|
|
Home
| Databases
| WorldLII
| Search
| Feedback
Computers and Law: Journal for the Australian and New Zealand Societies for Computers and the Law |
WHOSE DATA IS IT ANYWAY?
COPYRIGHT PROTECTION OF DATABASES AND
BIG DATA THROUGH THE LOOKING GLASS
TANA PISTORIUS[*] AND JUAN-JACQUES JORDAAN[†]
ABSTRACT
This paper addresses a number of copyright issues that arise in relation to the protection of data and databases in the data economy. The paper questions the copyrightability and the ownership of aspects of Big Data. A related issue is the nature and scope of the copyright protection of electronic databases from a common-law perspective. Is the recognition of computer-generated works in South Africa and New Zealand helpful in navigating copyright protection of collections of data in the data economy? The lawful processing of personal information also gives raise to several new copyright issues. The paper addresses the nature of data subject participation rights and consumer data rights and their impact on the copyright protection of databases. For example, where data subject participation rights allow data subjects, under certain circumstances, to reach over the proverbial database-ownership copyright wall and cause the database owner to remove or amend personal information, it may have the effect of amending the original work. It is questioned whether new legislation in the EU, which seeks to protect the public interest while promoting private enterprise, should be adopted in Australasia.
CONTENTS
Technological advancement has for ever changed the protection and value of data, datasets and databases. What was previously known as the ‘database problem’ has been compounded by the EU’s Data Act Proposal and the Data Governance Act. What used to be known as the database problem has now become a Gordian knot.
Businesses have come to realise the value of their data and are beginning to treat it as an asset in itself and a means of creating value.[1] As businesses merge and split, the data these businesses possess, is considered to have economic value that form part of the businesses’ asset base.[2] Mergers and business takeovers are essential aspects of business and the economy and they affect many stakeholders, including those falling within the scope of various regulators.[3]
Businesses’ needs, which are essential to driving and developing the modern data economy, encompass access to and the use of databases and datasets.[4] The protection of the intellectual property that vests in these databases and datasets is of increasing importance. The ownership of data, datasets and databases, however, must be balanced against the data subjects’ right to privacy which includes not having their personal information exploited. Ultimately, data-protection principles are conceptually and practically a fine balancing act between individual rights, societal values, national security and economic efficiencies, among other considerations.[5]
The ownership of Big Data[6] as an asset and its valuation is a topic of considerable discussion and bargaining.[7] It has also been argued that the universal principle of property ownership should extend to virtual property, which exists only electronically: so-called virtual property rights.[8] By extension, this would mean that any creation of Big Data made by computers and existing only in electronic format should be recognised as a form of property. The World Economic Forum has even suggested that personal information in itself is a new asset class that will require new interpretations regarding the individuals to whom the information relates.[9] It therefore remains to be seen whether Big Data will be classed as an asset or whether the data subjects’ rights will trump such ownership.
This exploitation of data brings up the debate about who owns Big Data, or rather segments of Big Data, and therefore who is permitted to exploit the data contained in them. The debate about copyright ownership of Big Data is far from over, especially considering the rapid speed of technological development and economic progress which is dependent upon this data.
The recent proliferation of bots that scrape datasets for the development of artificial neural networks (more commonly known as artificial intelligence (AI)) applications highlights the copyright issues related to the use of copyright works as training data.[10] Copyright owners assert the need for proper licensing where AI training data includes copyright works whereas the developers are in favour of a license-less approach.[11]
Besides the question of the copyright ownership of databases, one may question whether it is possible to have ownership and control over both information and data.[12] The recent recognition of consumers’ rights in data generated by connected devices, discussed below, has compounded the issues.
The current position regarding raw data is to view a database as a storage space which is capable of ownership; but the data contained in the database is not owned or capable of being possessed without a legal foundation,[13] such as copyright or data-protection laws that explicitly provide for such ownership or possession. It must be borne in mind that a vast part of the Big Data can comprise or at least include personal information[14] and that this may have an effect on the legalities applying to a database.
