Technology Advances and IPR

UNIT 7 PROTECTION OF DATABASES

Structure 7.1 Introduction Objective 7.2 Historical Background 7.3 Definition and Scope of Database Protection 7.4 Protection Mechanisms for Databases Limitations of Protection Need of Database Protection Law 7.5 Copyright Protection of Databases International Conventions and Agreements Regional Legislations 7.6 Sui-Generis Protection of Databases 7.7 National Legislations United States of America Australia China 7.8 Database Protection in India 7.9 Laws Governing Information Protection in India Information Technology Act 2000 Indian Copyright Act 7.10 Summary 7.11 Terminal Questions 7.12 Answers and Hints

7.1 INTRODUCTION

The recent advances in biotechnology field have enabled scientists to carry out experiments on different life forms and they are even successful in mapping the DNA sequences of some of these forms. The technological and economic investments made in these kinds of experiments are very high and the investors are inclined to protect the results of these experiments. Many of these results are in the form of large databases. Other types of databases we encounter quite often are the directories, dictionaries, thesaurus, railway/airline schedules, weather reports etc. The geographical information in its many forms offers wide scope for creativity in data presentation. Such representation involves artistic expression on computer screens and in printouts, data models, and the integration of information, analysis of data, and the use of textual and tabular data. Due to the large demand for the databases and exorbitant costs involved in preparing them, there have been efforts towards protecting these databases as intellectual property rights. Many national laws have recognised databases as a subject matter of intellectual property rights and accorded them protection under copyright law or by sui-generis system. In the TRIPS Agreement also these provisions are made. In this Unit we will be discussing the evolution of database protection as intellectual property right and its present status. Objectives After studying this unit, you should be able to: • define Database; • describe the historical background of database protection; • explain the rationale behind database protection; • cite the short comings of copyright law in its application for databases;

38

Protection of Databases

• discuss the database protections afforded by different countries like US, Australia, China and European Union; • explain the different laws available in India for database protection; and • list the salient features of Indian Information Technology Act, 2000.

7.2 HISTORICAL BACKGROUND

The Feist Case, a landmark U.S. Supreme Court ruling in case of Feist Publishing, Inc. versus Rural Telephone Service Co. may be attributed to the beginning of the movement for data protection laws wherein inter alia it has been stated that mere collections of information could not be covered under copyright protection. Instead, “creativity in selection or arrangement” was required. Briefly, the Feist case embodied an issue “whether the copying the data of telephone book listings was an infringement of the copyright existed in the arrangement of that data?” The claim was that even though the data might otherwise fall outside of the protection of the copyright law, the arranger of that data was entitled to protection because of the time and energy expended in doing the arrangement, in this instance the telephone book listings. The Supreme Court said that the so-called legal theory of The sweat of the brow protection was not a valid legal theory. The Court referred to the United States doctrine here refers to the efforts and investment made Copyright Act of 1976, section 102 (b), which states: by an entity towards compiling large data but In no case does copyright protection for an original work of authorship without showing originality extend to any idea, procedure, process, system, method of operation, in creation. concept, principle, or discovery, regardless of the form in which it is described, explained, illustrated, or embodied in such work. This opened a debate on the protection of the data and the arrangement of that data as one of the hot issues. This ruling stirred the database community throughout the world as this altered the landscape of copyright protection of factual compilations. They also began assuming that the present theory of copyright does not favour the protection of databases. There may be other theories that may be useful to the creator of such materials such as trespass, unfair competition and contract rights. All these theories are limited in their scope and subject to the contractual relationship between the parties. This raised a need of a thoughtful and practical analysis of copyright laws vis-à-vis database protection. As far as different copyright laws prevailing to different nations are concerned, they broadly intend to cover the original works of authorship fixed in any tangible medium of expression from which they can be perceived, reproduced, or otherwise communicated. Consequently, the facts themselves do not come under purview of copyright protection; however, compilation of factual information can be protected by copyright laws if the selection, coordination, or arrangement of data constitutes an original work of authorship. Eventually, the facts in a factual compilation may be freely copied. The computerised databases which contain enormous amount of facts in the form of factual compilations are vulnerable to be copied in another database in a matter of no time using the prevailing data processing technologies. Such instances thus paved a smooth and soothing way for a second competing database without incurring the cost and labour of producing it.

39

Technology Advances and IPR

7.3 DEFINITION AND SCOPE OF DATABASE PROTECTION

A database is a collection of data arranged in a systematic way to facilitate and efficient retrieval of information to its users. Database Management System (DBMS), which administers the database is a software or computer programme distinct to database. In this era of computerisation and perpetual development, there are large number of Database Management System (DBMS) packages available in the market which administer the databases. Conventionally, database was collected and recorded in a file and kept in hard copy form. Compared to electronic database, conventional system of records collection was laborious and time consuming, hence inefficient. Unlike traditional databases, new digital databases can be compiled wholly by a computer in accordance with certain instructions or certain parameters with less or no human activity. Gradually, electronic databases became popular and so also their protection. The legal definition of a database arises within the context of database protection. According to European Commission’s Databases Directive, the legal definition of a database, for the purpose of intellectual property law, states that the database shall mean a collection of independent works, data or other materials arranged in a systematic or methodical way and individually accessible by electronic or other means. U.S. Congressional bill (H.R. 354) defines it as information that has been collected and has been organised for the purpose of bringing discrete items of information together in one place or through one source so that persons may access them. Obviously, the definition does not intend to cover individual works which come under copyright. Other materials having a general nature include different kinds of expressed information. This will include not only literary and artistic works, but also databases of musical works, sounds and images. It may even include a web page itself. Precisely, a database does not have to consist of information which is stored electronically under these definitions, and can therefore include information which is recorded on paper. In the context of India, the word database itself appears in the Copyright Act, 1957 and the Information Technology Act, 2000. The closest definition of the term database is found in Section 43 Explanation (ii) of the Information Technology Act, 2000 which defines computer database to mean a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepared in a formalised manner or have been produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network. This definition appears to extend only to electronic databases. Section 2 (k) of the Information Technology Act, 2000 defines a computer resource to mean a computer, computer system, computer network, data, computer database or software. Section 2 (o) of the Copyright Act 1957 defines a literary work to include computer programmes, tables and compilations including computer databases. This definition appears to include even non-electronic databases. Indian copyright law embodies copyright protection of compilations as literary works, but does not stipulate the content of a compilation. The definition of a literary work also embraces computer databases, which under the Information Technology Act, 2000 involves audio and video. It may be argued that the electronic databases may comprise of collections that are not restricted to only literary and artistic works. This raises the question whether ‘database’ is intended to include an anthology of poems, a collection of circuit diagrams or a collection of digital representations of 3D items.

40

Protection of Databases

Before discussing further the mechanisms of database protection, you may like to attempt one SAQ.

SAQ 1 " Spend 3 min. Describe briefly the minimum number of attributes provided by Database definition.

7.4 PROTECTION MECHANISMS FOR DATABASES

The TRIPS Agreement provides for database protection under copyright laws of the member States or under a sui-generis system of database protection. Let us now discuss the issues related with various ways of database protection.

