First results of the public consultation on revision of the EU Database Directive

Last 6 October, the European Commission published the first results of the public consultation on revision of the Database Directive 96/9/EC (here) that took place between 24 May and 30 August 2017 (here).

Among the various initiatives to foster European data economy, the European Commission is conducting an ex-post evaluation of the Database Directive. In its view, the Directive should play a key role in increasing legal certainty for database makers and users, and enhancing the re-use of data.

There is however little evidence regarding the application and effects of the Directive. The previous report published in 2005 concluded that “the economic impact of the ‘sui generis’ right on database production is unproven” (here). The 2005 Report (not really positive) invited for more analysis on the Directive’s effects.

After more than 10 years, where the CJEU had to clarify the boundaries of the sui generis right, the aim of the consultation is “to understand how the Database Directive, and in particular the sui generis protection of databases, is used, to evaluate its impact on users and to identify possible needs of adjustment”.

The European Commission asked in particular if:

  1. by creating the sui generis right, the Directive has protected investment in the creation updating or maintenance of a database
  2. the Directive is encouraging investments in advances information processing systems
  3. the Directive reached a good balance between interest of rightholders and users
  4. the Directive has achieved harmonisation
  5. national contract law give more legal certainty than sui generis protection when it comes to prevention of extracting or re-using database content
  6. the Directive still fit for purpose in an increasingly data driven economy

Respondents were a mix of business, academics/research institutions, trade associations, and non-governmental organizations.

At a first glance views are divided, particularly in relation to whether [I have tried to count the answers, including the report of the anonymous replies, taking aside hesitant positions – so apologies for any inaccuracy]:

  • the Directive sufficiently protects investments in creating databases (II.2.1) – pro: 45 / contra 25
  • the Directive has achieved its objective to protect and stimulate a wide variety of databasesand innovation in advanced processing systems (II.2.2) – pro: 38/ contra 39, and development of the data market (II.3.9) – pro: 39/ contra 39
  • the current scope of the sui generisright is still satisfactory (III.5.1) pro (satisfactory – too narrow): 42 / contra (too broad – unclear): 53
  • the original objectives of the Directive are still in line with the needs of the EU (III.1) – pro: 53/ contra 39
  • the Directive is coherent with the EU Data Economy Package objectives (III.4.4) pro: 27 / contra: 34
  • the sui generis right has brought more legal certainty for database makers (II.3.1) – pro: 43 / contra: 42, and lawful users (II.3.2) – pro: 38 / contra: 47
  • the Directive achieves a good balance between interests of rightholders and users (II.2.4) – pro: 32 / contra 49
  • the Directive had a positive effect on (i) access to data (II.3.5) – pro 29 / contra (negative or no effect) 57; or (ii) re-use of data (II.3.6) – pro: 30 / contra (negative or no effect) 51
  • national case law gives more legal certainty than the sui generis right (II.2.6) – pro: 30 / contra: 35
  • whether the Directive still fit for purpose in an increasingly data driven economy (2g) – pro: 36 / contra: 47
  • whether the restriction drawn by the CJEU on the scope of the sui generis right (i.e., no protection of the investment made in the creation of data) had positive effect on the scope of the protection of database (III.9.1) – pro: 33 / contra: 27
  • The sui generis right should apply to databases which contain automatically collected and/or machine-generated data (III.10.2) – pro: 20 / contra: 36

As said, opinions are divided, although at a first glance, the general outcome seems not very positive.

It is difficult to foresee which adjustments the European Commission is willing to propose, if any. It is known that the introduction of the sui generis right has been largely criticized (going in the opposite direction than that endorsed by Feist in the US). And it does not seem that any other country has been inspired by and replicated our EU database protection system. Both the 2005 evaluation and this public consultation highlighted that the subject matter and the extension of the sui generis right are often unclear. Indeed, the CJEU intervention has been necessary to limit an excessive extension and the possibility to protect the investments in the creation of data (only those relating collection, verification and presentation of data can be protected – see here and here). However, the points raised in this consultation seem to suggest that the European Commission is trying to question the CJEU approach. The European Commission indeed has inquired about the respondents’ approval of the CJEU interpretation (to ask whether they would instead include also the creation of data under the database right) and whether businesses have appetite to explore the extension of rights also in non-personal raw data (machine generated data), at the moment excluded by the scope of the database right (that requires the investment in the “organization” of data – i.e., the contrary of “raw” data). Thus it seems that apparently the goal is finding confirmations from the market to legitimize a stronger legislative approach to data.