From a copyright point of view, Big Data ownership is hampered if the database contains data that can identify an individual, as data-protection legislation compounds the meaningful ownership of that data[15] and therefore reduces the commodity value of the Big Data. In reality, the very purpose of using Big Data to identify trends and persons through the analysis of data may create a situation where raw data becomes personally identifiable.[16] This element of identifiability in Big Data would lead to such data falling within the scope and under the scrutiny of data-protection laws,[17] again making ownership protection difficult or impossible. Organisations that aggregate data generally assume that they hold the rights to the data they possess and, as such, have the right to analyse it and exploit the results or findings of their analyses.[18] Similarly, some organisations that exploit datasets for the purpose of machine learning also operate under those assumptions. Hugh Stephens has pointed to the fact that some AI developers belong to the ‘better to ask for forgiveness after rather than permission before’ school of thought.[19]
It is not clear-cut whether the exploitation of datasets as data training falls under the data mining exception under EU law.[20] The Digital Single Market Directive defines text and data mining in article 2(2) as ‘any automated analytical technique aimed at analysing text and data in digital form in order to generate information which includes but is not limited to patterns, trends and correlations’.
Although one could argue that the use of training data to create AI applications involve the analysis of data in order to recognise patterns which are then applied to parameters of the AI, the fact that a black box approach is used in AI applications obscures the issue.[21] The data mining exceptions and limitations have neither been adopted in the copyright law of Australia nor in New Zealand. This certainly casts a longer shadow on the lawfulness of the unlicensed use of copyright works as training data.
Despite the economic and copyright ownership and infringement debates, the reality is that data already exists as a commodity.[22] Baron notes that in the use of databases, a database owner could exploit the economic potential of the data if the database contents could be effectively structured in a manner in which the owner could claim ownership of both the database[23] and the information contained in it.
Databases are a collection of recorded and organised data or information in an electronic or digital format from which data or information may be accessed, reproduced or retracted. Databases are generally protected in terms of copyright law in the same manner as literary works. In South Africa the Copyright Act provides the definition of a ‘‘literary work’’, which includes tables and compilations, including tables and compilations of data stored or embodied in a computer or a medium used in conjunction with a computer, but shall not include a computer program.[24]
The definitions of ‘tables’ and ‘compilations’[25] include Big Data databases. Data and datasets, as would be the case in Big Data databases, should qualify for protection in South Africa as ‘literary works’, with the requirement of originality being the determining factor for qualification in respect of the works[26] or in this case, the data or the dataset.
Some jurisdictions such as New Zealand and South Africa, still infuse the originality requirement with skill and labour as opposed to creative input – also known as the the 'sweat -of-the-brow' approach to database protection.[27] In New Zealand courts held that skill, judgment or labour[28] or effort, skill and labour[29] were sufficient to impart originality to the works.
In Haupt t/a Softcopy v Brewers Marketing Intelligence (Pty) Ltd [30] Streicher JA confirmed that, because the South African Copyright Act originated from the English law, creativity is not a requirement for copyright protection. The court then confirmed the test for originality in South African copyright law is: ‘Save where specifically provided otherwise, a work is considered to be original if it has not been copied from an existing source and if its production required a substantial (or not trivial) degree of skill, judgement or labour’.[31]
This low threshold for originality suffices and neither a higher standard nor any level of creativity is required. For example, a directory of telefax users,[32] a catalogue and a price list[33] and an electronic database[34] qualified for copyright protection. Dean[35] submits that the skill and labour which go into the compilation must be such that the compilation cannot simply be regarded as a copy of existing subject-matter, but rather as a work that contains features and qualities absent in the material form from which it was initially composed.
The arrangement and selection of data are critical components pertinent to the originality requirement for the protection of databases. However, the selection aspect may be removed where a database is too comprehensive, with the result that very complex databases will enjoy less protection.[36] The digital embodiment of electronic databases meet the other intrinsic requirement for copyright protection, namely the material embodiment requirement. It must be noted, however, that the copyright protection of a database does not extend to the raw data contained in the database.
