LAWS OF DATABASE PROTECTION

Author: Eugenia Preethi.

Contents

S. No. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12.

Particulars Introduction Methodology Concept of database IP Laws Need for protection Sui Generis Concept Law in European Union Law in US Global Database Database in India Conclusion Bibliography

Page No. 4 5 6 7 11 13 14 19 22 23 25 26

Abbreviations:

CODATA DPC EC ECJ EEA EOW EU EEA ISP IT ICSU PC PTL QB TRIPS WIPO WMO

Committee on data and information Data Protection Commissioner European Commission. European Court of Justice European Economic Area. Economic Offences Wing European Union European Economic Area. Internet Service Provider Information Technology International Council for Science Privy Council Parsec Technologies Inc. Queens Bench Trade Related Intellectual Property Rights World Intellectual Property Organization World Metrological Organization

Introduction:

The Electronic Commerce Law in its expansion necessities the protection for information stored or collected. Wherefore, nations are compelled to frame laws for protecting and preserving data sooner or later.

In the absence of such laws the Justice Systems would not find an easy road to solve the alarming rise in disputes.

The project analyzes in detail laws protecting database. An evaluation is made of these existing laws and suggests ways for better cleaner digital environment.

Methodology:

The research methodology used in this project is both analytical and descriptive. This project is done with a good amount research; analysis into history and jurisprudence in order to understand more clearly the existing scenario and to arrive at better solutions.

Database is recognized as a component of Intellectual Property Laws. Copyright laws to a certain extent cover databases under literary work. Database is viewed as an extension of the historical clash between two conflicting models of copyright protection for compilations. The European Directive, United Kingdoms Database Protection Act and HR Bill of the United States of America, World Intellectual Property Organization are compared and analysis is made and how far they affect the rest of the world is also monitored. Recent cases in Europe, Canada, United States and India with regard to database is also analyzed.

In this regard better ways of framing a comprehensive database protection law in India is suggested.

Concept of data base Data protection law was inspired by the growth of networking in 1970s, can be traced to the European Convention of 1981. The law was broadened and refined by European Directive of 1995, which stated protection of individuals with regard to the processing of personal data and on the free movement of such data.1 Based on EU Directive, database is a collection of independent works, data or other materials which are:

arranged in a systematic or methodical way individually accessible by electronic or other means2

Basic definitions are fundamental to data protection laws. Unless data is within the meaning of personal data, the Data Protection Act, 1998 (UK) cannot apply to them. This definition is made in two stages: Data is defined and is followed by a definition of personal data. Another vital definition is that of processing.3

The most important definition is contained in Section 1(1), data means information which Is being processed by means of equipment operating automatically in response to instruction given for that purpose. It is recorded with the intention that it should be processed by means of such equipment It is recorded as a part of relevant filing system or with the intension that it should form part of the relevant filing system Information forming part of accessible record covers certain health, educational and public records which are not processed or intended to be automatically and which are not relevant filing system. Public authority information was inserted by the Freedom of Technology Act, 2000. It relates to unstructured manual personal data held by or on behalf of the public authority. The Oxford Concise dictionary defines data as: known fact or things used as a basis for inference or reckoning and quantities or characters operated on by a computer. Image data in the form of photographs are included in the definition of data.4 The definition of data processed by equipment operating automatically should be wide enough to cover not only information processed by computer
1 2

1995/46/EC Copyright and Related Rights Act 2000 (IE), s 2(1). 3 David Brainbridge, Data Protection Law, Second Edition. 4 Douglas vs. Hello Ltd. (2003) EMLR 585.

as such but also where information is transmitted electronically, such as by telecommunications system or over the internet or stored digitally. For example: by taking a photograph using a digital camera or even a camera using a conventional film. Recording on video tape, CD/DVD should also be covered. H.R. 3531, of US defined a database to include a collection of "work, data or other materials" in any form, i.e., both electronic and non-electronic.

Intellectual Property laws

Database is considered as a component of Intellectual Property laws. Presently database is governed by copyright, patent, contract, trademark laws. By and large it is governed mostly by copyright and patent laws with regard to intellectual property.

Patent law: Patents give monopoly rights to the inventor for a fixed time period. This right acts as an incentive and encourages the patent holder to invent. Patent does not protect ideas. Patent will be

granted only for inventions that are new, which has industrial application and which involves an inventive step. In Ram Narain Kher vs. Ambassador Industries5 the question was whether an invention which was not in itself new would be entitled a patent. It was held that the particular use of the invention for the purpose described in combination with the other elements of the system for producing advantageous results would be a sufficient element of novelty to support the patent.

Database contents are not new. Neither collection of database is an inventive step. Hence database cannot be patented. Under the Indian law computer programs however sophisticated is not patentable. Computer programs and computer database have been considered as literary works for the purposes of copyright protection.6

Copyright law:

5 6

AIR 1976 Del 87 S2(oo) of the Copyright Act, 1957.