7.4.1 Limitations of Copyright Protection Since in many cases a database is afforded protection under copyright it would be apt to analyse some limitations of this right in light of database protection. 1. Copyright protection laws though provide protection to the original work of author they are usually not extendable to every element. 2. It extends to the author’s original expression only, not the idea, process, system or method of operation. 3. The elements such as ledger sheets and blank forms, rules and recipes, white pages listings of telephone directories, facts and theories (although particular expressions of facts or theories are copyrightable), ideas and principles, methods of operation/processes falls under non-copyrightable elements. 4. Creativity in selection and arrangement of data or other elements produces a compilation protected under copyright law. Likewise, pre-existing work admixed with original expression generates a derivative work which is also protected under copyright law. Contrarily, compilation or derivative work copyright does not extend to pre-existing material. 5. Use of infringing materials may invalidate copyright in compilation or derivative work. Consequently, the potential difficulties which arise in preventing a database from receiving copyright protection may have arguments in the arrangement of facts and applications of skill and labour in compiling the material. If the material is organised in a standard arrangement, such as in alphabetical or numerical order, it is difficult to prove that the arrangement has originated with the author. Moreover, the requirement that an author expend in the form of skill and labour in compiling the material poses a problem for machine-generated databases. It is amply clear that most of computerised databases are simply vast collections of information stored digitally which enables a user to extract any type or combination of types of data, according to the specific needs arising at the time. This is facilitated by computer and powerful Database Management Systems; not by the human author. In these circumstances, it is difficult to authenticate that the selection and arrangement of material is original and accomplished from the labour and skill of a human author. It is therefore felt that existing copyright laws extend little protection for digital databases.

7.4.2 Need of Database Protection Law You must have noted that, in case of computerised databases which facilitates data processing, the facts abundantly available in one database in the form of factual compilation are vulnerable to be copied in another database and thus paving way for a second competing database without incurring the cost of producing it. Since, databases are strengthening much of our lives as a society as a whole, those that create and those that use databases should have some sense about the respective legal issues in this area of intellectual property law.

41

Technology Advances and IPR Need of protection of databases could be premised on the very fact that, the actual facts contained in any database, being in public domain, are unprotected under copyright protection and are freely available for use in most instances. However, the threshold question for the copyright protection of the database is whether or not the arrangement of the public domain information is sufficiently original, under the standards of the copyright law, to warrant copyright protection. Accordingly, there is a need to consider carefully as to how to effectively maximise and protect value of information collected or so created databases. A number of legal rights are required to protect database owners against illegitimate exploitation of their databases by third parties. In the global outsourcing environment and with the advances in communication technology, databases can be easily stolen and made available to others. Hence, protection and privacy of data becomes paramount in view of incessant flow of information. Recently, the environment in the US relating to the data privacy issue has undergone a significant change because of loss of sensitive customer information. Some high profile incidents involving Choice Point, SAIC and Bank of America all of whom lost sensitive customer information, has prompted a huge public outcry and need of more legislation. Apparently, there is a tangible and significant need for database protection legislation. This may also augur competitions among database manufacturers and give them incentives to keep producing new products. Over the past several years, databases have become a valuable and integral part of the assets of a business giving them an edge over their competitors. With the advancement of DBMS and data processing technologies, creation of complex and highly functional databases along with the collection and storage of data in different ways have been happening. Hence, in cyberspace, technological developments represent a threat as well as an opportunity for collections of information. Thus, copying factual material from a third party's collection, and rearranging them to form a competing information product proves to be cheaper and easier than ever. The pros and cons concerning to the economic and technological factors are also required to be reasoned out in evaluating the need of data protection legislation. In this world of cutthroat competition, database manufacturers or companies are relying on their databases as major source of revenue for themselves. They definitely need sufficient safeguards in order to protect themselves from their competitors and swindlers. There are, however, some conditional provisions to protect databases. The EC Directive and related laws call for penalties only where the original manufacturer has made a substantial investment in creation of the databases. Furthermore, manufacturers must prove that the copying has harmed their market to which the proposed US legislation adds the phrase potential markets. India, acknowledging the need of creating appropriate confidence among investors and foreign companies to ensure them that the data they send to India for business process outsourcing (BPO) is indeed safe and covers measures against unauthorised access and data theft from computers and networks, has provided for maximum penalty of about US$ 220,000. The government is in process of providing more new teething clauses in IT Act 2000 in line of the EC’s Data Protection Directive and the Safe Harbour privacy principles of the US. Perpetual innovations fuelling rapid changes and turnaround in technology in general and Internet technologies specially has enabled users to copy a huge amount of data from an electronic medium or an Internet site in the blink of an eye. This has aggravated the fear about the unlawful copying of data in the absence of laws. However, measures such as a combination of encryption, digital watermarks and electronic signatures etc. are tilting in favour of the manufacturer of database and not the copier. Hence, fear of technical progress proliferating illegal copying appears to be not well founded. Other factors of technological advancements such as high- bandwidth data telecommunications vis-à-vis gradual decrease in price for access and Internet as huge repository of information could be taken care of by putting technological measures. There is, however, opposition to these technical measures as alternatives citing socially negative implications. Encryption and license enforcement

42

Protection of Databases

mechanisms, digital watermarks and digital signatures etc. may deter research and harm privacy by tracking and preserving information on users’ habits etc. Considering the above-discussed issues we may conclude that: • In some instances, the value of a whole business may be dependant on the ability of that business to protect databases of information from exploitation by competitors;

• The balance between measures protecting database manufacturers, measures promoting competition and social issues has to be reached to develop new products by keeping alive competition and research;

• Due to the significant importance of data in human life, in the proposed data protection laws, conscious and generous approach should be adopted where some value addition is being done to databases in an innovative way;

• In order to generate a healthy competition, artificial monopolistic databases may be discouraged;

• Loosely coupled provisions may bring in bureaucratic delays into a fast-moving technological field;

• There should be clear-cut previsions regarding data available in public domains and exemptions from data protection laws for government owned data; and

• Expiration time as in copyright law exist needs to be redefined due to the varied nature of databases. Expiration times are mostly irrelevant for online databases because these are usually updated continuously, with old and new data intermingled in such a way that users cannot determine what data is new and what is old. The EC Directive mentions that the term of protection will expire after 15 years. In general, data protection laws should adequately address anti-monopoly and pro- competition laws vigilantly to prevent abuse of database law. In the US many experts are of opinion that the exclusion of data protection law should extend to anything produced by federal government funding or even within the scope of a federal agency. Consequently, this strong exemption has found place in the current versions of both US bills.

SAQ 2 Spend " 5 min. What rights should be granted to the database maker? Do you think that “extraction” and “re-utilisation” should be covered by the rights to be granted? If yes, how should these notions be defined?