As a confirmation, the European Commission has already launched at least two other recent consultations about the opportunity to strengthen the legislative approach to data, respectively in (i) 2016, see the “Synopsis report – public consultation on the regulatory environment for data and cloud computing”, of 12 May 2016 here at § 4.2.4.; and (ii) in 2017, see the “Synopsis report – public consultation on building a European data economy, of 7 September 2017, here, at p. 5. However, the answer of the market seems always the same: the data value chains are extremely varied, making it difficult to design one-size-fits-all solutions, and freedom of contract should prevail (see here for our comments against the introduction of new exclusive rights in data).

Instead, adjustment can be introduced in the boundaries of the exclusive given by the sui generis right, such as the concept of “substantiality” of the extraction/re-use (Art. 7 of the Database Directive) and – above all – exceptions. Exceptions – especially those for research – should be made mandatory and not optional (see Articles 6.2 and 9 of Database Directive). In this regard, it should also be advisable to introduce the Text and Data Mining (TDM) exception suggested by the DSM Copyright Directive Proposal (see our comments here). However, we repeat that the new exception should allow also TDM for commercial purposes although based on compensation (paying access), in order to stimulate auto-regulation and new access schemes. TDM is not competing with the exploitation of the original database (in line with Art. 8.2 of the Database Directive) and seems instead a good mechanism to ensure flexibility and open data (that is a real instrument to foster a European data market).

In any case, the public consultation should push the European Commission to analyze the economic impact of the ‘sui generis’ right, in order to justify its stay in the EU acquis. We will keep monitoring the next communications from the European Commission on this issue.

Francesco Banterle

“Data ownership” in the big data era: some thoughts on the new Bird&Bird White Paper – what’s next for the EU?

Few days ago, a Bird&Bird team (Benoit Van Asbroeck, Julien Debussche, and Jasmien César) published a white paper about “Data Ownership” in the EU legal framework (available here).

The paper is issued within the Toreador Project (Trustworthy model-aware analytics data platform – a three-year big data research project funded by the EU Commission), and fits within the EU Commission’s strategy towards data.

The White Paper makes a thorough analysis of the EU acquis on data ownership. In sum, the paper affirms that:

  1. no EU legislation directly regulating ownership in data exists;
  2. a number of legislations provides other forms of protection to certain data. In particular the IP law area, namely: database rights; copyright; and trade secrets. However, none of these provides an adequate protection of ownership in data (e.g., sui generis right does not protect data as such; trade secrets require information to remain secret, etc.);
  3. EU case-law does not acknowledge an ownership right in data, with minor exceptions at national level where Courts occasionally addressed the data ownership issue;
  4. scholars are suggesting a new interpretation of current civil law provisions;
  5. while the paper does not provide an extensive examine of data protection legislation, it suggests that personal data is not necessarily owned by individuals. Instead, an ownership right in personal data for data controllers can be recognised, although subject to the individuals’ control.

The paper concludes that the current legal framework does not sufficiently deal with all issues related to data. Indeed, the data ownership is complicatdata-cycleed by the data value cycle which can involve numerous stakeholders (ISPs, IT providers, data providers such as marketplaces, data analytics service providers, data-driven services, etc.). Actors involved in the data value chain have no certainty as to the ownership of the data they process. Hence, the data ownership issue would require a new solution. The paper suggests creating a non-exclusive and flexible ownership right in datasets, with a data traceability obligation as a safeguard. 

Many points of this White Paper are in line with our view. In a paper presented in a conference about a holistic approach on personal data held by the Max Plank Institute in October 2016 (some slides are available here), I analysed the interface between IP rights (database sui generis right and trade secrets) and data protection rules. The latter in fact allow data controllers to exercise control over data, thus creating a semi ownership regime (though some scholars say it should be seen as a sort of licence on personal data granted by individuals). And I concluded that this interface produces an ownership regime on data, which can be strong although it cannot cover all situations. Residual areas are currently regulated by contract or by technology measures.

Property in data challenges civil law principles: information has public nature; property and IP rights are subject to the numerus clausus principle; and res incorporales are generally not included in property rights. Whether a new right on data should be created is debated (in a recent public consultation promoted by the EU Commission, here, the market answered “no”). We however agree that such possible new right should not be exclusive nor absolute. An exclusive right would risk blocking access to data. Access to data appears crucial in this data driven-economy. Big data requires data reuse, data enrichment, and access to multiple sources of raw information (in certain cases, we won’t be surprised to think about big data as essential facilities). At the current stage, it is impossible to predict where value will be created. Thus, a flexible approach to data is welcomed.