Copyright law creates a system of property rights for certain kinds of intangible products, generally works of authorship.7 Copyright protection extends to literary, dramatic, musical and artistic works, cinematograph films, sound recording. In order to secure copyright protection sufficient judgment, skill and labour or capital must be bestowed on the work. It is immaterial if the work is wise or foolish, accurate or inaccurate, whether it has literary merit of not.8

The owner of a copyright has no monopoly in the subject matter. Others are at liberty to produce the same result provided they do so independently and their work is original.9 Another person may create another work in the same form provided he does so from his own resources and makes the work he so originates a work of his own labour and industry bestowed upon it.10

Copyright is a right given to or derived from works and it is not a right in novelty but of ideas. It is based on the rights of an author, artist, composer, to prevent another person from copying the original work. There is nothing in the notion of copyright to prevent another person from providing an identical result, through independent process Copyright is not in ideas but in material form only. In the field of literary work the words chosen by the author to express his ideas are peculiar to him and no two descriptions of the same idea or facts can be in similar works.11

The Copyright scenario is very clearly stated by the Supreme Court of India. In the case of Eastern Book Company vs. D. B. Modak
12

Held, to claim copyright protection in a derivative work,

the author must produce the material with exercise of his skill and judgment with a flavor of creativity which may not be creativity in the sense that it is novel or non-obvious, but at the same time it is not a product of merely labour and capital. The copyright work which comes into being should be original in the sense that but virtue of selection, co-ordination or arrangement of the pre-existing data contained in the work, a work somewhat different in character is produced by the author. To support copyright there must be some variation and not merely a trivial variation, not the variation of the type where limited or unique ways of expression are available and an author selects one of them which can be said to a garden variety.

Copyright protection finds its justification in fair play. When a person produces something with his skill and labour, it normally belongs to him and the other person will not be permitted to make a profit out of the skill and labour of the original author and it is for this reason that the

7 8

Information Technology related Intellectual property rights; pp23 Walter vs. lane [1990 AC 539] 9 Halsburys Law of England, 4th ed. 10 Ravencraft vs. Herbert [1980 RPC 103] 11 Law relating to Intellectual Property; B.L. Wadhera; pp 266. 12 (2008)1 SCC 1.

copyright Act, 1957 gives to the authors certain exclusive rights in relation to the certain works referred in the Act. The object of the Act is to protect the author of the copyright work from an unlawful reproduction or exploitation of his work by others.

Copyright is a right to stop the others from exploiting the work without the consent or the ascent of the owner of the copyright. A copyright law presents a balance between interests and right of the author and that of the public in the public domain, or to claim the copyright and to protect it in the Copyright statute. One of the key requirements is that of originality which contributes, and has direct nexus, in maintaining the interests of the author as well as that of protecting the matters in public domain. It is a well accepted principle of copyright that there is no copyright in the facts per se, as the facts are not created nor have they originated with the author of any work which embodies these facts. The issue of copyright is closely connected with that of commercial viability, and commercial consequences and implications.

What rights the author has in his work by virtue of his creation, are defined in S14 and 17 of the Act. For copyright protection all literary works have to be original. Broadly, speaking there would be two classes of literary works: Primary or prior works: these are the literary works not based on existing subject-matter and, therefore, would be called primary or prior works; and Secondary or derivative works: these are literary works based on existing subject-matter. Since such works are based on existing subject-matter, they are called as derivative works. The Canadian Supreme Court in CCH Canadian Ltd. v Law Society of Upper Canada13 held that to be original the work must originate from the author, not to be copied from another work, and must be the product of an authors exercise of skill and judgment. The exercise of skill and judgment required to produce must not be trivial that it could be characterized as a purely mechanical exercise. Creative works by definition are original, and are protected by copyright, but creativity is not required in order to render the work original. The original work should be the product of an exercise of skill and judgment and it is a workable yet fair standard. The sweat of the brow approach to originality is too how a standard which shits the balance of copyright protection too far in flavor of the owners right, and fails to allow copyright to protect the publics interest in maximizing the production and dissemination of intellectual works. On the other hand, the creativity standard of originality is too high. A creative standard implies that something must be novel or non-obvious concepts more associated with patent law than copyright law. By way of contrast, a standard requiring the exercise of skill and judgment in the production of work avoids these difficulties provides a workable and
13

(2004)1 SCR 339

appropriate standard for copyright protection. Thus, the Canadian Supreme Court is of the opinion that to claim copyright in compilation, the author must produce a material with exercise of his skill and judgment which may not be creativity in the sense that it is not novel or non-obvious, but at the same time it is not the product of merely labour and capital.