7.5 COPYRIGHT PROTECTION OF DATABASES

7.5.1 International Conventions and Agreements Article 2(5) of the provides as follows: Collections of literary and artistic works such as encyclopaedias and anthologies which, by reason of the selection and arrangements of their contents, constitute intellectual creations shall be protected as such, without prejudice to the copyright in each of the works forming part of such collections. The provision only states that such collections shall be protected as such; it does not indicate any specific category of works to which the level of protection shall be assimilated. Accordingly, it should be assumed that the level of protection to be granted is that which, in general, is granted for literary and artistic works under the Berne Convention.

43

Technology Advances and IPR The said provision in Article 2(5) of the Berne Convention limits its scope to original collections of literary and artistic works. This does not mean, however, that there is no basis in the Berne Convention for the protection of original collections of other material, such as mere data. Such basis can be found in Article 2(1) of the Berne Convention, which states, inter alia, that the expression ‘literary and artistic works’ shall cover every production in the literary, scientific and artistic domain, whatever may be the mode or form of its expression. While the list of categories of works that follows the sentence just quoted does not include databases, it is clear that the list is not exhaustive, and that every (original) production in the above-mentioned domain must be protected under the Convention. In recent years, a general consensus seems to have emerged that collections of material other than literary and artistic works are indeed covered by the said provision and are thereby subject to copyright protection under the Berne Convention, provided, of course, that they can be considered “works,” that is, they are original. An explicit provision on the protection of databases was included in Article 10(2) of the TRIPS Agreement which was concluded in Marrakech, on April 15, 1994. That provision states as follows: Compilations of data or other material, whether in machine readable or other form, which by reason of the selection or arrangement of their contents constitute intellectual creations shall be protected as such. Such protection, which shall not extend to the data or material itself, shall be without prejudice to any copyright subsisting in the data or material itself. The WIPO Copyright Treaty (WCT) which was adopted in Geneva on December 20, 1996, contains in its Article 5 a provision on copyright protection of databases, which, under the title “Compilations of Data (Databases)” provides as follows: Compilations of data or other material, in any form, which by reason of the selection or arrangement of their contents constitute intellectual creations, are protected as such. This protection does not extend to the data or the material itself and is without prejudice to any copyright subsisting in the data or material contained in the compilation. The Diplomatic Conference also adopted, by consensus, the following agreed statement: The scope of protection for compilations of data (databases) under Article 5 of this Treaty, read with Article 2, is consistent with Article 2 of the Berne Convention and on a par with the relevant provisions of the TRIPS Agreement. Article 2 of the WCT, to which the agreed statement refers, states, under the heading “Scope of Copyright Protection,” that the copyright protection extends to expressions and not to ideas, procedures, methods of operation or mathematical concepts as such.

7.5.2 Regional Legislations a) Cartagena Agreement The Decision No. 351 of the Cartagena Agreement containing “Common Provisions on Copyright and Neighbouring Rights” was concluded on December 17, 1993, between Bolivia, Colombia, Ecuador, Peru and Venezuela and it entered into force on December 21, 1993. Article 4 of Decision 351 contains a non-exhaustive list of categories of works which the Member Countries are obliged to protect, and item (ll) of that list reads as follows: anthologies or compilations of assorted works and also databases,

44

Protection of Databases

which, by the selection and arrangement of their contents, constitute personal creations. This is further clarified in Article 28 which provides as follows: Databases shall be protected insofar as the selection or arrangement of the contents constitutes an intellectual creation. The protection granted shall not extend to compiled data or information, but it shall not affect any rights subsisting in the works or material constituting the said database. The rights granted by the Decision in respect of databases include moral rights (Article 11) and rights of reproduction, communication to the public, distribution of copies to the public, importation of unauthorised copies and translation, adaptation, arrangement or other transformation of the work (Article 13). In this respect, the Decision does not distinguish between databases and other categories of works. It does, however, specify, in Article 15 − which clarifies the contents of the right of communication to the public − that that right also includes “public access to computer databases by means of telecommunication, insofar as the said databases incorporate or constitute protected works.” In addition, the Decision contains a transitory provision, specifically relating to, inter alia, databases according to which they shall enjoy protection by copyright even where they have been created prior to the date of entry into force of the Decision. b) The NAFTA Agreement The North American Free Trade Agreement between the Government of Canada, the Government of the United Mexican States and the Government of the United States of America (NAFTA Agreement) was concluded on December 8, 1993, and entered into force on January 1, 1994. Article 1705(1) of the NAFTA Agreement obliges the parties to protect the works covered by Article 2 of the Berne Convention, including any other works that embody original expression within the meaning of that Convention. The provision adds that this includes inter alia, compilations of data or other material, whether in machine readable or other form, which by reason of the selection or arrangement of their contents constitutes intellectual creations, shall be protected as such. c) of EC The Database Directive of the European Communities (Directive 96/9/EC of the European Parliament and of the Council of March 11, 1996 on the legal protection of databases) is binding for the countries of the European Union, that is Austria, Belgium, Denmark, Finland, France, Germany, Greece, Ireland, Italy, Luxembourg, Netherlands, Portugal, Spain, Sweden and United Kingdom, which were obliged to implement its provisions in their national legislation before January 1, 1998. The provisions of the Directive also apply as regards the countries of the European Economic Area (EEA) which comprise, in addition to the countries of the European Union, Iceland, Liechtenstein and Norway. The Directive contains in its Chapter II (Articles 3 to 6) a number of specific provisions dealing with the copyright protection of databases. Further provisions, relating to both databases subject to copyright protection and databases subject to a sui-generis protection of databases, are contained in Chapters I and IV of the Directive (Articles 1 and 2, and 12 to 17). Article 1(1) of the Database Directive states that it concerns the legal protection of databases in any form. This is clarified in consideration (14) of the Preamble which states that protection under this Directive should be extended to cover non-electronic databases. A further clarification is given in the definition of the term “database” in Article 1(2) which is a collection of independent works, data or other materials arranged in a systematic or methodical way and individually accessible by electronic or other means. In addition to that definition, Article 1(3) provides that protection under the Directive shall not apply to computer programmes used in the making or

