05-12-2011

Court gives guidance on database legal protections

The courts have given guidance on when unauthorised use of parts of a database by a third party amounts to extraction or reuse of a ‘substantial part’ of that database, which is an unlawful infringement of the database owner’s ‘database right’.

A publisher created a database of around 43,000 nurses and doctors working at GP practices. It licensed Bespoke Data Organisation (‘Bespoke’) to use part of the list by sending a one-off marketing mailing to the nurses in the database. The terms of the licence were that Bespoke would only use the records once, and would delete them once it had done so. In fact it copied the records into its own database.

Guardian Products (‘GP’) and Precision Direct Marketing (‘PDM’) later bought Bespoke’s database and loaded it onto their own system. At that stage about 6,000 of the records were still identical to those originally supplied by the publisher. Another 2,300 or so probably originated from the publisher’s list, but had been updated.

About a year later, GP and PDM sent a mailing on behalf of a client, to part of their database. At this stage, their list included 4,783 identical records from the original list.

The publisher became aware of this mailing because the original records contained ‘seeds’ – people included in the list who will report any unauthorised mailing they receive to the database owner. Some of the seeds received the mailing and reported it.

The publisher claimed GP and BDM had infringed its database rights.

Database rights

A person has database rights if they have made a substantial investment (whether financial, human or technical) in obtaining, verifying or presenting the data in the database. Database rights are automatic, so there is no need to register them anywhere. If they apply, it means the owner of the database can stop someone else extracting or reusing all, or any substantial part, of the database, except in certain limited circumstances.

The law says that extracting or reusing insubstantial parts of the database, if done repeatedly and systematically, can amount to extracting or reusing a substantial part of the database.

The court had to decide whether there had been a substantial extraction of data from the database generally, and/or whether the repeated and systematic extraction of individual records for the mailing by GP and BDM amounted to a substantial extraction.

Quantity and quality

The courts can take either a qualitative or a quantitative approach when deciding whether records amount to a 'substantial part' of a database. If they use a qualitative approach they look at the financial and human investment required to put the database together. If they use the quantitative approach, they compare the number of records extracted against the overall size of the database.

The data in the publisher’s database was collected by sending out thousands of questionnaires, with phone follow-up. It was then entered and checked. The publisher spent around £82,000 per year on the research and around £30,000 entering and checking the data. The court found that the publisher had made a significant financial and human investment in the surviving records, whether 6,000 or 4,783.

Quantitatively, it also decided that both 6,000 (14 per cent) and 4,783 (11 per cent) records amounted to a substantial part of the database (although at the low end of substantial), but decided this partly because of the time and effort required to create each record and keep it up to date.

The court therefore seemed to be saying that the more investment has been made in building a database, the lower the proportion of it that needs to be extracted or reused in order to infringe the owner’s database rights, and vice versa.

It also said that, if insubstantial parts of a database had been repeatedly and systematically extracted for the purposes of a mailing, but they could be recombined to rebuild a substantial part of the database, then that could amount to extraction of a substantial part. It ruled that the insubstantial parts extracted for the GP/BDM mailing could be so recombined, so that their mailing infringed the rules too.

These comments give useful guidance to owners and users of databases, and their clients.

Recommendation

Businesses using databases, or parts of databases, that they have not created themselves should ask the supplier for legally binding warranties (and indemnities) that they do not infringe any third party’s database rights, particularly where the records represent a significant financial and human investment, amount to a significant proportion of the total database or can be combined to rebuild a significant part of the database.