that the way that they obtain, hold and deal with personal data complies with this legislation as the Information Commissioner has wide powers of enforcement and individual data subjects have the right to compensation in certain cases. For example, a breach of the legislation may result in an administrative fine of up to €20m or up to 4% of total worldwide annual turnover. In particular, data controllers should bear in mind the requirements on them if they intend data to be processed on their behalf by third parties, for example in the context of commissioning a database.

For more information on Data Protection see our article on Data Protection.