45

Technology Advances and IPR operation of databases accessible by electronic means, and consideration (20) states that protection under the Directive may also apply to the materials necessary for the operation or consultation of certain databases, such as thesaurus and indexation systems. The definition is further elaborated by consideration (21) which clarifies that the condition that the contents of the database are arranged systematically or methodically does not necessitate that it is physically stored in an organized manner. It is also clarified, in consideration (22), that the term “electronic database” within the meaning of the Directive also may include devices such as CD-ROM and CD-i. In its provisions dealing specifically with copyright protection of databases, the Directive states that in accordance with this Directive, databases, which, by reason of the selection or arrangement of their contents, constitute the author’s own intellectual creation shall be protected as such by copyright. No other criteria shall be applied to determine their eligibility for that protection. It is added, in consideration (15), that copyright protection should cover the structure of the database, and, in consideration (16), as regards the criteria of originality, that in particular no aesthetic or qualitative criteria should be applied. Further clarification is offered in consideration (19), according to which, as a rule, the compilation of several recordings of musical performances on a CD does not, as a compilation, meet the conditions for copyright protection. Article 3(2) of the Directive states that the copyright protection of databases provided by the Directive will not extend to their contents and shall be without prejudice to any rights subsisting in those contents themselves. This is clarified, partly by consideration (15) which states, inter alia, that the protection should cover the structure of the database, and partly by consideration (18) which clarifies, with regard to copyright protection, that the Directive is without prejudice to the freedom of authors to decide whether, or in what manner, they will allow their works to be included in a database, in particular whether or not the authorization given is exclusive. Furthermore, consideration (26) reads as follows: Whereas works protected by copyright and subject matter protected by related rights, which are incorporated into a database, remain nevertheless protected by the respective exclusive rights and may not be incorporated into or extracted from the database, without the permission of the right holder or his successors in title, and consideration (27) reads as follows: Whereas copyright in such works and related rights in subject matter thus incorporated into a database are in no way affected by the existence of a separate right in the selection or arrangement of these works and subject matter in a database. The question of authorship of databases is dealt with in Article 4 of the Database Directive, which states in paragraph (1) that the author of a database shall be the natural person or group of natural persons who created the base or, where the legislation of the Member States so permits, the legal person designated as the right holder by that legislation. Paragraphs (2) and (3) contain specific provisions regarding collective works and databases created by a group of natural persons jointly. The question of ownership of rights in cases where databases are created by employed authors is not addressed in the rules of the Directive. Consideration (29) explains that this issue is left to the discretion of the Member States. Therefore, nothing in the Directive prevents Member States from stipulating in their legislation that, where a database is created by an employee in the execution of his duties or following the instructions given by his employer, the employer exclusively shall be entitled to exercise all economic rights in the database so created, unless otherwise provided by contract

46

Protection of Databases

(consideration (29)). As regards the moral rights of the natural person who creates a database, consideration (28) contains a reference to national legislation in the Member States and to the Berne Convention, and it states that such moral rights remain outside the scope of this Directive. Article 5 of the Directive provides that authors of databases which are protected by copyright have the exclusive right to carry out or to authorise: a) temporary or permanent reproduction by any means and in any form, in whole or in part; b) translation, adaptation, arrangement and any other alteration; c) any form of distribution to the public of the database or of copies thereof (the first sale in the European Community of a copy of the database by the right-holder or with his consent exhausts the right to control resale of that copy within the Community); d) any communication, display or performance to the public; and e) any reproduction, distribution, communication, display or performance to the public of the results of the acts referred to in (b). The scope of certain of these rights is clarified in consideration (33) which states that whereas the question of exhaustion of the right of distribution does not arise in the case of on-line databases, which come within the field of provision of services; whereas this also applies with regard to a material copy of such a database made by the user of such a service with the consent of the right- holder; whereas, unlike CD-ROM or CD-i, where the intellectual property is incorporated in a material medium, namely an item of goods, every on-line service is in fact an act which will have to be subject to authorisation where the copyright so provides. Exceptions to these rights are allowed in Article 6, of which paragraph (1) deals with the access to the contents of the database and their use. It reads as follows: The performance by the lawful user of a database or of a copy thereof of any of the acts listed in Article 5 which is necessary for the purposes of access to the contents of the databases and normal use of the contents by the lawful user shall not require the authorisation of the author of the database. Where the lawful user is authorised to use only part of the database, this provision shall apply only to that part. Consideration (34) specifies that this applies once the right-holder has chosen to make available a copy of the database to a user, whether by an on-line service or by other means of distribution. It further states that the lawful user must be able to access and use the database for the purposes and in the way set out in the agreement with the right-holder, even if such access and use necessitate performance of otherwise restricted acts. Further specific exceptions from the rights are embedded in Article 6(2) which allows national legislation to provide for limitations as regards: a) reproduction for private purposes of a non-electronic database; b) use for the sole purpose of illustration for teaching or scientific research, as long as the source is indicated and to the extent justified by the non-commercial purpose to be achieved; c) where there is use for the purposes of public security or for the purposes of an administrative or judicial procedure; and d) where other exceptions to copyright which are traditionally authorised under national law are involved, without prejudice to points (a), (b) and (c).

47

Technology Advances and IPR Paragraph (3) of that Article underlines that in accordance with the Berne Convention for the Protection of Literary and Artistic Works, this Article may not be interpreted in such a manner which unreasonably prejudices the right-holder’s legitimate interests or conflicts with normal exploitation of the database. Some clarification of these provisions are offered in, inter alia, consideration (36) which states that the term “scientific research” within the meaning of the Directive covers both natural sciences and human sciences, and consideration (37) which states that Article 10(1) of the Berne Convention (on quotations) is not affected by the Directive. Please note that the absence of explicit provisions does not necessarily imply that such collections of works are not protected, as this may follow from an interpretation of other provisions, notably the general provisions on works to be protected. As it appears from the above description, the analysis of the general concept of “work,” and related concepts such as “originality,” “creativity,” “independent effort” and “personal effort” would be necessary in order to describe with a greater precision which collections and compilations are protected by copyright under the different national laws. Such an analysis, however, could not be based on the texts of the laws alone, since the full meaning of those concepts is determined through case laws in each country. It is generally acknowledged that the countries party to the Berne Convention have a certain freedom in establishing the exact level of originality required for a production to be considered a work and it may be said that, in general, national laws of countries following the common law tradition tend to have a lower threshold of originality than those of countries following the civil law tradition.

" Spend SAQ 3 3 min. If the national law of some country does not contain provisions concerning copyright protection of databases, does it automatically mean that they are not protected in that country?

7.6 SUI-GENERIS PROTECTION OF DATABASES

The Database Directive of the European Communities in its Chapter III contains provisions on sui-generis protection of databases. The reasons for, and the primary aims of the sui-generis protection are explained in considerations (38) and (39) of the Preamble of the Directive which read as follows: (38) Whereas the increasing use of digital recording technology exposes the database maker to the risk that the contents of his database may be copied and rearranged electronically, without his authorisation, to produce a database of identical content which, however, does not infringe any copyright in the arrangement of his database; (39) Whereas, in addition to aiming to protect the copyright in the original selection or arrangement of the contents of a database, this Directive seeks to safeguard the position of makers of databases against misappropriation of the results of the financial and professional investment made in obtaining and collecting the contents by protecting the whole or substantial parts of a database against certain acts by a user or competitor. The object of protection under the sui-generis rights is databases for which the maker shows that there has been qualitatively and/or quantitatively a substantial investment in, either the obtaining, verification or presentation of the contents. This is clarified in consideration (40) which states that the object of this sui-generis right is to ensure protection of any investment in obtaining, verifying or presenting the contents of a database for the limited duration of the right, and it adds that such

