Data, databases and what you can do with them

Join the conversation @brownejacobsonJoin the conversation @brownejacobson
Data, databases
and what you can
do with them

giles.parsons@brownejacobson.com
+44 (0)20 7337 1505
Data, databases and
what you can do with
them
richard.nicholas@brownejacobson.com
+44 (0)121 237 3992

Why is this relevant?
• Buying assets in a business?
• Acquiring a database?
• Purchasing data?
• Knowing how you can protect your
database

Prize draw!
What rights are there in a database?

In this webinar
We will review the rights in a database
• Rights held by the author or
maker of the database
• Rights held by data subjects
• What you can do with these
rights (and that database)

What is a database?
A database is a structured set of data:
“a collection of independent works, data or other materials arranged in
a systematic or methodical way and individually accessible by
electronic or other means.”
Directive 96/9/EC

Databases
Examples include:
• A database of individuals, such as
customers/target customers/patients
• A dictionary or encyclopaedia
• A list of products, materials,
insurance or other information
• A website

What rights are there?
In the data itself:
• Personal data (must be processed in
accordance with GDPR)
• Copyright in the units of data
(copyright owned by author or
employer)
• Private information (cannot be
misused)
• Confidential Information (cannot be
misused)
In the database:
• Database right (right owned by maker
or employer)
• Copyright in the database (copyright
owned by author or employer)
• Confidential information (cannot be
misused)

Database right
If something is a database, you get database
right if there has been substantial investment
in the obtaining, verification or presentation
of the contents of that database.
Substantial investment in creating the
contents of the database doesn’t count.

Copyright in databases
• If something is a database, you can
only get copyright in the database
“if, by reason of the selection or
arrangement of the contents of the
database the database constitutes
the author's own intellectual
creation”

Examples
Football Dataco v Yahoo
Arsenal v Huddersfield 3pm Saturday 8 December
Forensic Telecommunications Services
“Each address consists of eight alphanumeric digits,
representing four bytes of binary data in hexadecimal
notation. For example, for model 1100 the addresses are
017F0000 (start) and 01FFFFFF (end). In the case of model
6230 there are three pairs of addresses, one each for
firmware revisions identified as 3.xx, 3.40 and 5.xx. In the
case of some other models, such as 6510 and 7260, more
than one pair of addresses is given, but without identifying
the relevant firmware revisions.”

Examples
Technomed v Bluecrest
A set of classifications of relevant physical characteristics
shown by ECGs ("the Classifications"), such as ventricular
rate [resting heart rate] or PR interval. … For each
Classification, the Database contains a number of options for
how the characteristic tends to manifest in ECG readings
("the Options"). For example, with ventricular rate, the
Options are listed as "normal", "bradycardia" (slow),
"tachycardia" (fast) and "uncertain".
Sky v Digital Satellite Warranty
The Database included records for 9.7 million subscribers.
The details held for each subscriber include name, address,
telephone number, email address, details of their Sky
equipment and installation date.

Literary copyright in
data
If that data is a copyright work and is
the expression of the author’s own
intellectual creation
“The normal resting heart rate sits in a
range of 60-99 beats per minute. Your
heart rate is within normal limits”
Technomed Ltd & Anor v Bluecrest Health Screening
Ltd & Anor
[2017] EWHC 2142 (Ch)

Confidential
information
(1) the information itself ... must 'have
the necessary quality of confidence
about it'.
(2) the information must have been
communicated in circumstances
importing an obligation of confidence.
(3) It must have been an unauthorised
use of the information to the detriment
of the party communicating it.
Coco v Clark

Confidential
information
Employees after employment must keep
trade secrets confidential, but not
“mere confidential information”.
Faccenda Chicken

Copyright
• Copying
Confidential Information
• Misuse
Database Right
• extraction and/or re-utilization of
the whole or of a substantial part
What can you prevent?

Personal data
GDPR (2018)/ Data Protection Act
(2018)/ PECR
“any information relating to an
identified or identifiable natural
person (data subject)”
Natural person – one who can be
identified…by reference to an identifier such
as a name, ID number, location data, online
identifier…or one or more factors specific to
the physical, genetic, physiological, mental,
economic, cultural or social identity of that
natural person

Examples
• Name
• Address
• Date of Birth
• Phone number
• Photograph
• Email address
• Fingerprint
• Foot size
• Job title
• Car registration
• DNA sample
• Portrait
• Names of friends/children
• Favourite Football team
• Purchase history
• Employee number
• IP address
• Religion
• Facebook “likes”
• Club memberships
• Bank account number
• Location at a given time

Personal data
• ‘Data subjects’ have rights in respect
of their personal data (independent
of who ‘owns’ the database)
• There are restrictions on what any
other person can do with that data
(within territorial scope of the GDPR)
• Only the Data Controller has the right
to determine what it is used for (so
check who you’re getting your
database from – e.g. group
companies)

Personal data
Want to use data for your own purposes?
As a controller you’ll need to ensure
your use is:
• Fair, lawful, transparent [Grounds for
processing, FPN – art 14]
• For specified, explicit & legitimate
purposes [are these the same as
those of the original controller?]
• Kept to the minimum required for the
purpose

Personal data
Want to use data for your own purposes?
As a controller you’ll need to ensure
your use is:
• Kept for no longer than necessary
• Kept securely – protected against
loss/damage

Personal data
Are the people on your database
individuals/treated as individuals?
Want to carry out electronic marketing
to any of these people?

So what?
Acquiring a database is not just about
• The files/the software; or
• The Intellectual Property Rights
But also
• The rights of individuals
(confidentiality/privacy)
• And for personal data comes with
considerable additional obligations.

So what?
For any database
• Check what rights you’re getting
• Check what rights others have
• Check who you’re acquiring it from
• Check whether personal data is
included
• Check what you can use the data for
• Check what obligations you’re taking
on

Data, databases and what you can do with them

More Related Content

What's hot (20)

Similar to Data, databases and what you can do with them (20)

More from Browne Jacobson LLP (20)

Recently uploaded (20)

Data, databases and what you can do with them