In the circles of Intellectual Property law, certain classes of IP protection are continuously discussed, while others do not come up anywhere near as frequently. Databases and trade secrets belong to the latter category. Some countries and regions have specific laws on the books concerning these less-discussed assets; others do not.
However, as our society continually becomes more tech-driven, the value of database authorship and the sanctity of organizations' key processes will also skyrocket. As such, regulations that are more comprehensive will be needed to safeguard these types of IP. Let us help you with your IP strategy!
In 2018, the EU gave us the world's strongest data privacy law in the form of the General Data Protection Regulation (GDPR). Considering this, it is indeed of utmost importance to adapt IP rights for databases as these are the technical means typically containing and processing private data. The European Union (EU) is already working to address this issue with revisions of the Database Directive and Trade Secrets Protection Directive, and other nations may follow that pattern. This would be unequivocally good for inventors, citizens and organizations.
The EU protection models
Under current laws, you would have the following options if you wanted to protect the contents of a database or trade secret:
Copyright: Per the language of the Database Directive passed on March 11, 1996, by the European Parliament, databases can be copyrighted if their structure is, in itself, unique enough. Unfortunately, most databases do not have this sort of original design, as anyone working in the field of data storage will likely attest. Additionally, a copyright claim for a database does not pertain to anything within it, which largely defeats its purpose.
Sui generis right: Through this method, you can classify a database as IP if it represents "a collection of independent works, data or other materials arranged in a systematic or methodical way and individually accessible by electronic or other means." You must also prove you made considerable effort in "obtaining, verifying and presenting" whatever the database contains. Unfortunately, sui generis right only applies within the EU. None of the international agreements overseen by the World Intellectual Property Organization (WIPO) covers the IP within this category.
As our society becomes more tech-driven, the value of database authorship and the sanctity of organizations' key processes will also skyrocket. As such, regulations that are more comprehensive will be needed to safeguard these types of IP.
Trade secrets, meanwhile, fall under the purview of their aforementioned eponymous Directive, which first became law on June 8, 2016. For example, if a tech startup company's key information was stolen or compromised, and the parties responsible used it to create an identical product or methodology, the organization who "owns" those trade secrets would have recourse to stop the offender from using that information, through either injunction, recall or another restrictive tactic.
The intrinsic limitation here is, of course, that trade secrets do not confer specific exclusivity rights upon their holders. Making a case for the theft of trade secrets can easily put more burden of proof on the plaintiff than a copyright, trademark or patent infringement case would. Also, while most EU states follow the minimum standards defined in Article 10bis of the Paris Convention (PC) and Article 39 of the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) ratified by the World Trade Organization (WTO) by nominally enacting rules on undisclosed information, there is considerable variance in national competition law and the precise definition of trade secrets. This means that any attempt to sue for a trade secret violation that is not based on unimpeachable evidence - e.g., the violation of a written and signed non-disclosure agreement (NDA), or the proof of secrecy - has no clear guarantee of success, next to the complications in defining the causality and amount of any damages suffered.
Difficulties elsewhere in the world
Many countries have the same problem with database and trade secret protections as the EU: namely, little or difficult-to-enforce regulations. Prominent examples include:
Brazil only protects databases that are certifiable as "intellectual creations" – a somewhat subjective term that a good lawyer could easily tear into.
In India and the U.S., like the EU, databases themselves can be copyrighted, but as for the data within, protections are nebulous at best.
In fact, among G20 countries, China and the United Kingdom (UK) are the only two with specific copyright protection for databases and their contents. Trade secrets are on somewhat firmer ground than databases worldwide because, as in the EU, most nations follow the recommendations of the aforementioned PC and TRIPS Agreement and have active competition laws. Protections for prized information are still more limited than they ought to be.
The need for a global standard
The European Commission (EC) has previously sought similar guidance from the governments of its member states regarding how to protect data, including databases and trade secrets. This first occurred in 2005, nine years after the Database Directive's initial passage; another evaluation took place on April 25, 2018, and found that less than half (40.9%) of database users were satisfied by the scope and protections of the Directive.
Among G20 countries, China and the United Kingdom (UK) are the only two with specific copyright protection for databases and their contents. Meanwhile, trade secrets are on somewhat firmer ground than databases worldwide.
While it is too soon to render a verdict, current EC examinations of these laws seem as if they could lead to more substantial IP rights for databases, trade secrets and related assets. Commission members propose to unite numerous data governance and protection regulations under one Data Act, similar in scope to the GDPR and ideally set to pass in 2021. Considering that several countries have passed their versions of the GDPR and numerous private-sector organizations must follow its guidance, it is not unreasonable to think that something similar could happen with the proposed Data Act. A global framework like that could streamline (and significantly improve) the protection of these information types as IP, but when that would happen remains uncertain until WIPO will pick it up and promote it among their member states.
In the interim, Dennemeyer is here to help you protect databases, trade secrets and any other IP assets by any possible means. Our legal teams in local offices around the globe can assist with drawing up airtight NDAs, offer precise counsel regarding all applicable laws and provide all other essential legal services as you work to protect your organizations' greatest resources - its ideas.
The authors contribute to this blog in their personal capacity. The views expressed are their own and do not necessarily represent the views of Dennemeyer IP Solutions, Dennemeyer & Associates, or Dennemeyer Consulting.