The Sui Generis Database Right and Connected devices interfering with the free flow of data
Introduction
The Database Directive 96/9 introduced a database-specific Sui generis database right (hereafter "SGDR") deriving from the Scandinavian catalogue protection rights.[83] Within the DbD two provisions; a copyright[84] (individual data protection) and a SGDR[85] which protects the structure and the investment made in the databases creation. As opposed to the Copyright protection, the Sui Generis Right does not require any intellectual creativity in the making of the database by the rights holder. Instead the investment in the making of the database is protected within the SGDR. Both the copyright and the SGDR work in conjunction with each other and preclude free-riding on someone else’s investment of the creation of a database. The SGDR came about as a result of the need to incentivize the production of databases[86] besides the harmonization of national laws on the copyright protection of original databases.[87] The SGDR also provides an additional layer of protection to the producers of the database.[88]
The Sui Generis right derives from the Common law doctrine of Sweat of the Brow[89]which stipulates that a creator of a work may reap the benefits of one’s own work without any requirement of creativity. It is contentious whether mechanical and automated creations which are generated by ML would reap the fruit of the investments made into the creation of databases. ‘Sui generis right‘ which is latin for ‘one of its kind or unique’ prevents the unauthorised substantial use of database contents so long as the producers have made a “substantial investment in obtaining, verifying or presenting the contents of the database.”
The Database Directive 1996 was enacted as an attempt to promote the creation of databases within the European Union. So as to minimise disparities between member states of the European Union, the law was enacted to harmonise the protection of databases. However, important to note is that as a result of the legal capacity of the directive Member State’s courts decisions are not harmonised and therefore the judgements within this chapter of the thesis will include decisions of EU member state courts along with preliminary rulings from the CJEU under 267 of TFEU. In one seminal case revolving the database right it was stated that “the Directive should serve as a yardstick for the interpretation of national law, even in those Member States which had similar provisions before the Directive was adopted”.[90]
Scope of protection of databases
The SGDR is an automatic right which subsists once the database exists in a recorded form. The right lasts for 15 years from the end of the year in which the making of the database was completed and can be renewed once every 15 years so long as a new considerable investment is made in the database. Protection commences 15 years from the end of the year in which the database was first made available to the public.[91] The right does not require any intellectual creation or originality. It does however grant one of the strongest forms of protection given to an IP creation.[92] Scholars argues that it may be “one of the least deserving subject matters”[93]A Database right protects the collection of data, not its constituent elements which may or may not be protected in their own right independently from any protection afforded to the database as a whole. Any software which is used in the making or setup of a database is explicitly excluded from protection as a database, being protected by copyright as a literary work. Still, as software is frequently developed in modular form, it is still possible that in some rare cases a collection of software modules may be protected as a database. Also, some elements of a computer program (for example, on screen look up tables which users may search in order to find information) may constitute a database.[94] SGDR protects databases which are a result of substantial investment in the collection, verification, or presentation of its data.[95] These include datasets which are collected or cleaned, such as collections of user reviews and preferences. The investment amount varies within the EU member states. Investments amounting to 4,000 EUR have sufficed in some countries.[96] The right may be overridden where the use of the part(s) of the database is “grounds of private use, non-commercial teaching and research, public security, and administrative or judicial procedure.”[97]
The Database
The SGDR is envisaged in article 1(2) of the DbD which defines a database as “a collection of independent works, data or other materials which are arranged in a systematic or methodical way and are individually accessible by electronic or other means.”[98]The definition lays more emphasis on the function rather than the form of the database by allowing for its subsequent search and retrieval. In order for the databases retrieval to occur the contents needs to be structured in a methodological way and comprise of constituent elements which are independent of each other. They should be retrievable without losing their intrinsic and autonomous value upon retrieval. In the CJEU case of Fixtures Marketing Ltd v Organismos Prognostikon Agonon Podosfairou AE (OPAP)[99] it was held that a football fixture list amounted to a database as the constituent data had individual inherent value as they could be separated based on dates, title, team members to interested parties. AG Stix-Hackl has indicated that a search engines that sorts and indexes data will suffice the systematic or methodical requirement.[100] Simple structures like XML or PDF are categorized as a database in the case law.[101]
Investment in obtaining, verifying or presenting
Pursuant to Article 7(1) DbD, the SGDR is vested in the database maker, i.e. ‘the person who takes the initiative and the risk of investing’ (excluding subcontractors).[102] Protection is afforded in the database whose database maker is able to prove that that there has been “qualitatively and/or quantitatively substantial investment in either the obtaining, verification or presentation of the contents to prevent extraction and/or re-utilization of the whole or of a substantial part, evaluated qualitatively and/or quantitatively, of the contents of that database.”[103] In a seminal case i.e. British Horseracing Board v William Hill [2004],[104] the CJEU clarified the scope of the “investment made in the verification, obtainment and presentation of a part(s) of database” criteria under the directive. The case concerned a horseracing database which was maintained by the British Horseracing Board (BHB) comprising of information in relation to owners, trainers, jockeys, horses and records of the performances in each race. Thus, the database contained essential information for the purposes of those who were involved in the horseracing and also radio and telephone broadcasters. The investment made in maintaining the database amounted to about £4 million per annum. Racing pages authorise the Satellite Information Services Limited (‘SIS’) to transmit data to its own subscribers in the form of a “raw data feed” ('RDF'). The RDF includes a large amount of information, including the names of the horses, names of jockeys, the saddle cloth numbers and the weight for each horse. William Hill who was a subscriber to the SIS displayed a small, specific amount of information from BHB's database on its website. BHB brought an action, alleging that William Hill's use of the information infringed BHB's database right.