The question of human authorship is important as Big Data often exist of machine-generated data. Guadamuz notes that creative works qualify for copyright protection if they are original, with most definitions of originality requiring a human author. Most jurisdictions, including Spain and Germany, state that only works created by a human author can be protected by copyright.[37]
There are two ways in which copyright law can deal with works where human interaction is minimal or non-existent. It can either deny copyright protection for works that have been generated by a computer or it can attribute authorship of such works to the creator of the computer-generated work. In the United States, for example, the Copyright Office has declared that it will ‘register an original work of authorship, provided that the work was created by a human being.’ This stance flows from case law[38] which specifies that copyright law only protects ‘the fruits of intellectual labor’ that ‘are founded in the creative powers of the mind.’
In Europe the Court of Justice of the European Union has also declared on various occasions, particularly in its landmark Infopaq decision[39] that copyright only applies to original works, and that originality must reflect the ‘author’s own intellectual creation.’ This is usually understood as meaning that an original work must reflect the author’s personality, which clearly means that a human author is necessary for a copyright work to exist.
Similarly, in an Australian case,[40] a court declared that source codes were not original because they were generated by a computer, not written by a human author or by joint authors. Shortly, a work generated with the intervention of a computer could not be protected by copyright because it was not produced by a human.
The second option, that of giving authorship to the programmer, is evident in a few countries such as India, Ireland, New Zealand and the UK. This approach is best encapsulated in UK copyright law, section 9(3) of the Copyright, Designs and Patents Act (CDPA), which states: ‘In the case of a literary, dramatic, musical or artistic work which is computer-generated, the author shall be taken to be the person by whom the arrangements necessary for the creation of the work are undertaken.’
Furthermore, section 178 of the Copyright Designs and Patents Act defines a computer-generated work as one that ‘is generated by computer in circumstances such that there is no human author of the work’. The idea behind such a provision is to create an exception to all human authorship requirements by recognizing the work that goes into creating a program capable of generating works, even if the creative spark is undertaken by the machine.
In Europe, the EU Database Directive[41] deals with the matter of databases under copyright law and also provides database creators with a sui generis right to databases. The European Union adopted a novel approach in the Database Directive[42] after nearly eight years of deliberation. The Directive provides a two-tier form of protection. It strives to create a harmonised level of copyright protection for ‘original’ databases.[43] A novel ‘sui generis’ right to protect investments in databases was also introduced.[44] Both rights differ in terms of requirements for protection, duration of rights, scope of protection, the exceptions or limitations that apply and the determination of the right holders (both natural and legal).[45]
The Database Directive extends copyright protection to databases that constitute ‘the author's own intellectual creation’ -- databases which evidence some measure of ‘originality’ or ‘creativity’ on the part of the author.[46] Article 5 states that compilations of data or other material, in any form, which by reason of the selection or arrangement of their contents constitute intellectual creations, are protected as such.
When, from a qualitative or quantitative perspective, a substantial investment has been shown to be made in a database, its makers may claim a right to it.[47] European legislation therefore provides some protection for the contents of databases,[48] which would also apply to the protection of Big Data databases.
Big Data is premised on the collection of as much raw data as possible.[49] In order to create a commodity, private ownership of data must be possible. Technological advances have facilitated the creation of big databases which are becoming more efficient and valuable. These databases often consist of vast collections of personal information. In such cases, their creation has raised questions about data subjects’ rights to participate and to oversee or control the manner in which their data is being used in these databases – a phenomenon which has become known as the ‘database problem’.[50]
As society and businesses have developed, novel and previously unimaginable threats to privacy have emerged. These include data matching, where different sets of unrelated data are compared using a common denominator to match records; profiling, where historical information or records are used to create a profile about a data subject; data mining, which is the processing of databases for the discovery of knowledge,[51] and web harvesting or the use of bots to scrape data and datasets from websites and other online repositories of data. Given these developments, it may be argued that data subject participation rights is a mechanism to guard against these modern harms.
Data subject participation rights[52] provided for in data protection legislation are akin to giving data subjects a right of control over their personal information. A data subject has a prima facie right to exercise such rights over a database controlled and owned by a responsible party, simply because the data subject’s personal information is contained in that database. In effect, they are exercising a right over someone else's property.