48

Protection of Databases

investment may consist in the deployment of financial resources and/or the expending of time, effort and energy. Further clarification is offered in consideration (19), according to which, as a rule, the compilation of several recordings of musical performances on a CD does not represent a substantial enough investment to be eligible under the sui-generis right. As regards the understanding of the term “database,” the provisions discussed earlier in case of copyright apply also in relation to the sui-generis right. The relation between copyright protection and the sui-generis right is dealt with in Article 7(4) which states that the sui-generis right shall apply irrespective of the eligibility of that database for protection by copyright or by other rights. Moreover, it shall apply irrespective of eligibility of the contents of that database for protection by copyright or by other rights. Protection of databases under the sui-generis right shall be without prejudice to rights existing in respect of their contents. This is elaborated in consideration (45) according to which the right to prevent unauthorised extraction and/or re-utilisation does not in any way constitute an extension of copyright protection to mere facts or data, and in consideration (46), which states that the existence of a right to prevent the unauthorised extraction and/or re-utilisation of the whole or a substantial part of works, data or materials from a database should not give rise to the creation of a new right in the works, data or materials themselves. Also, consideration (18) states as follows: Whereas this Directive is without prejudice to the freedom of authors to decide whether, or in what manner, they will allow their works to be included in a database, in particular whether or not the authorisation given is exclusive; whereas the protection of databases, by the sui-generis right is without prejudice to existing rights over their contents, and whereas in particular where an author or the holder of a related right permits some of his works or subject matter to be included in a database pursuant to a non- exclusive agreement, a third party may make use of those works or subject matter subject to the required consent of the author or of the holder of the related right without the sui-generis right of the maker of the database being invoked to prevent him doing so, on condition that those works or subject matter are neither extracted from the database nor re-utilised on the basis thereof. The relation to copyright protection and other intellectual property rights, is also dealt with in Article 13 which, in relation to both copyright protection and the sui-generis right under the Directive, states that the Directive shall be without prejudice to provisions concerning in particular copyright, rights related to copyright or any other rights or obligations subsisting in the data, works or other materials incorporated into a database, patent rights, trademarks, design rights, the protection of national treasures, laws on restrictive practices and unfair competition, trade secrets, security, confidentiality, data protection and privacy, access to public documents, and the law of contract. The rights granted are, according to Article 7(1), rights to prevent extraction and/or re-utilisation of the whole or of a substantial part, evaluated qualitatively and/or quantitatively, of the contents of that database. Certain terms used in that provision are defined in Article 7(2) which states that, for the purposes of Chapter III: a) ‘extraction’ shall mean the permanent or temporary transfer of all or a substantial part of the contents of a database to another medium by any means or in any form; and

49

Technology Advances and IPR b) ‘re-utilisation’ shall mean any form of making available to the public all or a substantial part of the contents of a database by the distribution of copies, by renting, by on-line or other forms of transmission. It is added that public lending is not an act of extraction or re-utilisation. Furthermore, Article 7(5) states that the repeated and systematic extraction and/or re-utilisation of insubstantial parts of the contents of the database implying acts which conflict with a normal exploitation of that database or which unreasonably prejudice the legitimate interests of the maker of the database shall not be permitted. Consideration (43) clarifies that in the case of on-line transmission, the right to prohibit re-utilisation is not exhausted either as regards the database or as regards a material copy of the database or of part thereof made by the addressee of the transmission with the consent of the right holder. Further clarification of the rights granted is offered by consideration (42) which reads as follows: Whereas the special right to prevent unauthorised extraction and/or re- utilisation relates to acts by the user which go beyond his legitimate rights and thereby harm the investment; whereas the right to prohibit extraction and/or re-utilisation of all or a substantial part of the contents relates not only to the manufacture of a parasitical competing product but also to any user who, through his acts, causes significant detriment, evaluated qualitatively or quantitatively, to the investment. In addition, consideration (44) states that when on-screen display of the contents of a database necessitates the permanent or temporary transfer of all or a substantial part of such contents to another medium, that act should be subject to authorisation by the right holder. Exceptions and limitations regarding the sui-generis right are provided for, inter alia, in Article 7(2)(b) which, as regards the right of distribution that forms part of the right of re-utilisation, states that the first sale of a copy of a database within the Community by the right-holder or with his consent shall exhaust the right to control resale of that copy within the Community. As regards the position of the lawful user of a database, Article 8(1) states that the maker of a database which is made available to the public in whatever manner may not prevent a lawful user of the database from extracting and/or re-utilising insubstantial parts of its contents, evaluated qualitatively and/or quantitatively, for any purposes whatsoever. Where the lawful user is authorised to extract and/or re-utilise only part of the database, this paragraph shall apply only to that part. However, according to Article 8(2) and (3), a lawful user of a database which is made available to the public in whatever manner may not perform acts which conflict with normal exploitation of the database or unreasonably prejudice the legitimate interests of the maker of the database, and he may not cause prejudice to the holder of a copyright or related right in respect of the works or subject matter contained in the database. Those provisions may be read in connection with consideration (42) which states as follows: Whereas the special right to prevent unauthorised extraction and/or re- utilisation relates to acts by the user which go beyond his legitimate rights and thereby harm the investment; whereas the right to prohibit extraction and/or re-utilisation of all or a substantial part of the contents relates not only to the manufacture of a parasitical competing product but also to any user who, through his acts, causes significant detriment, evaluated qualitatively or quantitatively, to the investment.

50

Protection of Databases

Exceptions and limitations of a general nature are contained in Article 9 which, in relation to databases which have been made available to the public in whatever manner, allows extraction or re-utilisation of substantial parts thereof: a) in the case of extraction for private purposes of the contents of a non-electronic database; b) in the case of extraction for the purposes of illustration for teaching or scientific research, as long as the source is indicated and to the extent justified by the non- commercial purpose to be achieved; and c) in the case of extraction and/or re-utilisation for the purposes of public security or an administrative or judicial procedure. Consideration (50) adds to this that such operations must not prejudice the exclusive rights of the maker to exploit the database and their purpose must not be commercial, and consideration (51) clarifies that the Member States, where they avail themselves of the option to permit a lawful user of a database to extract a substantial part of the contents for the purposes of illustration for teaching or scientific research, may limit that permission to certain categories of teaching or scientific research institutions. Also, consideration (36) states that the term ‘scientific research’ within the meaning of this Directive covers both the natural sciences and the human sciences. Certain, more specific, limitations follow from consideration (52) which states that those Member States which have specific rules providing for a right comparable to the sui-generis right provided for in this Directive should be permitted to retain, as far as the new right is concerned, the exceptions traditionally specified by such rules. It may also be noted in this context that consideration (47) states that in the interests of competition between suppliers of information products and services, protection by the sui-generis right must not be afforded in such a way as to facilitate abuses of a dominant position, in particular as regards the creation and distribution of new products and services which have an intellectual, documentary, technical, economic or commercial added value. It adds that, therefore, the provisions of this Directive are without prejudice to the application of Community or national competition rules. The original owner of the right is, according to Article 7(1) the maker of a database. To this, consideration (41) adds that the maker of a database is the person who takes the initiative and the risk of investing, and that this excludes subcontractors in particular from the definition of maker. Article 7(3) states that the sui-generis right may be transferred, assigned or granted under contractual licence. The sui-generis right runs, according to Article 10(1), from the date of completion of the making of the database until 15 years from January 1 of the year following the date of completion. In this respect, consideration (53) provides that the burden of proof regarding the date of completion of the making of a database lies with the maker of the database. Paragraph (2) of that Article prolongs the protection of databases that have been made available to the public before the expiry of the term, provided for in paragraph (1), till 15 years from the year of the first making available to the public. Paragraph (3) states as follows: Any substantial change, evaluated qualitatively or quantitatively, to the contents of a database, including any substantial change resulting from the accumulation of successive additions, deletions or alterations, which would result in the database being considered to be a substantial new investment, evaluated qualitatively or quantitatively, shall qualify the database resulting from that investment for its own term of protection.

