Website-law.co.uk

Many websites incorporate data obtained from other websites. It is sometimes thought that, where the data obtained is not protected by copyright (e.g. data consisting of postal addresses arranged alphabetically) there are no legal problems. This is however a mistake: the collection and re-use of such data can present significant legal risks.

As a matter of English law, the key risks arise under:

• the database right legislation;
• the law of contract; and
• the Computer Misuse Act.

Database right

A database is defined in the Copyright Designs and Patents Act 1988 as “a collection of independent works, data or other materials which - (a) are arranged in a systematic or methodical way, and (b) are individually accessible by electronic or other means.”

In general terms, databases falling with this definition will be protected by database right if there has been “a substantial investment in obtaining, verifying or presenting the contents of the database.”

Database right will be infringed where a person extracts or reutilises all or a substantial part of a protected database without the consent of the database owner.

The law on database right is in a state of flux, and unfortunately the scope of the right is not entirely clear. Nonetheless, it is clear that the harvesting of data from other sites can in some circumstances constitute an infringement of this right.

Law of contract

Website terms of use sometimes expressly prohibit the collection and republication of data from websites.

If you are considering extracting data from another website for use on your own website, you should check their terms of use of that other site. If they expressly prohibit what you intend to do – and if the website owner can establish that the terms are enforceable against you – then you may be found liable for breach of contract (or licence) if you go ahead.

Computer Misuse Act

The Computer Misuse Act provides for a specific offence in the case of unauthorised access to a computer:

“(1) A person is guilty of an offence if— (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer; (b) the access he intends to secure is unauthorised; and (c) he knows at the time when he causes the computer to perform the function that that is the case.

(2) The intent a person has to have to commit an offence under this section need not be directed at— (a) any particular program or data; (b) a program or data of any particular kind; or (c) a program or data held in any particular computer.

(3) A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both.”

It may be argued that, where a website’s terms of use prohibit data data mining, then such activities could fall within the Computer Misuse Act. This could lead to civil liability (under the tort of breach of statutory duty) as well as criminal liability.

To the best of my knowledge, this kind of argument has not yet been tested in the UK courts.

Database right is similar to copyright, but distinct. Both database right and copyright may subsist in a single database quite independently. However, this note is concerned exclusively with the protection afforded to websites by database right, not copyright.

In the UK, the key piece of legislation is the Copyright and Rights in Databases Regulations 1997. Many of the questions you may have about database right can be answered by reading the Regulations.

A “database” is defined in the legislation as “a collection of independent works, data or other materials which- (a) are arranged in a systematic or methodical way, and (b) are individually accessible by electronic or other means”. In some industries this might be called a “dataset” rather than a database. Nonetheless, it is databases so defined that are the subject of the 1997 Regulations.

Database right will subsist in a database if there has been a substantial investment in obtaining, verifying or presenting the contents of the database. The leading case on the meaning of this is British Horseracing Board v. William Hill (see the Out-law.com summary here). In that case the court ruled that BHB’s database of runners and riders fell outside the scope of protection because the resources used to create the database did not constitute an investment in the obtaining and verification or presentation of the contents of the database.

If your website has an integrated database that can overcome the limits on protection set out in the Regulations and in the BHB case, then any person who extracts or re-utilises a substantial part of your database without your consent will likely infringe the database right. For example, data mining and scraping activities often infringe.

As the owner of the database right, you may be entitled to damages and an injunction against any infringer.

One general exception to protection is this: individuals who are not EEA nationals, or habitually resident in an EEA state, and companies that are not incorporated in an EEA state, do not usually get the protection of the database right.