By way of example, where the data subject requests a database owner (i.e. a responsible party) to remove or modify their personal information contained in a database,[53] this will have the effect of forcing the database owner to amend its intellectual property at the instruction of the data subject. This would then lead to the question if one may argue that the data subject granted an implied licence to the database owner to include the data subject’s personal information in the database.
Consequently, a database may soon only be considered a collection of licensed information that can be protected through contractual agreements with data subjects. These data subject participation rights[54] allow the data subject, in certain circumstances, to reach over the proverbial database-ownership copyright wall and cause the database owner to remove or amend their personal information.[55]
In the case of a large data processor, for example one of the tech giants, the negative possibilities are considerable, especially if all users simultaneously request that their personal information be removed. Before data protection legislation was enacted, it would have been challenging, if not near-impossible, for data subjects to unilaterally change the content of a third-party database owner’s database.
A dramatic shift has taken place in the EU regarding the ownership and use of Big Data. In February 2022, the Data Act[56] was proposed to promote the sharing of data, particularly data generated by the use of connected objects and the Internet of Things, between companies (B2B) and consumers (B2C).[57] The Data Act Proposal defines who can use what data, and under what conditions. The Data Act Proposal also enhances consumer protection by allowing users to control their data generated by digital technologies and to transfer it to third parties. This has a positive impact on competition in the digital markets as it curbs the data power of entrenched tech giant companies. [58] The Data Act Proposal creates legal certainty, for both consumers and businesses, around access to data generated by products and services.[59]
The Data Governance Act[60] sets out a framework for data intermediation service providers (DISPs). Data intermediation services are defined in the Act as services which aim to establish commercial relationships between data subjects and data holders on the one hand and data users on the other, for the purposes of data sharing through technical, legal, or other means, such as infrastructure, platforms, or databases.[61]
The Data Act Proposal and the Data Governance Act are crucial pillars of the European Strategy for Data.[62] The Data Governance Act entered into force on 23 June 2022 and, following a 15-month grace period, will be applicable from September 2023. The Data Act Proposal was adopted by the European Parliament on 14 March 2023, and it must still be approved by the European Council. These new instruments aim to create market fairness in the allocation of the value created by data. DISPs manage commercial relationships between data subjects and data holders on the one hand and data users on the other, for the purposes of data sharing.
As noted above, the Data Governance Act and the Data Act Proposal form part of a European strategy for data. The Data Act Proposal covers both personal and non-personal data (as opposed to the GDPR which relates to personal data only) so both apply to mixed data. The Data Act Proposal strengthens the GDPR and existing rights and obligations under the GDPR remains unaffected. It has been noted that the Data Act Proposal also strengthens data portability and gives users the right to access and port both personal and non-personal data.[63] The Data Governance Act and the Data Act Proposal complement each other as the former sets out rules for data intermediaries and data altruism and the Data Act Proposal clarifies the rules related to the creation of value from data.[64]
The commodification of information has been firmly entrenched in the European Union. Provision is made for consumers’ ‘personal data spaces’. Furthermore, provision has been made in the Data Governance Act for the creation of ‘e-wallets’ to secure consumers’ personal data. This will also have a ripple effect and will compound the database problem.
In summary, the question of data ownership has become more pertinent than ever before. This is due, firstly, to the fact that much of the data being stored in huge databases are created and owned by a few dominant tech giants. Secondly, the use of training data and the proliferation of data scraping techniques have become prominent due to the rise in AI applications. The regulation of personal information, consumer data and machine generated data have become important building blocks of the European data economy. The regulatory environment in Europe will enable organisations to move beyond surveillance capitalism to data capitalism. In short, to innovate through data. To the exploit data for profit.
The copyright protection of databases continues to play an important role. The same underlying policy objectives that support the protection of literary works also underlie the protection of databases, a species of literary works, especially in jurisdictions that have a low threshold of originality. However, these assumptions should be questioned as far as the copyright protection of electronic databases is concerned.
