In this blog post, Hari Manasa Mudunuri, a student of University College Of Law, Osmania University, who is currently pursuing a Diploma in Entrepreneurship Administration and Business Laws from NUJS, Kolkata, gives a comparative study of protection of database in USA, EU, and India.
The general understanding of the term “Database” is a base of data. It can be understood as a collection of data that is organized so that it can easily be accessed, managed and updated. Some authors have defined the term in the following manner:
- “An updatable storage of information of an application’s world and managing software that conceals from the user the physical aspects of information storage and information representation.” Dr. Naphtali Rishe ’92: Database Design: The Semantic Modelling Approach
- “A database is a collection of persistent data that is used by the application systems of a given enterprise.” C.J. Date
- “A database is an organized collection of data.” By Merriam-Webster.
From the above definitions, it’s clear that a database means a set of related data and the manner in which it’s organized. The access to such data is provided by the Database Management System (DBMS), which consists of computer software allowing users to interact with one or more databases and provides access to all of the data contained in the database.
The DBMS provides various functions that allow entry, storage, and retrieval of large quantities of information and provides ways to manage how that information is organized.
A DBSM is a computer software that interacts with the user, the database, and other applications to capture and analyze data. However, the terms database and DBSM are used as synonyms.
In those cases where a Copyright can’t protect a right in the database due to lack of a Creative element, a sui generis database right exists to recognize and protect the investment made in compiling the database. Data protection is the process of safeguarding important information from corruption loss.
- In 2002, at the request of the Standing Committee on Copyright and Related Rights (SCCR), the WIPO Secretariat commissioned studies on the economic impact of international database protection concerning intellectual property (IP) in non-original databases. The SCCR discussed these studies.
- The WIPO Diplomatic Conference on Certain Copyright and Neighboring Rights Questions in 1996, which adopted the WIPO Internet Treaties, but the members could not agree on Intellectual Property in Respect of Databases. Although the agreement was not reached, the Conference adopted a Recommendation Concerning Databases.
- The member states of World Intellectual Property Organization (WIPO) have been attempting to create an international protection of non-original databases, which do not qualify for protection under copyright law through a sui generis right, or an alternative solution is to use an approach based protection against misappropriation and unfair practices.
- The European Community adopted, in 1996, and had provisions on sui generis protection of databases.
- The Directive has been implemented in countries of the European Union and by some countries linked to the Union through trade agreements. A few other countries also provide for the protection of unoriginal databases in their national laws.
In India, the personal and sensitive data are protected by the Information Technology Rules, 2011. These rules protect only information about the following:
- Financial information
- Physical, psychological and mental health conditions
- Sexual orientation
- Medical records and history
- Biometric information
Unlike the European Union, India doesn’t have a separate legislation for protecting the database. The various means of protections and rights guaranteed can be traced to the following:
- The rights guaranteed under Article 21 of the Indian Constitution extend to data in electronic form that every citizen has the Fundamental right to liberty and right to privacy.
- The Indian Penal Code, 1860 prevents data theft, and the definition of movable property includes corporal property, thereby information stored on a computer is included in the definition. Hence any theft, misappropriation or criminal breach of trust are punishable under the IPC
- The Indian Contract Act can be invoked by incorporating a separate clause in the contract for confidentiality of the database.
- Section 66E of the Information Technology Act provides for the punishment for privacy violation etc. Apart from this various other sections cover different aspects of enforcing the rights in database.
- The Copyright Act, 1957 protects a copyright to a database
In India, there is no sui generis protection as the government felt that the current protection under the Copyright Act is sufficient, and a need for additional protection has not come up.
- USA doesn’t have a database protection law. A collection of data, which lacks creativity, doesn’t attract legislative protection in the USA.
- For a long period in the USA, many electronic database aggregators, publishers and companies have been lobbying Congress to pass laws on copyright protection to databases. However, no law has been passed till date.
- The United States Copyright Act protects a database. The necessity for a copyright is originality; the courts have from time to time interpreted the meaning of originality and that the requirement is not stringent.
- The rights in the database have been recognized and codified in the European Union in 1996 for the first time.
- The European Union law creates database rights automatically and doesn’t provide for compulsory registration.
- The European Unions Database Directive applies to all databases marketed in the European Union, which contain some element of intellectual creation.
- The EU law has introduced rules of data protection with the objective f harmonizing the national laws of member states. These rules need to implement by the members.
- Some of the Rules laid down in the Directive are:
- Rules on lawful processing of non-sensitive data
- Rules on lawful processing of sensitive data
- Rules of secure processing
- Rules on transparency of processing
- Rule on promoting compliance
- The burden of proof is on the database maker to demonstrate that there has been a substantial investment in determining whether or not there has been sufficient intellectual creation,
- Once this has been established, the database owner is then vested with the right to prevent the unauthorized extraction or re-utilization of the whole or substantial parts of the contents of the database
- These rights last for an initial period of 15 years, plus an additional 15 years for any further investment that the compiler makes which results in a substantial change to the database.
- Under the EU law, the national law must empower the data subject to protect his/her data as per the provisions provided in the Directive. Some of these rights are:
- Right to access
- Right to object
- Independent supervision
- Remedies and sanctions
- The European Court of Justice in a landmark judgment of Football Dataco Limited, Football Association Premier League Ltd, Football League Limited, Scottish Premier League Limited, Scottish Football League and PA Sports UK Limited v. Yahoo! UK Ltd and Others have clarified the circumstances where a database may be protected by copyright U/A 3 of the Directive and when sui generis can protect the database right U/A 7.
- For instance: In the UK, the Data Protection Act provides for the protection of database and specifies eight legally protected Data Protection Principles. They are:
- Fairly and lawfully processed
- Processed for limited purposes and not in any manner incompatible with those purposes
- Adequate, relevant and not excessive
- Accurate and where necessary, up to date
- Not kept for longer than is necessary
- Processed in line with the data subject’s rights.
- Personal information shall not be transferred to countries outside the EEA without adequate protection
The European Union has created the Directive to resolve the issues about the database in 1996. The Directive provides for two forms of protection – copyright and a sui generis right specific to database. The Copyright protects the author’s intellectual creation whereas, a sui generis protection is against unauthorized use of the database n any form when such a database is not a new creation but involves a substantial investment. Thereby the EU countries provide a larger protection of rights and enforcement mechanisms.
In India, the database rights are recognized through different legislations and has scope for further improvement and a consolidated piece of legislation solely for the purpose of protecting the database to keep up with the changing digital world.
The USA needs to enact a separate legislation to provide for the protection of database and the enforcement of related rights about database.