In this context, instead of a property rule, a liability rule appears more balanced. In other words, in certain cases the new right should entitle the data owner to receive payment for its data but would not allow him to exclude other from its access. This solution should be introduced for commercial uses of data only. Research uses should instead remain free, in line with the approach taken by the proposed Directive on copyright in the Digital Single Market (here).

Francesco Banterle

Topographic maps as databases: CJEU

The CJEU ruled that topographic maps may fall within database protection under Directive 96/9 (full text here). The dispute concerned the use by Verlag Esterbauer, an Austrian travel books publisher, of certain topographic maps published by the Land of Bavaria. In particular, Verlag Esterbauer scanned the maps and extracted the underlying geographic data with a graphics programme to produce and market its own maps dedicated to walkers and cyclists.

According to the Court, the concept of “database” must be interpreted widely, as collections of works and/or other data, in any form, without technical or material restrictions, therefore applying also to analog databases. Indeed, the Court stressed the “functional” nature of database protection and its aim at fostering investment in data processing systems.

The main requirement of a database under Art. 1(2) of Directive 96/9 is the existence of “independent materials”, i.e. separable without affecting their value. Independent materials can also consist of combination of pieces of information, if they have autonomous informative value after being extracted. This may be the case of geographical information (e.g., “geographical coordinates point” plus “the numbered code used by the map producer to designate a unique feature, such as a church”), as long as the extraction of such data from the map does not affect their autonomous value. Under the broad definition of database, this autonomous value shall be assessed vis-à-vis the degree of interest of third parties to the extracted material, irrespective of the fact that such value might diminish after the extraction.

The Court found that in the captioned case: (i) Verlag Esterbauer made an autonomous commercial use of the information extracted from the Land of Bavaria’s maps, and (ii) it provided its customers relevant geographical information. Thus, such geographical information constitutes “independent material” from a database.

It seems all too evident that the Court, in line with its settled case-law (see our comments on the Ryanair case here), keeps broadening the notion of database under Directive 96/9 with the aim of further protecting investments in the information market.

Francesco Banterle

CJEU, 29 October 2015, Case C-490/14, Freistaat Bayern v Verlag Esterbauer GmbH

ECJ: the Owner of an Online Database not Protected by Copyright or Sui Generis Right May Limit its Use by Contract

On January 15, 2015 the Court of Justice of the European Union (ECJ), in Ryanair Ltd v PR Aviation BV, C-30/14, handed down a decision concerning the interpretation of Directive 96/9/EC on the legal protection of databases (full text here). The case concerned the unauthorized extraction of flight data (so called ‘screen scraping’) from Ryanair’s website by the PR Aviation, which operates a price comparison website where users can also book a flight on payment of commissions. Access to Ryanair’s website requires acceptance of the air company’s T&Cs, by ticking a box, which prohibit unauthorized ‘screen scraping’ practices.

Ryanair brought proceedings against PR Aviation before Dutch courts for infringement of copyright and sui generis right on its database as well as breach of contract. Upon preliminary ruling requested by the Dutch Supreme Court, the ECJ ruled that the Directive 96/9/EC is not applicable to databases which are not protected either by copyright or by the so-called sui generis database right granted to the maker of the database (whether Ryanair’s website may be entitled to such protection shall be determined by the competent national court).

Therefore, according to the ECJ, mandatory exceptions to restricted acts laid down by Articles 6 and 8 of the Directive (allowing the ‘lawful user’ of the same to use the protected database without the author’s or maker’s consent, in certain cases and if certain conditions are met) do not prevent the database owner from laying down contractual limitations on its use by third parties, while the same contractual limitations are null and void vis-à-vis lawful users of those databases which benefit from copyright and/or sui generis right protections.

While the interpretative principle outlined by the ECJ is actually not very striking (insofar as it is rather clear from the literal text of the Database Directive that the legal regime implemented by it – including the mandatory rights of ‘lawful users’ – only apply to those databases which can be protected with copyright or the sui generis right), it is important to highlight that, according to general principles of contract law, any contractual provisions governing the use of unprotected databases may only be binding on third parties who accepted those provisions (and that, accordingly, should be deemed to be already aware of their content) and, conversely, cannot bind any third parties extraneous to the contractual relationship with the website owner. In the Ryanair case discussed above, the ECJ makes clear that the company that had ‘scraped’ Ryanair’s flight data without authorization had previously accepted Ryanair’s general T&Cs by ticking a box to that effect. What about if ones were to take the disputed flight data not from Ryanair’s website but from the price comparison’s website? In this scenario, Ryanair’s T&Cs, notably the ‘screen scraping’ prohibition, should not be deemed to apply.

Federica De Santis

Court of Justice, 15 January 2015, C-30/, Ryanair Ltd v PR Aviation BV, C-30/14