Big Data is not a unique form of data, but simply vast amounts of data which is difficult to process using traditional data-processing methods. Big data is immensely valuable to the data economy. With data processors using novel and unique technologies to process this Big Data and performing a vast amount of work on the data, the question of the ownership, from an intellectual property perspective, arises, but it is one that remains unclear and unsettled. This is something that the regulators would have to consider in dealing with updated proprietary forms of protection for data and databases in the future.
As the law currently stands, Big Data as such is not regulated in most jurisdictions, but certain aspects – such as personal information contained in Big Data – are regulated to ensure the personal information of identifiable individuals are processed lawfully. The regulation of data is therefore based on the content of a database and not on a database as a system. This position has been described as a flawed basis for the protection of personally identifiable information.[65] This is especially true if we consider the vast economic significance of consumer data.
The EU Database Directive deals with databases both as a copyright work and as a sui generis right, whereas New Zealand and South Africa view databases as literary works to be protected under traditional copyright law. The EU Database Directive excludes, with good reason, single source databases. A series of South African cases[66] illustrate that the copyright protection of single source databases may be used in a defensive and anti-competitive manner to lock out competitors. It submitted that the underlying policy objective of copyright law is not being served where the extensive protection afforded to the owners of electronic databases are used in a manner that deter competition. This is especially true where a database is the sole source of information. Copyright protection may act as a barrier to competitors especially where such a database has become an industry norm or where it is the single source of information; and it functions akin to an essential facility. In these circumstances it can be argued copyright abuse rears its ugly head.
It may be argued that a sui generis right of ownership exists in respect of any personal information belonging to the data subject. The data subject may license such personal information to the responsible party, which licence is subject to revocation at any time if no other legitimate reason for retention or use exists. The definition of property is changing, but the question remains if the definition of property could be expanded to include a data subject's digital identity and thus provide for the concomitant protection of such property. With the increase in cybercrime, specifically that focused on identity theft, it is these authors’ view that if identity is something that can be stolen, and therefore something that must be capable of ownership, it should be granted a sui generis right to its protection.
In respect of licensing considerations, many of the global social media networks license the use of their databases to third parties for a fee, but without consideration being given to the rights of the data subjects that provided the data. We question whether data subjects’ rights to their own data are being overridden by unilateral terms of use, and what that means for the ownership debate. Almost two decades ago writers have suggested that new legislation which protect the public interest while promoting private enterprise should be adopted; secondly that databases should be removed from the ambit of copyright law.[67] It was argued that such legislative approach would allow for the commercialisation of rights in information property and simultaneously require government oversight due to the dangers inherent in allowing vast collections of data to be commercially exploited.[68]
As society races into the future creating and collecting ever more data, the need for data-protection laws has become abundantly clear. However, while adequately protecting the interests of data subjects, these laws must not stand in the way of technological progress.[69] Whether this is done in the form of providing a sui generis right of ownership to databases of personal information or identity or through some other manner of protecting databases remains to be seen. What is certain is that existing laws do not apply to Big Data with ease.
Specific laws could be created to deal with the ownership of Big Data. A case in point is the holistic approach in the EU through the Database Directive, the Data Act Proposal and the Data Governance Act. Collectively, these instruments provide innovative solutions that form a legislative framework for the promotion of the growth of the EU data economy. We are of the opinion that the debate over the ownership of data has not been adequately explained or justified beyond Europe. The issues concerning the ownership of data requires much more exploration and analysis in Australasia.[70]
In essence, the world is a borderless place where the free flow of data between countries is commonplace and the quest for data is the ultimate goal. What is needed appears to be a global shared framework based on principles or conditions for the protection of data. In 2008 one author naively noted the following regarding the protection of information with reference to the database right:[71]
Policy considerations underlying the regulation of access to information and access to knowledge should be heeded. It can never been seriously proposed that information itself should be protected (except by the law regarding trade secrets)
...
There is a long-standing principle that copyright should not be extended to cover basic information or “raw” data. However, as evidenced by the ECJ’s differentiation between the “creation” of data and its obtaining demonstrate, the “sui generis” right comes precariously close to protecting basic information.[72]
With the benefit of hindsight it is clear that their assumptions about the value of data were naive. It is clear that technological advancement has for ever changed the landscape of database protection and our preconceived notions about data, datasets, and data ownership.[73]
[*] Professor and Head of Department of Commercial Law, The University of Auckland.