Although for establishing a copyright, the creativity standard is not that something must be novel or non-obvious, but some amount of creativity in the work to claim copyright is required. It does require a minimum degree of creativity. To support copyright, there must be some substantive variation, not merely a trivial variation, not the variation of the type where limited or unique ways of expression are available and an author selects one of them which can be said to be garden variety. Novelty or invention or innovation idea is not the requirement for protection of copyright but it does require minimal degree of creativity.

Database as literary work:

It is due to the fact database falls under the category of literary works. To secure copyright for a product it is necessary that the labor, skill and capital should be expended sufficiently to impart to the product of some quality or character. A literary work need not be of a literary quality. An index of railway stations or a list of stock exchange quotation qualifies for a literary work if sufficient effort has been taken in compiling it, to give it a new and original character. In Gleeson vs. Denne 14 it was held that if one works hard enough, walking down the streets, taking down in the streets, taking down the names of people who live at houses and makes a street directory as a result of that labour, this has been held to be an exercise sufficient to justify in making claim to copyright in the work which is ultimately produced. Encyclopedia Britannica, Wikipedia, newspapers on net are all databases.

Need for protection

Advances in technology make it easier to store, compile, organize and use data. Database faces the dilemma of protecting their rights while exploiting it. Credit card online payments, e-mails etc is becoming part are becoming part and parcel of day to day activities. Such activities are taken care of by computers. When data is put in the computer system or internet copyright protection for every expression put on it is practically impossible. Even if database satisfies the requirement of
14

1975 RPC 471

originality, creativity is an issue. Originality has to be proved in order to make copyright protection enforceable. However since database can be changed or copied faster and quickly through advances in technology, again it becomes practically impossible.

Doctrines: Database protection can be viewed simply as an extension of the historical clash between two conflicting models of copyright protection for compilations. The first model advocates that databases and factual compilations receive protection per se, i.e., without any showing of creativity or original authorship. Proponents of this theory, better known as the "sweat of the brow" or "industrious collection" doctrine, justify their position by arguing that protection should be extended to databases as a reward for the hard work and investment required to compile the facts and information contained in the database. Such a reward provides compilers with the incentive to develop new databases. Under this doctrine, protection extends to the otherwise unprotected facts contained in the compilation. The second doctrine rejects the notion that databases without any originality or creativity should be protected. Instead, advocates of the second model would only extend copyright protection to the "expression" contained in the database, which is limited to the original selection, coordination, or arrangement of facts in the database -- but not the facts themselves. 15 In the 1991 case of Feist Publications, Inc. v. Rural Telephone Service Co., Inc.,16 the U.S. Supreme Court resolved the issue that had divided the lower courts and unanimously rejected the "sweat of the brow" or "industrious collection" doctrine. Moreover, even though the Court recognized that the selection and arrangement of facts could create the requisite "originality" for copyright protection, it emphasized that the copyright in the compilation would be "thin," i.e., it would extend to the particular selection or arrangement of facts but not to the facts themselves. Thus, by rejecting the notion that databases could be copyrighted without demonstrating originality and emphasizing that facts and ideas are not copyrightable, the Court appeared to settle the long-standing clash between the two conflicting models of compilation protection.

Factors:

15

Sui generis database protection; Jonathan Band; D-Lib Magazine, June 1997

16

449 US 340 (1991)

Database is protected against piracy through a combination of legal and technical means primarily copyright and contract, but also patent, trademark, trade secrets, and encryption. This legal and technical environment, however, has changed significantly in recent years because of the following factors:

Digital environmentindividuals can now copy and distribute publications and large amounts of data at little cost or effort;

U.S. Supreme Court Feist decision and similar decisions in European high courtsrestated copyright law principle denying protection to databases produced by sweat of the brow (i.e., databases created with large amounts of money, effort, or labor) but without creativity; and

European Database Directiveprovides 15 years of protection for the contents of the database and each significant update, and permits database owners to prevent the use of substantial parts of the database. The directive also has a reciprocity clause which states that only countries which offer similar protections to EU nationals will receive this new level of protection within the European Economic Area.

Notwithstanding the Feist decision, most databases are protected by copyright, which protects the creative elements of a databasethe selection, coordination, and arrangement of the information although not the facts themselves. For example, the yellow pages are protected by copyright because the organization of information, use of boxes, colors, etc., required thought and creativity. On the other hand, the white pages are a simple alphabetical listing, which is not protected by copyright. Most databases used by scientists either fall under copyright law or are in the public domain and available to all. Scientists can generally use copyrighted material because of a fair use exception.