51

Technology Advances and IPR It follows from consideration (54) that the burden of proof that the criteria exist for concluding that a substantial modification of the contents of a database is to be regarded as a substantial new investment lies with the maker of the database resulting from such investment, and from consideration (55) that a substantial new investment involving a new term of protection may include a substantial verification of the contents of the database. The Directive does not contain detailed provisions concerning the enforcement of the protection, but Article 12 states that Member States shall provide appropriate remedies in respect of infringements of the rights provided for in this Directive. The beneficiaries of protection under the sui-generis right are indicated in Article 11(1) and (2), according to which that right shall apply to databases whose makers or right holders are nationals of a Member State or who have their habitual residence in the territory of the (European) Community and to companies and firms formed in accordance with the law of a Member State and having their registered office, central administration or principal place of business within the Community; however, where such a company or firm has only its registered office in the territory of the Community, its operations must be genuinely linked on an ongoing basis with the economy of a Member State. Article 11(3) mandates the Council, acting on a proposal from the European Commission, to conclude agreements extending the sui-generis protection to databases made in third countries, which are not protected under the first two paragraphs of that Article. The Directive clarifies in that respect, that the term of any protection extended to databases by virtue of that procedure shall not exceed that available pursuant to Article 10, referred to above. Furthermore, consideration (56) implies that agreements extending the protection should be concluded only if such third countries offer comparable protection to databases produced by nationals of a Member State or persons who have their habitual residence in the territory of the Community. After considering the copyright and sui-generis protection provisions at international and regional level, let us look at some national laws in this regard.

7.7 NATIONAL LEGISLATIONS

7.7.1 United States of America Databases under USA law can only be protected by copyright as compilations. There is no special ‘database copyright’ protection. The rights granted to copyright owners in the USA are derived from the United States Code Title 17 − Copyright, Public Law No. 94-553, 1976 (17 U.S.C.). These include literary works, while maps and charts are specifically included under pictorial, graphic and sculptural work. A compilation is defined as the collection and assembling of pre-existing materials or of data that are selected in such a way that the resulting work as a whole constitutes an original work. They are more or less similar to those in UK law with respect to ownership and duration of copyright. After the landmark Feist decision, the protection for non-original or non-creative databases and their content have been taken away. It was held that if there were no original or creative selection involved with regard to facts or data, (in other words to qualify as a compilation) then the database would not be protected by copyright even if effort had gone into its creation. In this case, it was decided that a telephone directory was not protected by copyright. This would be the case for any collection of factual data, such as game scores or stock figures. The author of a compilation or database can only claim originality in the way in which facts are presented. In connection with the applicability of law in terms of duration, the US copyright law provides copyright protection from life of the author plus fifty years to life of the author plus seventy years. In the USA, there are lobbies who are working in support as well as against the enactment of an database protection act. A bill was introduced

52

Protection of Databases

and passed in the U.S. House of Representatives in 1998, but did not succeed in obtaining Senate approval. The Safe Harbour The European Commission promulgating data protection act with effect from October, 1998, prohibited the transfer of personal data to non-European Union nations not conforming the European adequacy standard for privacy protection. United States also in pursuance of the goal of enhancing privacy protection for their citizens brought a bill, which is getting finalised. The United States for avoiding the hurdles and meeting European countries norms in this regard relies on an alternate route viz. the Safe Harbour. This is an agreement between the US Department of Commerce and the European Union made in November 2000 in order to facilitate the US companies export and handle the personal data such as names and addresses of European citizens. This is an attempt to meet the adequacy norms of EC. Safe Harbour, inter-alia, stipulates that companies collecting personal data must inform people that the data is being gathered, and also inform them the purpose of such data collection. Prior to passing the data to a third party, companies are bound to obtain consent in doing so. Data integrity and security are required to be ensured and a means of enforcing compliance must be guaranteed.

7.7.2 Australia In Australia, the principal means by which databases can be protected is by resorting to the law of copyright. In certain circumstances, other legal remedies may be available to prevent unauthorised access to or exploitation of databases, e.g. confidential information, contract and patent acts. According to The Copyright Act 1968, they are protected as a literary work on the premise of originality of the database or that sufficient skill and labour has been put up to make the compilation as the original work. Originality, here involves not only the creativity but also not to be copied. Australian law further clarifies that the content consisting of factual material will not be protected by copyright. This will be protected only in the form in which the facts are expressed i.e. compilation. An issue more or less similar to the famous Feist case of the USA came before the Australian Full Federal Court in Desktop Marketing Systems Private Limited versus Telstra Corporation Limited case. The issue before the court was, whether Telstra was entitled to protect its databases in its White Pages and Yellow Pages telephone directories under the Copyright Act 1968 from their production on CR-ROM by Desktop Marketing. Whether the latter company violated the copyright in the matter? Reference of Feist case was cited and it was unclear as to whether the sweat of the brow doctrine still applied or whether the more stringent test in Feist would be applied, which required the compilations or databases of the facts to satisfy a threshold test of creativity in order for them to be regarded as sufficiently original to give rise to copyright protection. The Full Court expressly deviated from the opinion of the US Supreme Court and held, originality does not always involve the creative spark identified as essential in Feist. Concisely, their decision substantially defined the applicability of copyright act to database protection as an original literary work if compiler had exercised skill, judgement or knowledge in selecting the material for inclusion in the compilation or in presenting or arranging the material and/or put substantial labour or incurred substantial expense in collecting the information recorded in the compilation. Further, copyright in a compilation of facts will be infringed only where the alleged infringer takes a substantial part of the copyright work. Accordingly, it appears that most databases of facts will be regarded, in Australia, as sufficiently original works for copyright to subsist in them.

7.7.3 China

53

Technology Advances and IPR The People’s Republic of China does not have law for sui-generis protection of compilations of data such as databases. Moreover, they do not propose any specific legislation dealing with databases and any specific definition of the term “database” in their country’s legislation or case law which could be extended both to electronic and non-electronic databases. Similar to India, Australia and other countries, China provides safeguards to compilations under copyright protection law. Accordingly, the provision seems to apply to both, the collections of literary and artistic works and the compilations of data or material other than literary and artistic works. According to the Copyright Law of the People’s Republic of China, a compilation shall have originality in the selection or arrangement of its contents in order to be protected as a work by copyright law. There are no supplementary criteria to selection and arrangement, and neither are there explicit requirements for the level of originality. Whether a compilation is original and thus considered as a work is generally decided by a court according to the specific circumstances of the compilation. Nevertheless, mere hard work in gathering data or sweat of brow will not be sufficient to qualify a compilation as original. The scope of copyright protection of compilations in China has not been very clearly specified in the copyright law; and in its implementing regulations, it refers inter-alia in very general tone that a protected compilation can be copied without infringing the copyright in the compilation except in the cases provided in Article 22 of the Copyright Law. However, there are alternative laws to protect databases to a certain extent. The already enacted Anti Unfair Competition Law safeguards databases not meeting the copyright protection standards but constitute trade secret. Similarly, the Contract Law of the People's Republic of China and the Civil Code of the People's Republic of China extends their provisions to protect databases which do not meet the copyright protection standards.

