Data, data, everywhere – so how can you protect it?

Data is a big deal, and will continue to be so. There is a huge exponential growth in the production of data – by 2020 it is estimated that around 1.7 MB of new information will be created every second for every human on the planet. That’s the equivalent of an e-book per person per second.

There is more to data than volume though. Data assets can be exploited to improve your products in a virtuous circle: more data used well can lead to a greater understanding of your product and users, leading to more usage, leading to more data, and so on. Data assets can also increase the value of a company considerably – Facebook bought WhatsApp for £11bn in 2014, a 50 employee company with estimated revenue of (only!) £13m the year before.

With that in mind, it’s fair to say that a company’s data is worth protecting, but what rights are available to do this? In the article below, we highlight simple steps that can be taken to help secure the valuable asset that is the data your company owns.

Legal Rights

There are two automatic rights in the UK that could be used to protect a database – copyright and a sui generis (unique and separate) database right.

The law of copyright is complex but useful since it can give rise to automatic rights that protect the work of an author, both for the database itself and for works that are held within the database (if that work also qualifies for copyright protection).

Databases can count as works in their own right and therefore attract their own copyright. Databases are defined broadly: ‘A collection of independent works, data or other materials which are arranged in a systematic or methodical way and are individually accessible by electronic or other means.’[1] Here it is worth noting that a database does not need to be electronic, although most will be – a recent High Court case, Technomed v Bluecrest, is notable in that reports in XML and PDF format were considered to be ‘databases’. We have successfully helped a client defend its position on a non-electronic database; a collection of cards.


In UK law, and as noted above, databases are treated as literary works and so receive copyright protection in their own right. They must be original; that means not copied and of the user’s own intellectual creation, rather than never seen before. Databases have a unique originality requirement, that: ‘by reason of the selection or arrangement of the contents of the database the database constitutes the author’s own intellectual creation’[1]. This implies that while merely sorting a list alphabetically will not be enough, the effort in collecting and organising data may be.

Database Right

In addition to the Copyright discussed above, and presently in the UK (and other EU countries), there is also a separate database right. A database right automatically subsists if there has been ‘substantial investment’ in obtaining, verifying or presenting the contents of the database. ‘Substantial investment’ requires a notable quantity or quality (or both) of at least one of financial, human or technical resources invested.

For a database right to be infringed, there must have been extraction or reutilisation of all or a substantial part of the contents of a protected database without consent of the owner. The database right itself can last for 15 years but it is worth noting that if sufficient effort goes into refreshing the contents then the term may continuously be reset, effectively giving perpetual protection. Since the database right is derived from EU legislation, it is not currently clear what rights a database owner will have when the UK leaves the EU.

The database right has seen little action in the courts but as highlighted in the European Court of Justice rulings – British Horseracing Board v William Hill and Fixtures Marketing v OPAP – the scope of protection of the database right is quite narrow. In both cases, the claimant failed to secure relief for alleged infringement. Where both cases fell down is that the claimant could only demonstrate that substantial investment was made in the creation of the data for the database. This does not result in a database right – the investment must be in obtaining or verifying the data (from an independent source) and in the presentation or organisation of the data in the database.

One important note is that the author of the database (i.e. the person who takes the initiative in investing in the database) is considered the first owner. If the creation of the database has been outsourced it is important to assign the database right. This is also a trap with regard to copyright, which a company does not necessarily own if they have paid a third party to create data. Companies and individuals must ensure that copyright and database rights are assigned to them.

Top tips for protecting your data

– Make use of the free protection available in the UK.

  • Update your database regularly to ensure the protection period refreshes;
  • Keep a record of the resources put into the organisation and maintenance of your databases (it is irrelevant how much time/money was spent generating the contents);
  • Keep records of when the database was created, who had access when, etc. to help prove rights under the UK copyright act;
  • Get and keep assignments of the rights mentioned here.

– Seed your data with flags to highlight if it has been copied. Examples could include adding:

  • Directors’/known addresses within address lists;
  • Redundant loops and comments within code to highlight copying;
  • Deliberate mistakes.

-If sharing online, impose T&Cs on users, entering enforceable contracts with those who can access the database to limit copying/reproduction of your data (aka ‘click-wrap’ agreements).

– If providing physical copies, try a ‘shrink-wrap’ agreement: opening and using the product is considered acceptance of a contract that limits the user’s rights for reproduction etc.

One final note…: Trade Secrets

Arguably the best way to stop others from using your data is to keep it secret! In UK law if an unauthorised party uses confidential information you could obtain an injunction to prevent further use (and other relief such as damages). Obviously, the information is then out in the public but the unauthorised party can be prevented from profiting from your information.

If you do intend to keep information secret you may need to prove that copying has occurred, so seeding your data as suggested earlier may still be useful. Additionally, you should restrict access to your data internally, and be able to prove that keeping it secret increases the commercial value.

For more information on rights available and potential strategies for protecting your data, please contact either Toby Gosnall or your usual Barker Brettell attorney.