Sui generis concept

Immediately after Feist decision, the European Commission began to consider intellectual property treatment of databases. Ultimately, it was adopted that database directive had a two tier approach. The top tier provided Feist -like protection-that is, copyright protection for original selection and arrangement of facts in the database. A second tier provided sui generis protection, prohibiting the unfair extraction of a substantial part of a database reflecting significant investment. A database could simultaneously receive both types of protection: copyright protection for the expression -the selection and arrangement of the data; and sui generis protection against the extraction of a qualitatively substantial part of the data itself. The sui generis protection lasts 15 years, while the copyright protection lasts for the life of the author and 70 years. .

Firstly, large investment is made in compiling and maintaining databases needs additional protection from the digital, on-line world which makes copying databases as easy as logging on to the worldwide web. Secondly, the existing copyright law -- particularly the decisions implementing Feist -- provides no protection for large amount of on-line databases which are used by means of a search engines. In the absence of selection and arrangement, required for literary works, no copyright protection is available. The utility of contract law is also uncertain. No business or organization can afford to ignore the issue of sui generis database protection. Sui generis protection will add to the bottom line of the business. It is a right to prevent others from extracting or using the data, either absolutely or until a license fee is paid.

Law in European Union The EU Database Directive17 was created to harmonize the intellectual property laws regarding databases of European Economic Area (EEA) by supplementing copyright to protect databases produced by sweat of the brow. The Directive came to effect from 1998. The Directive creates a new kind of intellectual property protection (a sui generis right, which means of its own kind) for databases produced in the EEA. Under the Directive, database producers can prohibit use of more than an insubstantial part of the database. The term of protection is 15 years, but each time the database is updated significantly, the entire database (not just the updated parts) receives another 15 years of protection. Consequently, active databases apparently can be protected in perpetuity. Member countries are permitted to designate exceptions and limitations in their implementing legislation, as long as the exceptions do not conflict with the normal exploitation of the database. Most countries which have implemented the directive have granted exceptions for science and education as long as these activities do not serve a commercial purpose. France does not permit any exceptions. This is a narrower exception than that granted in copyright. In addition, many EU countries have freedom of information acts, which provide for access to government data, but it is not clear whether they can be overridden by the Database Directive. Moreover, freedom of information acts does not include data collected or disseminated by state-owned companies operating under market conditions without a public service obligation. Finally, basic principles of European law may in some cases constrain the ability of database makers from exercising monopoly control over information protected by the Database Directive.
17

Directive 1996/9/EC on legal protection of databases.

The EU Consumer Law Acquis Database18 The Database presented here is an output of a research project called "EC Consumer Law Compendium", which is being conducted by an international research group on behalf of the European Commission. It provides access information on eight consumer law directives, their transposition into the laws of 27 EU Member States. The Database covers eight directives, namely:

the Doorstep Selling Directive 85/577 the Package Travel Directive 90/314 the Unfair Contract Terms Directive 93/13 the Timeshare Directive 94/47 the Distance Selling Directive 97/7 the Price Indication Directive 98/6 the Injunctions Directive 98/27and the Consumer Sales Directive 99/44.

UK: Data Protection Act, 1998: An overview of the legislation leads to two apparent themes.19 Firstly, it seeks to identify a few core rights of data subjects, such as the right to know what data is held on them. Secondly, it restricts data controllers by making them specify the purpose for which data is collected and then insisting on their subsequent use. Personal Data The legislation protects personal data, which means information relating to a person who can be identified. Taken literally, the expression seems to suggest a broad meaning: any reference to the data subject is caught so long as the person is identifiable. But in Durant vs. Financial Services Authority20 case, the Court of Appeal suggested that the data must be personal in the stricter sense: it must have the data subject as its focus, and must be biographical. Accordingly, when Michael Durant made a complaint about his bank to the Financial Services Authority, the Authoritys file on his case was not within the legislation: it related to Durants complaint, not to Durant personally, except insofar as personal views on him were expressed. If correct, this suggests a very
18

www.eu-consumer-law.org Law of Electronic Commerce in UK; Steve Headley; pp 84 [2003] EWCA Civ 1746

19 20

narrow ambit for the legislation. Strong controls apply to one sub-set of personal data, namely, sensitive personal data21. After a complaint by Durant to the European Commission, the commission is now enquiring whether the UK Act complies with the EU law.22 Processing of personal data, includes just about any activity involving the data. Processing includes obtaining, keeping, organizing, storing, altering, adapting, retrieving, using or destroying data; in short is processed continually and without a break from the time it is acquired to the time it is erased. Even if the relevant PC or server has been turned off, the data is still stored and so is being processed for this purpose. The Directive sums itself up in five principles relating to data quality; UK law covers the same grounds in eight data protection principles. Exceptions certain activities are exempt from the legislation. The exemptions in respect of electronic data are as follows: Domestic use, such as recreation and household family administration, is not caught by the legislation.23 Journalists, artists and writers of literary works benefit from a broad exemption for freedom of expression. The exemption applies if the data processing is solely for a journalistic, literary or artistic purpose, compliance with the legislation is incompatible with the purpose, and the data controller reasonably believes that publication would be in the public interest. 24 Health and social work each has its own special rules modifying the rights under the legislation and providing some exemptions. Research of various sorts is exempt. National security and police work is exempt, through the precise limits are unclear.