Firstly, in adjudicating the case, the CJEU had to consider whether a there had been “substantial investment” made by BHB in “obtaining, verifying or presenting the contents of the database.” The CJEU decided that the expression “investment” refers to the resources used to seek out existing independent materials and collect them together to construct a database. The protection did not cover the investment involved in de facto creating the data which made up the contents of the database. Thus, the investment should “refer to the resources used to seek out existing independent materials and collect them in the database. It does not cover the resources used for the creation of materials which make up the contents of a database.”[105]Moreover, “insubstantial” part must be interpreted as meaning “a part which does not reach the threshold for a substantial part in terms of quality or quantity. That threshold forms the upper limit[…] the sui generis right does not cover individual data.”[106] On the facts, the Court found that BHB had made substantial investment in the creation of the data itself but not in obtaining, verifying or presenting the contents of the database. There was therefore, no substantial investment that qualified for database right.
Substantiality and act of extraction and re-utilisation
A person infringes an ‘investment made’ in a right holders database right if they extract or re-utilise[107] all or a substantial part of the contents of a protected database without the consent of the database owner. Legal definitions of the terms of extraction and re-utilisation are provided within article 7(2) of the Directive.
Extraction is defined as the permanent or temporary transfer of the contents to another medium by any means or form. An example of this is for example, copying some or all of the contents of one database into another database. Re-utilisation means making the contents of a database available to the public (not necessarily for the first time) by any means. Extracting or re-utilising a substantial part of the contents can result from the repeated and systematic extraction or re-utilisation of insubstantial parts of the contents of a database. SGDR protects against extraction and reutilization of substantial part of the database, or also of its insubstantial part if made systematically.[108]
In a number of cases,[109] the CJEU has drawn a distinction between the acts of extraction and re-utilisation and mere consultation of a database. It is clear that where the creator of a database makes the contents of the database accessible to the public, the consultation of that database does not, by itself, constitute an infringement of database right. In the seminal case of BHB v William Hill [2004][110] mentioned above[111] the CJEU considered the issue of an extraction or re‑utilisation of a substantial part of the contents of a database affirming that the question should be addressed both quantitatively and qualitatively. In order to ascertain whether the data amounted to a substantial part in the quantitative sense, the data extracted or re-utilised must be assessed in relation to the total volume of the content of the database. The use by William Hill of the data from the database represented a very small part of BHB's whole database. Further, any unauthorised act of appropriation and distribution to the public of the whole or a part of the contents of a database would amount extraction or re-utilisation, however in the present case the contents of a database were made accessible to the public by its maker or with his consent and “did not affect the right of the maker to prevent acts of extraction and/or re-utilisation of the whole or a substantial part of the contents of a database.” There was therefore no extraction or re-utilisation of a substantial part in the quantitative sense. In addition, when determining whether the data constituted a substantial part in the qualitative sense, the CJEU referred to the scale of investment in the obtaining, verification or presentation of the contents of the database that are extracted and/or re-utilised (and not the value of the contents extracted). Since no separate effort had been employed to obtain, verify or present the particular part of the database used by William Hill, such part could not be substantial in the qualitative sense.