[†] Legal Practitioner, Durban, Kwa-Zulu Natal. This article is partially based on Juan-Jacques Jordaan Legal Implications for the Processing of Big Data – a South African Perspective (LLM dissertation, University of South Africa, 2020). Funding through the SARChI Chair (South African Department of Science and Technology) is acknowledged.
[1] Ira Rubinstein ‘Big Data: The End of Privacy or a New Beginning?’ [2013] International Data Privacy Law 74, 76.
[2] Jacques B Stander ‘The Modern Asset: Big Data and Information Valuation’ (MSc thesis, Stellenbosch University, 2015) 132.
[3] MAL Phakeng ‘Deal Protection Measures in Takeovers and Mergers: Break Fees’ (2018) 39(2) Obiter 430, 438.
[4] A ‘dataset’ is defined as a particular collection of data, gathered for a purpose. See ‘Introduction to data’, Data.govt.nz (Web Page, 23 April 2021) <https://www.data.govt.nz/toolkit/intro-to-data/>.
[5] O Tene and J Polonetsky J ‘Judged by the Tin Man: Individual Rights in the Age of Big Data’ (2013) 11 Journal of Telecommunications and High Technology Law 351, 363.
[6] Big Data is the information asset characterised by such a high volume, velocity and variety to require specific technology and analytical methods for its transformation into value. ‘’See Andrea De Mauro, Marco Greco and Michele Grimaldi ‘A formal definition of Big Data based on its essential features’ (2016) 65 Library Review 122, 131.
[7] Stander (n 2) 2.
[8] Wien Erlank ‘Don’t touch My Virtual Property: Justifications for the Recognition of Virtual Property’ (2016) 133(3) South African Law Journal 664, 687.
[9] World Economic Forum Personal Data: The Emergence of a New Asset Class (Initiative, January 2011).
[10] See, eg, Jan Bernd Nordemann and Jonathan Pukas ‘Copyright exceptions for AI training data—will there be an international level playing field?’ (2022) 17(12) Journal of Intellectual Property Law & Practice 973, 973 where the authors note: ‘Music AI relies on audio recordings protected by the copyrights of the composers and the neighbouring rights of the performing artists and record producers’. Recently two copyright infringement cases were filed in the United States District Courts for the Northern District of California and the District Court for the District of Delaware respectively related to the use of copyrighted images as training data for AI applications: See Andersen v Stability AI Ltd (D Cal, Case no 3:23-cv-00201, 13 January 2023) and Getty Images (US) Inc v Stability AI Inc (D Del, Case no 1:23-cv-00135, 3 February 2023).
[11] Stuart Dredge ‘UK government rethinks plans for AI-training copyright exception’, Musically (News, 2 February 2023) <https://musically.com/2023/02/02/uk-government-rethinks-plans-for-ai-training-copyright-exception/>.
[12] MN Njotini ‘Evaluating the Position of Information or Data in the Law of Property’ (2015) 26(1) Stellenbosch Law Review 220, 239.
[13] Ibid 224.
[14] See Protection of Personal Information Act 2013 (South Africa) (POPIA) section 8 sv ‘Personal Information’.
[15] Xavier Seuba, Christophe Geiger and Julien Pénin (eds) Intellectual Property and Digital Trade in the Age of Artificial Intelligence and Big Data (CEIPI/ICTSD Publications Series Issue 5, June 2018) 71.
[16] Paul Ohm ‘Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization’ (2010) 57 UCLA Law Review 1701, 1701; Moira Paterson and Maeve McDonagh ‘Data protection in an era of big government: the challenges posed by big personal data’ (2018) 44 Monash Law Review 1, 1; K Krasnow Waterman and Paula J Bruening ‘Big Data analytics: risks and responsibilities’ (2014) 4 International Data Privacy Law 89, 90.
[17] Yvonne Mcdermott ‘Conceptualising the right to data protection in an era of Big Data’ (2017) 4 Big Data and Society 1, 4; See also Seuba, Geiger and Pénin (n 15) 71.