Enforcement of the rights and duties in the legislation is primarily carried out by the Information Commissioner (UK) or Data Protection Commissioner (IE), against any data controller within the jurisdiction. The Commissioner has the power to investigate complaints, if necessary by conducting searches and seizing documents.
25

Where a particular individuals breaches data protection law (or

other laws) are so substantial, or affect so many consumers, that the collective interests of consumers, can be said to need protection, then enhanced powers are available under the Injunctions Directive.26
21 22

Data Protection (Amendment ) Act,2003. Walden. I; Anonymising personal data; pp 224 23 Lindqvist (2003), ECJ, case C-101/01 24 Campbell vs Mirror Group Newspaper Ltd [2002] EWHC 499 QB 633 25 Data Protection Act, 1998. [UK]; s 50. 26 European Communities (Protection of Consumers Collective Interests) Regulations 2001 [IE], SI2001/449.

Obtaining data - The data subject must give consent to the data controller. Where the data is given at a web site, certain aspects of the page will be crucial. How clear is privacy policy and the data subjects consent is significant. A certain amount of data is necessarily transferred during communication using ICT and much of it may be recorded. Mobile telephones necessarily include transfer of traffic data including data from which the location of the phone may be ascertained. Communications over the internet will similarliy involve some information about the sender of the message. All of these records will include the time as to when this information were sent. The data protection regime applies to the extent of personal data is present. 27

Regular users of amazon.com cannot fail to notice that the site greets them by name, recommended books based on previous purchases, or even offers to buy back old purchases secondhand. Consent through repeated use in those circumstances would be hard to deny, though this would not justify the use of personal data for non-obvious purposes. The use of spy ware for gathering personal data is plainly a breach of legislation: by definition, there is no information as to the identity of the data controller. It has been argued that these mechanisms cause data to be proceeding in the targets own machine, and therefore there is processing within the jurisdiction and the Act applies in full force.28

Personal data may arrive from a number of sources other than from data subject themselves. One firm may sell customer data to another or perhaps swap customers list. Many e-commerce sites encourage customers to recommend people who would buy. The legal duty is to notify the person whose data is transferred or as soon as is practical thereafter. The notification must include the identity of the data controller, the purpose for which data is collected and any other necessary information.

The Data controller must take reasonable steps to keep the data secure: to guard against unauthorized taking, alteration or other processing against accidental loss or destruction of data. The legislation demands particular care when the processing is sub-contracted to another. There must be a contract for this purpose. This is to bind the parties legally.

Transferring data- Placing personal data on the web site is an example of transferring data. Consent to this must be given by the data subject. In the case of Lindquist,29 the defendant created a page on her

27 28

Rowe. H & R.McGilligan; Location Technology and Data Protection (2001) 17 CLSR 333. Scherzer; EU regulation of processing of personal data by wholly non European based web sites. [2003] EIPR 292. 29 Lindqvist, [2003] ECJ case C-101/01

personal website to help those preparing to take their first communion at her local church. This included some personal details of people they could turn for help. This was held to be an infringement of the data protection Act on wrongful disclosure of sensitive personal data. The European Court of Justice held that she was quite properly fined 450 pounds for this.

Exporting data outside EU

In general personal data may not be transferred outside the EU or EEA. This is on the ground that jurisdictions that do not apply the data protection directive cannot be relied upon to provide adequate protection for the rights of data subjects. There are two exceptions to this: The EC may certify that particular jurisdictions meet the required standards. The commission can provide for contract clauses

For particular jurisdictions the EC can determine that transfers are safe if the transferee will sign up to certain standard terms, such as safe harbor arrangement in US. Standard contract clauses for transferring personal data to their nations have been drafted by the EU.

Law in United States Databases are accorded little protection under copyright law, as a result of the Supreme Court's decision in the feist case. Businesses which produce compilations of data have lobbied for protection.

In 1996, HR 3531 bill had a sui generis approach, thus creating a new property right. This bill failed due to 25 year term of protection, no fair use exemptions, and criminal penalties and there was no exception for government data. In 1997, HR 2652 bill also failed while its key provisions were 15 year term protection, No criminal penalties to non-profits, exceptions for non profit science unless harm to potential markets, exception for government data unless overridden by contract or collected by public private partnership. The White House has identified five principles for database legislation:

the language should be simple, minimalist, and clear; there must be exceptions for government data; prohibited activities should be clearly defined to avoid unintended consequences; fair use exceptions similar to copyright should be included; and U.S. databases should receive the same protections in other countries as databases produced in those countries (i.e., satisfy the reciprocity clause of the EU Database Directive).