In the same light, in Fixtures Marketing v Oy Veikkaus, Fixtures Marketing v OPAP and Fixtures Marketing v Svenska [2004],[112] the CJEU gave its judgment along with its judgment in BHB v William Hill. Fixtures Marketing had brought actions against three defendant organisations contending that they had extracted and re-utilised data from football fixture lists for the English Premier League, which Fixtures Marketing develops and managed at a cost of over £11.5 million a year. Here, the CJEU held that only investment to pursue existing materials and collect them into a database will give rise to a database right. Therefore, drawing up a fixture list for the purpose of organising football league fixtures and using resources to establish the dates, times and the team pairings for the various matches in the league does not provide protection. Hence, resources utilized for the creation of materials that make up the database does not lead to protection as was the case in BHB v William Hill.
There is a correlation between the substantial investment and the infringement of as evidenced by economy justification for the SGDR by allowing the database maker to recover costs that they have made in creating the database as per recital 48 of the database directive. Recital 48 further mentions that provisions of the directive are without prejudice to data protection legislation recognized in Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms. As the DbD came into force before the introduction of the GDPR, it is uncertain whether the same can be extended in relation to the GDPR whose crux lies in the realms of right to privacy.
The ‘obtaining, verification and presentation’ criteria in connected devices
Several devices that we use daily may all at once be connected to the internet. So for example, smart cities thrive on the use of connected devices and the IoT.[113]
Firstly, one needs to define the database as per the DbD Article 1(2) which states that “materials which are arranged in a systematic or methodical way and are individually accessible by electronic or other means”[114]. Secondly, when it is established that data fits the definition of a database, a second criteria would be that a “substantial investment be made in obtaining, verifying and presenting its contents” pursuant to the SGDR.
In the Autobahnmaut decision[115] it was held by the Bundesgerichtshof (German Federal Supreme Court) that a highway company could claim a sui generis right in a database of machine-generated data about motorway use or toll data. The highway company had made a substantial investment in the ‘obtaining’ of pre-existing data on cars on the motorway and in the processing of such data through software ‘verifying’ and ‘presenting’. Provided that the same line of reasoning is extended to data that is generated via the use of sensors and connected devices, then the database owner would have a right to exclude others from extracting or re-utilising the data held within the database. The investment in creating the raw material may oftentimes exceed the investment made in segmenting and aligning that pre-existing raw material. In such a case, it might be inadvertently difficult to rely on the sui generis protection. Moreover, the criterion of ‘verification’ of the database contents may become ever more pertinent, especially in a big data context which allows analytics of unstructured data generated from connected devices.
Discussion
The Directive refers to the database maker’s investment in “obtaining, verifying and presenting of the contents” and provides a right “to prevent extraction and/or re-utilization of the whole or of a substantial part, evaluated qualitatively and/or quantitatively, of the contents of that database.” The directive also mentions in its recitals that a database includes “collections of independent works, data or other materials which are systematically or methodically arranged and can be individually accessed.” These prerequisites, according to Bernt Hugenholtz, “squarely rules out protection – whether by copyright or by the sui generis right – of (collections of) raw machine-generated data.”[116] The use of noSQL technologies may imply that big data are not protected by the sui generis right. Likewise, machine produced outputs (such as new data corpora) based on analyses of big data resulting from connected devices are neither “obtained” nor “collected”; they are generated by the machine. This would seem to leave them unprotected by the sui generis right.[117] Several CJEU judgements have explained that an investment in the creation of the data does not render database protection.[118] A conclusion from this can be drawn that, in connected devices the data is ‘created’ instead of it being ‘obtained,’ the latter being a condition for protection. It is known that the differentiation of data that is ‘obtained’ and ‘created’ in machine generated circumstances is problematic.
It will be increasingly difficult to satisfy the sui generis right protection requirements in a data economy context, given that the processes of obtaining, verifying and/or presenting the data will happen more and more automatically, using algorithms.[119]Also, the criterion of 'verification' may become less and less pertinent, particularly in an environment which allows for analytics of unstructured data.
