UK: Data - The Elusive Asset

Who owns the information in the information age? This conundrum lies at the heart of the legal analysis of the digital revolution. Its resolution will be to the 21st century what the development of sale of goods law was to the industrial revolution of the 19th.

The traditional UK law approach to ownership of information can be summed up as ‘rights arise in relation to data not in data’. The initial proposition is bland enough: information is not of itself property – for example it can’t be stolen¹. But the ways in which rights and duties arise under UK law over data are varied; and how some of those rights overlap and interweave, more elaborate still. Essentially, we are looking at mechanisms of the laws of contract, confidence, copyright and the newly created database right as the four paths to rights over data. (This is not to mention statutorily imposed regimes of duties and rights, for example under the data protection and computer misuse legislation).

Contract. Subject to usual limitations on ‘freedom of contract’ (arising, for example in non-excludable employment, consumer, unfair contracts and competition legislation) parties are free to contract in the UK as they wish in relation to data. However, by definition, a contract only creates rights and duties enforceable ‘in personam’, by and against parties to it. This isn’t the same thing at all as a property right generally enforceable ‘in rem’ against the whole world outside the contractual context.

Confidence. A traditional maxim of equity is that it will intervene to enforce a confidence. If you can show that your information is secret and identifiable and it was imparted under a duty of confidence then the actual or threatened breach of confidence can be restrained, most effectively by injunction (again a creature of equity) before the unlawful disclosure. The duty of confidence can also be imposed by contract but the equitable remedy has the advantage of extending to third parties outside the contractual relationship.

UK law has flirted with the idea of ‘springboard’ in confidentiality law – where, even though the sources of the underlying information itself are publicly available, nonetheless their arrangement into a particular data set is such as to justify confidentiality treatment as anyone using the arrangement without consent rather than going direct to the sources gets a head start. This is particularly to be watched in customer and similar lists.

Copyright. Copyright has proved an enduring and adaptable legal mechanism for regulating means of expression. Legislators and judiciary have succeeded in diffusing the beam of copyright through the lens of technological change to protect economic interests as they have evolved. This is for two main reasons. First, copyright is not one but a bundle of rights which has grown with means of expression, to cover films, gramophone records, broadcasting, computer software and now the online world. Secondly, since the 1911 UK Copyright Act², it has been recognised that copyright can be ‘sliced’, salami style – for example licences of the same underlying right for different persons, purposes, fields, places, times, etc.

The music business is one of the best examples of copyright’s diversity, with composers, lyricists, publishers, performers and record companies enjoying different rights, exploitable in different ways³. As the information age develops, we will see a similar diversity and proliferation of rights and exploitation online.

Computer software – object code as well as specs and source code – has attracted copyright protection as a literary work in the UK since 1984, the first time our legislature got to grips with digital ‘0’s and ‘1’s – bits and bytes – in the copyright context.

So much for the instructions to the computer, but what about the data to be processed? It is here that the plot starts to thicken. Where the data is a literary work – say, a page of a book or even perhaps a sentence – copyright will attach to that work in the usual way if it is original. ‘Originality’ in this UK copyright sense means here that the work was not copied and was the product of skill and judgment. Compilations – bus timetables, football listings, telephone directories – were until 1998 similarly protected in the UK as literary works⁴.

Database right. However, since the end of 1997, the introduction in the UK of the database right⁵ has brought about a major development. For the purpose of the new rules, ‘database’ is defined as a collection of independent works, data or other materials arranged systematically and methodically and individually accessible (electronically or otherwise). Database right is a new legal ‘sui generis’ right lasting for 15 years which entitles someone who has invested substantially in obtaining, verifying or presenting the contents of a database to prevent extraction or re-utilisation either of a substantial part or repeatedly and systematically of an insubstantial part of those contents. Even so, protection does not extend to the underlying data or material itself, just to the collection.

In order to dovetail database right into copyright, the rules on compilation copyright were changed so that a database (as defined above) only attracts copyright protection if the selection or arrangement of the database contents is the author’s ‘own intellectual creation’, not the much lower traditional UK originality yardstick. The two rights – database right and database copyright – can co-exist in the same database.

The transitional rules applying to databases and agreements current at the start of 1998 are complex, particularly for databases which are more or less constantly being updated.

The database right is very much ‘Made in Europe’ and only exists in a database made by (1) an EEA national or resident, (2) an EEA company with either its central office or main place of business in the EEA or registered in the EEA with operations linked to an EEA economy or (3) an EEA unincorporated body with its central office or main place of business in the EEA.

Existing US databases do not qualify. However, future US databases can enjoy protection if made in collaboration with an EEA body. Any collaboration must be genuine and the EEA party cannot be just a subcontractor – it has to take some development risk.

Once the database right exists it can be assigned (in writing) to a non-qualifying person. Ironically, a US company can buy database rights in an EEA database but an EEA company cannot acquire similar rights in a US database.

What does this all mean for the information age with its huge and constantly growing stores of information, searching and processing power and transmission speed?

Take the life cycle of a stock price – consisting of structured fields of information such as company name, security type, bid/offer price, volume, time, buyer and seller identity, etc.. In itself, the form of this data may qualify for UK copyright protection. The software through which the deal is executed certainly will.

That trade is then aggregated and arranged with all other trades in that stock, at that time, etc and the resulting database will likely and as we have seen attract database right and database copyright. The information will then be supplied under contract by the stock exchange concerned in a real time datafeed to its users. A large banking customer, say, will then take the feed into its own computer system and manipulate the data, perhaps generating charts from it, which may attract yet another copyright. The data for that trade will end up in many data warehouses, where its useful life will be over.

Through this process, many different rights, overlapping and each dependent to a greater or lesser extent on the right preceding it, are created and exploited with great and increasing speed and sophistication. Unscrambling and identifying the rights and economic interests involved is a significant task for the next century.

1 The University of Oxford v Moss (1978) 68 Cr App R 183) where a student who took a ‘sneak peak’ at an exam paper without removing it was found not guilty of theft even though he had read the questions and thereby obtained an advantage.

2 Section 5(2), confirming the exception to the old common law rule that ‘choses in action’ (rights ultimately enforceable only by legal action) were indivisible – i.e. that they could only be transferred (assigned) in whole and not in part.

3 See the example at Chapter 3.5 of the 1996 MMC Report, ‘Performing Rights’ (Cm 3147)

4 Contrast the US Supreme Court decision in Feist Publications, Inc v Rural Telephone Serv [499 U.S. 340 (1991)] which held that the test of originality under US copyright law is higher than ‘sweat of the brow’ in creating a copyright work

5 The Copyright and Rights in Databases Regulations 1997 (SI 3032) implementing EC Council Directive 96/9/EC.