Two database billsHR 354 and HR 1858takes a different approach to prevent unfair competition in the form of copying of , and would have very different consequences for science and education. HR 354 was introduced in 1999. It is oriented toward database producers and prohibits uses which could harm the primary or related market of the database. On the other hand, HR 1858, which was also introduced 1999, is more oriented toward database users. HR 1858 allows all uses of databases, except commercial uses meant to compete directly with the original database. HR 1858 has a broader range of exceptions than HR 354. For example, both bills exclude government data from protection, but HR 1858 also excludes individual ideas, facts, principles, preexisting databases, and works of authorship. Both bills contain fair use exceptions, but HR 354 permits only non-profit uses, and only if they do not result in market harm. HR 1858 permits all scientific and educational uses, including those in the private sector, as long as the database is not used for purposes of direct commercial competition. In addition, systematic or repeated use of a database is permitted under HR 1858, but not under HR 354. For these reasons, HR 1858 is supported by scientific organizations, libraries, value-added database producers, Internet service providers, and telecommunications companies. However, the bill may not satisfy the reciprocity clause of the EU Database Directive. The intent of the HR354 bill is to encourage continued investment in the production and distribution of valuable new collections of information. This bill would increase the protections afforded to people who build or own databases. The bill does not apply to databases collected by noneducational government entities. Nor, does the bill apply to software, although, it does cover databases included in software. The bill gives significant judicial remedies to database owners. The key language of the bill states that "Any person who extracts, or uses in commerce, all or a substantial part, measured either quantitatively or qualitatively, of a collection of information gathered, organized, or maintained by another person through the investment of substantial monetary or other resources, so as to cause harm to the actual or potential market of that other person, or a successor in interest of that other person, for a product or service that incorporates that collection of information and is offered or intended to be offered for sale or otherwise in commerce by that other person, or a successor in interest of that person, shall be liable to that person ..."

The bill is in the nature of intellectual property law. However, the protection afforded is different from that afforded under copyright law. The content need not be original, and harm must be suffered by the appropriation. It resembles unfair competition laws by allowing a remedy for harm committed by another. In re Double click Inc Privacy Litigation,30 where the internet advertisers Double click arranged for 1500 sites to set cookies on client computers, which visited them. The cookies record the visit and certain other information from the client. This data might be retrieved on subsequent visits and used to select banner advertisements. So the advertisements the visitor saw on later occasions would have been selected by reference to the users profile. Various actions were started in state and federal courts. The federal class action failed. Judge Buchwald noting that all the data in the cookies were given voluntarily and that it had not been used with criminal intent. However, action by attorney of 10 states continued, a settlement was arrived and Double click paid 450,000 dollars towards the cost of investigating the matter and gave serious undertakings. This included the posting of an online privacy policy to which Double click would be legally committed, restrictions on the transfer of data to others, and the creation of the cookie viewer to enable consumers to see what data was held on them. In 2006, A Florida man was convicted of stealing information from data-management Company Acxiom Corp. in what prosecutors said was the largest federal computer theft trial ever. The jury convicted Scott Levine, the owner of defunct e-mail marketing contractor Snipermail.com, on 120 counts of unauthorized access to data, two counts of access device fraud and one count of obstruction of justice. Jurors cleared Levine of 13 counts of unauthorized access of a protected computer, one conspiracy count and one count of money-laundering.31 In April 2007, Agricultural department of Illinois had a case registered against it .The social security number of farmers who received financial aid from two of its agencies, raising concerns about identity theft and other privacy violations.32

It is important to note that the level of protection, privacy, offered by copyright is thin compared with the new additional protection offered by the EU Database Directive or proposed U.S. legislation. Even without such additional protection, however, other legal means (e.g., contract) and technical devices (e.g., encryption) can be used by database producers to maintain control over
30