[83]Case C-203/02 British Horseracing Board Ltd and others v William Hill Organization Ltd [2004] ECLI:EU:C:2004:695, para 36. [84] DbD article 3. [85] DbD article 7. [86] DbD recital 12. [87] DbD recital 2. [88] DG CONNECT, ‘Study in Support of the Evaluation of Directive 96/9/EC on the Legal Protection of Databases – Final Report’ (prepared for the Commission by JIIP, Technopolis, and Individual Experts Lionel Bently and Estelle Derclaye) [2018] SMART 2017/0084 (Second Evaluation Report). [89]Mark Schneider, ‘The European Union Database Directive.’ [1998]13 Berkeley Technology Law Journal 1, 551–564. [90]Case C-203/02 British Horseracing Board Ltd and others v William Hill Organization Ltd [2004] ECLI:EU:C:2004:695, para 36 [91] DbD article 10(1). [92]AKC Koo, “Database Right Decoded” [2009] EIPR, Vol. 7, pp. 313-319, 2010 , Available at SSRN: https://ssrn.com/abstract=1470676 [93]AKC Koo, “Database Right Decoded” [2009] EIPR, Vol. 7, pp. 313-319, 2010 , Available at SSRN: https://ssrn.com/abstract=1470676 [94]Terry Sanks, ‘Database Protection: National and International Attempts to Provide Legal Protection for Databases,’ [1998] 25FSULR4, 1003. [95] DbD article 7. [96] Martin Husovec,’The End of (Meta) Search Engines in Europe?’ [2014]14Chicago-Kent JIP1, 145-172. [97] DbD article 9. [98]DbD article 1(2). [99] Fixtures Marketing Ltd v. Organismos Prognostikon Agonon Podosfairou [2004] ECLI:EU:C:2004:697(OPAP). [100]Fixtures Marketing Ltd v. Organismos Prognostikon Agonon Podosfairou [2004] ECLI:EU:C:2004:697), (OPAP) Opinion of AG Stix-Hackl, para 40. [101]Technomed Ltd. v. Bluecrest Health Screening Ltd. [2017] EWHC (Ch) 2142 [75] [102]DbD recital 41. [103] DbD article 7(1), [104] Case C-203/02 British Horseracing Board Ltd and others v William Hill Organization Ltd [2004] ECLI:EU:C:2004:695. [105] Case C-203/02 British Horseracing Board Ltd and others v William Hill Organization Ltd [2004] ECLI:EU:C:2004:695, para 84, para 94, [106] Case C-203/02 British Horseracing Board Ltd and others v William Hill Organization Ltd [2004] ECLI:EU:C:2004:695, para 84, para 94. [107] DbD article 7(1). [108] DbD article 7(1). [109] Case C-46/02 Fixtures Marketing Ltd v. Oy Veikkaus AB [2004] ECLI:EU:C:2004:694; Case C-338/02 Fixtures Marketing Ltd v. Svenska Spel AB [2004] ECLI:EU:C:2004:696; Case C-444/02 Fixtures Marketing Ltd v. Organismos Prognostikon Agonon Podosfairou [2004] ECLI:EU:C:2004:697; Case C-203/02 British Horseracing Board Ltd and others v William Hill Organization Ltd [2004]. [110] Case C-203/02 British Horseracing Board Ltd and others v William Hill Organization Ltd [2004] ECLI:EU:C:2004:695, para 84, para 94. [111] The facts of the case are states within 4.2.1 of the thesis. [112] Fixtures Marketing Ltd v. Organismos Prognostikon Agonon Podosfairou (OPAP) [2004] ECLI:EU:C:2004:697. [113] Sylvia Zhang, 'Who Owns the Data Generated by Your Smart Car'[2018]32HJL&Tech299. [114] DbD article 1(2). [115] BGH, 25 March 2010, I ZR 47/08. [116] P. Bernt Hugenholtz, ‘Data Property: Unwelcome Guest in the House of IP’, Available at >https://www.ivir.nl/publicaties/download/Data_property_Muenster.pdf>Accessed 25 April 2021. [117] Daniel Gervais, ‘Exploring the Interfaces Between Big Data and Intellectual Property Law’ [2019] 10 JIPITEC 1. [118] Case C-46/02 Fixtures Marketing Ltd v. Oy Veikkaus AB [2004] ECLI:EU:C:2004:694; Case C-338/02 Fixtures Marketing Ltd v. Svenska Spel AB [2004] ECLI:EU:C:2004:696; Case C-444/02 Fixtures Marketing Ltd v. Organismos Prognostikon Agonon Podosfairou [2004] ECLI:EU:C:2004:697; Case C-203/02 British Horseracing Board Ltd and others v William Hill Organization Ltd [2004] ECLI:EU:C:2004:695, para 42 [119] Case C-203/02 Horseracing Board Ltd and others v William Hill Organization Ltd [2004] ECLI:EU:C:2004:695, para 35.
Comentários