" Spend SAQ 4 4 min. In your opinion, how long should the data protection be applicable?

7.8 DATABASE PROTECTION IN INDIA

India has no separate legislation and sui-generis protection of compilations dealing specifically with databases. However, it has provided sufficient protection in the Information Technology Act, 2000 and the Copyright Act, 1957. The word database has been defined therein. As discussed in Sec.7.3, this definition appears to extend only to electronic databases. India, while dealing with database protection under the Copyright Act, 1957 or any other provisions as mentioned in Information Technology Act, 2000 attempts to follow the sweat of the brow doctrine.

In a case Burlington Home Shopping versus Rajnish Chibber, 1995 PTC (15) 278 the Indian court referred to and relied on various commentaries on lists protected as trade secrets.

The Eastern Book Company versus Navin J. Desai, 2002, case involved a database of copy-edited judgments along with head-notes published by the claimant on CD- ROM. Briefly the case was that Eastern Book Company involved in publication of books on law since long had published a software package on CD-ROM. Defendant Navin J. Desai and another defendant D.B. Modak had developed separate software packages on CD-ROMs. Eastern Book Company as the Plaintiff filed suits against the defendants alleging that they had infringed its copyright in the CD-ROMs and thus incurring them loss. Defendant arguing on scope, alleged the plaintiffs for stunting the healthy competition by retaining monopoly over publication of Supreme Court judgments in CD-ROM form and copyright granted in relation to an original literary work. In this particular case the judgments of courts were in the public domain and could not be appropriated by one party. The Court found that the plaintiffs had no copyright in the judgments published in their law reports on the ground that:

54

Protection of Databases

[A] copyright is a limited monopoly having its origin in protection. But there cannot be any monopoly in the subject matter which the author has borrowed from public domain. Others are at liberty to use the same material ... .

The case may be cited as the one which continue to hold the sweat of the brow doctrine as the decision was predominantly based on Section 52 (1) (q) (iv) of the Copyright Act, 1957 which states that it is not an infringement of copyright to reproduce or publish judgments of Courts. The matter is presently in appeal before the Supreme Court of India.

Section 13 of the Copyright Act, 1957, however, safeguards the copyright protection to original literary works, which include compilations. The next section of this act also deals with the exclusive rights that subsist in a literary work including the right to reproduce or store it, to issue copies to the public, to perform or communicate it to the public, to make a translation or adaptation etc. The copyright act also mentions duration of copyright in Section 22 of the Act as for 60 years from the beginning of the year following the death of the author. In case of computer-generated work, the extent to which a compilation may be copied without infringing the copyright in the compilation requires judicial guidance.

India, recognising the need of creating appropriate confidence among investors and foreign companies to ensure them that the data they send to India for back-office operations is indeed safe is poised to tighten the data protection law and privacy regime in place. Rather than having a separate law to deal with data security and privacy issues, the government is considering an amendment to its Information Technology Act of 2000. The act in its existing form only covers unauthorised access and data theft from computers and networks, with a maximum penalty of about $220,000, and does not have specific provisions relating to privacy of data. The new clauses intend to enable the act to conform to the so-called adequacy norms of the European Union's Data Protection Directive and the Safe Harbour privacy principles of the US. However, in lack of an effective data protection regime in place, Indian BPO companies have implemented processes such as the BS7799 standard for information security management.

Sustaining the Growth of Indian ICT Industries India having proved itself as the leading destination for offshore outsourcing in ICT sector has achieved a target of US$ 17.2.billions in 2004, which is over one third higher than the value of services sourced from Canada, the next preferred destination. India expecting a Compounded Annual Growth Rate (CAGR) of 24 percent is thriving to reach US$ 94 billion by 2008. Due to the emerging competition in this sector from other countries and the pressure from the countries outsourcing work to India demanding assurance that the data being sent by them are safe from any sort of breach, a need for stronger database protection is felt. Companies and individuals in the West being fully aware that their critical data is being transferred to offshore destinations began expressing their concerns around the security of proprietary information and the confidentiality of personal data being sent to offshore locations. Hence, Indian vendors and the government are committed to ensuring any business risk by exceeding the levels of information security expected by their clients. They have been evolving and putting in place effective frameworks relating regulations, infrastructure standards and processes for managing information risks in this regard. The companies working under EC directives for data protection and companies in US and other countries require the host nation to have a stringent legal framework to deal with data protection and intellectual property rights issues so as to enable them to take legal action against the vendor in case of violations. They have their demands for adhering to international security standards, robust verification and auditing process

55

Technology Advances and IPR to track processes like the development of a software code and authenticity of a telephone call. In order to avoid theft of data, hardware network access at the floppy disk, CD-ROM level has to be monitored, ensuring that documents do not get copied through electronic or physical means. Companies from outsourced destinations want all these in place. Considering all these aspects as critical to business as well as customers’ privacy, regulatory environment in India has been put to addressing network security, personnel security, physical security, customer privacy and information protection in the Indian IT Act, the Indian Contract Act, the Indian Penal Code, and the Indian Copyright Act. The EU, the UK and the US have well-defined and comprehensive laws on data protection covering security and privacy. The EU has a comprehensive data protection act covering all sectors. While India lacks specific laws on privacy and data protection, there are proxy laws and other indirect safeguards, which provide adequate protection to companies off-shoring work. Further, the government is proactively strengthening the existing legal system to cover data protection issues. A few of the proxy laws are Section 65, 66 and 72 of the Indian IT Act, the Indian Contract Act, Section 406 and 420 of the Indian Penal Code, and the Indian Copyright Act. You may now like to attempt an SAQ.

" Spend SAQ 5 3 min. What are other possible alternatives for a sui-generis system in India?

7.9 LAWS GOVERNING INFORMATION PROTECTION IN INDIA

7.9.1 Information Technology Act, 2000 In May 2000 the Indian Parliament passed the Information Technology Bill now known as the Information Technology Act, 2000. The Act covers cyber and related information technology laws in India. Some of the salient features of the Information Technology Act, 2000 include:

• Chapter II states that any subscriber can authenticate an electronic record with his digital signature, and subsequently any person can verify that document by using the subscriber's public key.

• Chapter III states that all electronic records and digital signatures have legal acceptance. The chapter also confers rights to the Central Government to make rules with respect to digital signatures.

• Chapter IV deals with the attribution, acknowledgement and dispatch of electronic records and digital signatures.

• Chapter VI deals with the regulation of the certifying authorities. The chapter also lists the powers of the Controller to investigate any contravention to the provisions of the Act.