2002 US Dist LEXIS 27099 (S D NY, 24 May 2002). http://www.msnbc.msn.com/id/8924987/ Newyork times; April 27, 2007.

31

32

unauthorized use of a database. A contract is a two-party agreement, the terms of which are specified by the individuals involved. It can be used to prevent unauthorized uses of a database by the parties to the agreement. This form of protection has some limitations, including (1) a high administrative burden of negotiating terms with each user and provider of data, particularly for databases compiled from several sources, and (2) they cannot prevent unauthorized downstream uses of the database because they are only binding on the parties to the agreement. Downstream uses of databases can be controlled through encryption, although such measures can be expensive or cumbersome to implement. In general, the existing legal regime of copyright plus contract protects databases produced and distributed within the United States. U.S. databases distributed in Europe will also receive copyright and contract protection, but not the stronger legal protections of the EU Database Directive. Because of the reciprocity features of the EU Database Directive, unless similar legislation in enacted in the United States, U.S. databases could theoretically be at a competitive disadvantage in Europe, where they may be susceptible to unauthorized uses. Global database: The World Intellectual Property Organization (WIPO) has been considering database protection since 1996. WIPO is a specialized agency of the United Nations and is responsible for the promotion and protection of intellectual property throughout the world through cooperation and treaties. The U.S. Patent and Trademark Office (Department of Commerce) heads the U.S. delegation to WIPO. Database action in WIPO began in December 1996, when delegations from the European Union and the United States introduced a treaty modeled after the EU Database Directive. A bill with similar provisions (HR 3531) was simultaneously introduced in the U.S. House of Representatives to help ensure U.S. support and passage of the WIPO treaty. As noted above, however, strong opposition from the scientific and library communities led to the withdrawal of HR 3531, and the U.S. Delegation to WIPO was instructed to oppose its own treaty. (One of the most effective letters in changing the U.S. position came from the presidents of the National Academies. They described the proposed bill as having a "deleterious long-term impact on our nations research capabilities" by making it difficult for scientists to reuse and combine data for publication or research.) Since that time, WIPO has sponsored a number of information meetings to gather input from a broader range of stakeholders. Notable among the nongovernmental organizations permitted to attend the information meetings and submit position papers are the World Meteorological

Organization (WMO) and the International Council for Science (ICSU). ICSU created an international committee (ICSU/CODATA Committee on Data and Information) to speak on its behalf at these meetings. Both the ICSU committee and the WMO secretariat have written papers opposing the provisions of the proposed treaty and describing the importance of full and open exchange to science and education. The ICSU papers have also defined scientific principles that should be upheld in any database treaty and provided examples of a wide range of research activities that could be adversely affected by such a treaty. The schedule is likely to be accelerated by passage of a database bill in the United States. U.S. legislation and the EU Database Directive will probably be used as the starting point for a global treaty. Meanwhile, the ICSU/CODATA Committee on Data and Information is seeking to establish a dialog on the database issue among European scientists, few of whom have ever heard of the EU Database Directive or the proposed WIPO treaty. Participation by scientists in the process is important for determining the impact of databases leaving the public domain as a result of the directive and other commercialization policies. This information would also be valuable input to an eventual WIPO treaty or the 2001 review of the EU Database Directive. Thus far, however, efforts to engage European scientists on this issue have failed.

Database in India

Data Protection is available in India under the following:

(1) Article 300A of the Constitution of India, i.e. right to property that is a "Constitutional right",

(2) Under the provisions of the Copyright Act, 1957 r/w Article 10 (2) of the TRIPS Agreement, and

(3) Under the IT Act, 2000.

In 2005, Parsec Technologies Inc, involved in business deals with mortgage originators, which provided housing loans for US citizens, through its Indian subsidiary PTL. Biplab Saha, an ex employee, along with his father and the three others, had set up their own company Telequest Systems that sold the data allegedly stolen from PTL to various call centers. A complaint was filed with the Intellectual Property Rights Section of the EOW on charges of data theft. EOW is the economic offences wing. The economic loss is calculated to be Rs. 3 crores.

The case only involves the first and second categories as mentioned above since no offence or contravention, as mentioned under the IT Act, 2000 has been committed or taken place. Data protection normally implies 'privacy protection'. It is not entirely clear that Indian copyright law, as such would protect all databases. Burlington (Delhi High Court case) has favored sweat of the brow doctrine for databases. But in Navin J Desai case casts some doubt on this. It was held in Navin J desai case that there can be no copyright over "judgments".

"It is pertinent to mention that India itself being a commonwealth country follows the sweat of the brow doctrine. The Indian courts have therefore protected compilations involving minimal originality stating that no man is entitled to steal or appropriate for himself the result of anothers brain, skill or labour even in such works 33This rationale was followed in several cases and it was held that a compilation of addresses developed by any one by devoting time, money, labour and skill though the source may be commonly situated amounts to a literary work wherein the author has a copyright.34 The Delhi High Court35 has been instrumental in injuncting an Italian infringer. The court restrained an Italian company that had copied the plaintiffs online herbal database onto its website, hosted by an American Internet Service Provider. Pursuant to the Delhi High court restraining order, which was brought to the notice of the concerned Internet Service Provider (ISP) located in the US, the ISP removed the infringing content on its own accord and furnished the complete details of the infringer, who had rented space on the ISPs website.36

However in Navin J Desai vs Eastern Book Company, the Delhi High Court preferred to follow the Feist standard and denied protection to copy-edited judgments. The court held that therein.37

changes consisting of changes of spelling, addition of quotations and corrections of typographical mistakes are trivial and no copyright exists

Therefore it is evident that the Indian Courts has raised the threshold of the requirement of originality from that of skill, labour and judgment to a minimum level of creativity, which most databases would not be able to satisfy. Hence arising a need for sui generis. While a strong signal needs to be sent out in terms of punishing those guilty and to re-assure outsourcers from the US, EU and project India as a good outsourcing destination, one should also be careful in ensuring that the
33 34

Govindan v Gopalakrishna AIR 1955 Madras 391. Burlington Home Shopping Pvt. Ltd. vs. Rajnish chibber & Anr [1995 PTC (15)278] 35 Himalaya Drug Company vs. Sumit [suit no 1719/2000] 36 Apar Gupta; Journal of Intellectual property law 2007 oxford university press.
37

www.spicyindia.com

correct laws are applied and new acts are being enacted according to the changing needs of the society.

With the American economy slowing down and EU gaining importance the legislators have to bear in mind the requirements of the EU Directive on database while framing enactments to ensure that India continues to be a good outsourcing destination.

Conclusion:

The laws of data protection are quite unclear as to what it covers. However, the Data Protection Act aims at a number of general targets such as privacy, defamation and discrimination. When data is obtained from the data subject without asking for it or when data is obtained from somewhere else the issue of privacy becomes questionable. To what extent data subjects would welcome this invasion of privacy largely becomes individualistic approach.

The Database Act of UK has stated many rights to data subjects however with broad exceptions. It has often been asserted that there are too many loop holes for the general principal to be taken seriously.38 The current UK legislation is based on the EU Directive of 1995. So many technological advances have taken place since then. The Amendment of 2003 was a welcome sign.

The legislation cannot be clear and precise until a clear cut and precise concept is ruled out. Since data in electronic commerce is of economic value. Economic pressure seems to be one of the many causes to bring up Acts.39

Data protection enforcement orders and prosecutions remain at very low levels. This approach could be seen as weakening. However, the impact of data protection is that many organizations have adopted a self- regulation approach, examined and modified their processing activities in response to data protection.40

38 39

Oxman. S, Exceptions to the EU personal data privacy directive (2000) 24 BCICLR 191. Carey.P, E-commerce: Does DP Act,1998 apply to off shore e-business; (2000) 11 C&L(3) 23. 40 David Bainbridge, Data Protection Law, Second Edition, 2007.

Bibliography:

Acts: 1. Copy Right and Related Rights Act, 2000. (IE) 2. Copyright Act, 1957. (India) 3. Data Protection Act, 1998. (UK) 4. Data Protection (Amendment) Act, 1998. (UK) 5. European Communities Regulations, 2001 6. Information Technology Act, 2000.

Books Referred: 1. Anonymising Personal Data I. Warden. 2. Data Protection Laws Bainbridge. 3. European Database Directive on legal protection 1996/9/EC. 4. European Union on processing personal data Scherzer. 5. Exceptions to the European Personal Data Privacy Oxman.S. 6. E-Commerce in Off-Shore Business Carrey.P. 7. Halsbury Law of England. 8. Information Technology related Intellectual Property Rights T. Ramakrishna. 9. Law relating to Intellectual Property B.L. Wadhera. 10. Law of Electronic Commerce in UK Steve Hardley. 11. Location Technology and Data Protection R. McGiliian & H.Rowe. 12. New York Times April 27, 2007. 13. Sui Generis Database Protection Jonathan Band.

Web sites: 1. www.eu-consumer-law.org 2. www.msnbc.msn.com 3. www.spicyindia.com

Case Laws:

1. Burlington Home Shopping Pvt. Ltd vs. Rajnish Chibber & Anr. [1995 PTC(15)278]. 2. CCH Canadian Ltd. vs. Law Society of Upper Canada [(2000)1SCR 339]. 3. Campbell vs. Mirror Group Newspaper Ltd. [(2002) EWHC 499 QB 633].

4. Durant vs. Financial Services Authority [2003 EWCA Civ 1746]. 5. Doubleclick Inc. Privacy Litigation [(2002) US Dist Lexis 27099]. 6. Eastern Book Company vs. D. B .Modak [(2008) 1 SCC 1]. 7. Feist Publications Inc. vs. Rural Telephone Service Company Inc.[449US340(1991)]. 8. Gleeson vs. Denne [1975 RPC 471]. 9. Govindan vs. Gopalakrishna [AIR 1955 Mad 31]. 10. Himalaya Drug Company vs. Sumit [Suit no: 1719/2000]. 11. Lindqvist [(2003), ECJ case C-101/01]. 12. Ravencraft vs. Herbert [1980 RPC 103]. 13. Ram Narain Kher vs. Ambassdor Industries [AIR 1976 Del 87]. 14. Walter vs. Lane [1990 AC 539].