• Chapter VII and VIII state the conditions under which a digital signature may be suspended or revoked.

• Chapter IX states that any person who accesses, downloads, copies, extracts data without authorised means or permission is punishable. It also states that any person tampering with, damaging, denying unwarranted access to or manipulating any computer system shall be liable to pay damages by way of

56

Protection of Databases

compensation not exceeding Rs.10 million to the affected persons. Introducing viruses or causing disruptions in a computer are also punishable under the Act.

• Chapter X describes the role of the Cyber Regulations Appellate Tribunal.

• Chapter XI deals with offences such as wrongful loss or damage or destruction of information, deletion or alteration of any information in a computer network, 'hacking' etc. and prescribes their punishment. It also includes offences such as tampering with computer source documents, publishing obscene information, misrepresentation, breach of confidentiality and privacy.

• Chapter XII states that if a network provider/intermediary can prove that he has taken diligent steps to prevent the offence he has been charged with or that it was unintentional, he is not punishable under the Act.

Digital Signatures

Having accorded digital signatures legal acceptance under the IT Act, the Controller of Certifying Authorities was set up to implement the IT Act. The Controller has so far issued licenses to four players who can issue digital signatures. These are Safescrypt Limited, National Informatics Centre (NIC), Institute for Development and Research in Banking Technology (IDRBT), and Tata Consultancy Services (TCS). Government of India in July 2001 issued a set of laws known as the Information Technology (Certifying Authority) Regulations, 2001 detailing the functioning of the certifying authorities in issuing digital signatures.

7.9.2 Indian Copyright Act

India claiming to have one of the most modern copyright protection laws in the world brought amendment to the Copyright Act of 1957 in 1999, to make it fully compatible with the provisions of the TRIPS Agreement. This is known as the Copyright (Amendment) Act, 1999 and became enforceable from January 15, 2000. The 1994 amendment of the Copyright Act of 1957 encircled the sectors such as satellite broadcasting, computer software and digital technology under its purview. Issuance of the International Copyright Order, 1999 extends the provisions of the Copyright Act to nationals of all World Trade Organization (WTO) member countries.

As per the provision in the Indian Copyright Act, 1957 and as amended in 1994- 1995, any person who knowingly makes use on a computer of an infringing copy of computer programme shall be punishable. According to Section 63 B, attracts a minimum jail term of seven days. The Act further provides for fines, which shall not be less than Rs.50,000, but may extend up to Rs.200,000, and a jail term up to three years or both.

Let us now summarize the points covered in this Unit.

7.10 SUMMARY

• The copyright protection is granted to databases possessing originality in selection and arrangement.

• National laws differ in providing database protection under sweat of the brow doctrine.

• The scope of copyright protection for databases should be in line with the granted to other works.

• Databases can also be protected by sui-generis system.

57

Technology Advances and IPR • There should be limitations and exceptions on sui-generis protection in line with the copyright protection for databases possessing originality. These may include private use, scientific research, education, public security and government purposes.

• Different national laws vary in IP instruments of database protection.

• In India, Information Technology Act 2000 and Copyright Act are main tools providing protection to databases.

7.11 TERMINAL QUESTIONS Spend 20 min.

1. If the arrangement of materials in databases, at least in electronic ones, are done by the software employed in creating the database and are changeable according to the software user’s requests, then what is the meaning of arranged materials?

2. What is the scope for copyright protection of compilations under the Indian Copyright law?

3. Does Indian Law provide any supplementary criteria to selection and arrangement? If so, what is the level of originality required for a compilation to be considered a work? Does sweat of the brow qualify a compilation as original?

4. “Digital signatures” is a phenomenon that attracts attention both from a technical and legal point of view. How can the use of digital signature enhance information security in the context of data interchange via the Internet?

7.12 ANSWERS AND HINTS

Self Assessment Questions 1. The Database Directive provides not less than three qualifying attributes. Firstly, the materials incorporated into the database have to be ‘independent’. This presumably means that each of the items included in the database should be known and recognised. Secondly, the materials have to be arranged in a systematic or methodical way. Thirdly, the materials are individually accessible by electronic and other means. This last attribute is closely related to the ‘independent’ attribute. If the items in the database could be ‘individually accessible’ then they are identified and discrete items. 2. The database maker must have the right to prevent unlicensed extraction and re- utilisation, and the definition of these notions may be akin to that found in Directive 96/9/EC. Section 14 of the Copyright Act specifies the exclusive rights that subsist in a database, being, inter alia, the right to reproduce or store it, to issue copies to the public, to make a translation or adaptation etc. The right of rental which is covered by re-utilisation is not specifically covered and it is therefore recommended that this right of re-utilisation be extended to copyrightable databases as well. 3. When a national law does not contain provisions concerning copyright protection of collections or compilations of subject matter other than works, this could not be taken automatically to mean that such collections or compilations do not enjoy any copyright protection at all. This is particularly, but not exclusively, so in the countries party to the Berne Convention, because those countries have undertaken to grant protection to works under the provision in Article 2(1) of the Berne

58

Protection of Databases

Convention. Accordingly, the interpretation of that provision, should apply in the national legislation of those countries. 4. The protection for unoriginal databases ought to be fixed for a period of 10-15 years. Furthermore, even if the database is substantially modified or altered by way of substantial investment, the protection of the original database must come to an end at the end of the 10 or 15 year period, so that the original database falls into public domain. Only the substantial alterations may qualify for a fresh term of protection, and not the complete database as a whole. 5. Unfair Competition Law Trade Secrecy Law Indian Contract Act, 1872. Information Technology Act, 2000 Terminal Questions 1. The ‘systematic arrangement’ requirement mainly asserts the structured nature of databases. A database, by its inherent nature, is information with respect to the materials, such as description, location, relationship to other materials etc. This process can be considered to be the ‘systematic arrangement’ requirement. 2. The Indian copyright law provides for copyright protection of compilations as literary works, but does not stipulate the content of a compilation. Since the definition of a literary work includes computer databases, which under the Information Technology Act, 2000 includes audio and video, it may be argued that the electronic databases may comprise of collections that are not restricted to only literary and artistic works. 3. The Copyright Act, 1957 does not limit protection only to compilations which by reason of the selection or arrangement of their contents constitute intellectual creations. It does not mandate supplementary criteria to selection and arrangement. The level of originality for a compilation to be considered a work, and the “sweat of the brow” in gathering data have been the subject of some cases before the Indian Courts. India being a commonwealth country follows the sweat of the brow doctrine. 4. The use of digital signature can enhance information security of data interchange via Internet, in the aspects of i) confidentiality ii) availability iii) data integrity iv) accountability. Digital signature helps to identify the sender of the electronically transmitted information, who shall not be able to deny the fact that it was he or she who has initiated the transmission and to establish whether the transmitted information has been distorted in any way. These purposes are achieved in reality by using a pair of public key and private key. The sender can encrypt the message with the receiver’s public key so that only the receiver can read it by decrypting it with her secret key; the sender sings the message with his or her own secret key, and the receiver can verify the sender by using the public key of the sender, stored in a safe place.

59