[18] Marcus R Wigan M and Roger Clarke ‘Big Data's Big Unintended Consequences’ (2013) 46 Computer 46, 51.
[19] Hugh Stephens ‘Will the Year of the Rabbit be the Year of Contentious Copyright Litigation over AI-Generated Content?’ Hugh Stephens Blog (Blog, 1 February 2023) <https://hughstephensblog.net/2023/02/01/will-the-year-of-the-rabbit-be-the-year-of-contentious-copyright-litigation-over-ai-generated-content/>.
[20] Nordemann and Pukas, above n 10, 974.
[21] Ibid.
[22] Herbert Zech Data as a Tradeable Commodity – Implications for Contract Law (Edward Elgar, 2017) 1; P Baron ‘Databases and the commodification of information’ (2002) 49(1) Journal of the Copyright Society of the USA 132, 144.
[23] Baron, above n 22, 144.
[24] Copyright Act 1978 (South Africa) section 1(1)(g) of the sv ‘literary work’.
[25] David Rüther ‘Government Data and Copyright Protection in South Africa’ [2015] South African Intellectual Property Law Journal 55, 63.
[26] Ibid 73.
[27] See Waterlow Publishers Ltd v Rose The Times 8 Dec 1989; Waterlow Publishers Ltd v Reed Information Services Ltd The Times 11 Oct 1990 as quoted by Morton ‘Draft EC Directive on the Protection of Electronic Databases: Comfort After Feist’ 8 (1992) Computer Law & Practice 38, 39; Cornish ‘1996 European Community Directive on Database Protection’ (1996-1997) 21 Columbia VLA Journal of Law & the Arts 1, 2.
[28] Labroke (Football) Ltd v William Hill (Football) Ltd [1964] 1 All ER 465 (HL).
[29] Bleiman v News Media (Auckland) Ltd [1994] 2 NZLR 673 (CA).
[30] Haupt t/a Softcopy v Brewers Marketing Intelligence (Pty) Ltd 2006 (4) SA 458 (Supreme Court of Appeal).
[31] Haupt t/a Softcopy v Brewers Marketing Intelligence (Pty) Ltd, above n 30, 473A–B.
[32] Fax Directories (Pty) Ltd v SA Fax Listings CC 1990 (2) SA 164 (Local Division).
[33] Payen Components SA Ltd v Bovic CC and Others [1995] ZASCA 57; 1995 (4) SA 441 (Appellate Division).
[34] See Haupt t/a Softcopy v Brewers Marketing Intelligence (Pty) Ltd, above n 30.
[35] OH Dean Handbook of South African Copyright Law (Juta, 1987), 1-8A.
[36] A Roos ‘Data Privacy Law’ in DP Van der Merwe (ed) Information and Communications Technology Law (LexisNexis, 3rd ed, 2022) 363, 361.
[37] Andres Guadamuz ‘Artificial intelligence and copyright’ WIPO Magazine (Article, October 2017) <https://www.wipo.int/wipo_magazine/en/2017/05/article_0003.html>.
[38] Feist Publications v Rural Telephone Service Company Inc, [1991] USSC 50; 499 US 340 (1991).
[39] Infopaq International A/S v Danske Dagbaldes Forening (C-5/08) [2009] ECR I-06569.
[40] Acohs Pty Ltd v Ucorp Pty Ltd [2012] FCAFC 16.
[41] EU Directive 96/9: Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, OJ 1996 L77/20 ('Database Directive')).
[42] See the Database Directive.
[43] See Articles 3-5 of the Database Directive.
[44] See Articles 7, 10 and 11 of the Database Directive.
[45] See Articles 6, 8, 9 and 15 of the Database Directive.
[46] See recital 15 and art 3(1) of the Database Directive.
[47] Article 7(7) of the Database Directive.
[48] Julia Johnson ‘Database Protection a Reality? How the Professional and Fantasy Sporting World Could Benefit from a sui generis Intellectual Property Right’ (2015) 27(2) Intellectual Property Journal 237.
[49] Joseph Jerome ‘Buying and Selling Privacy: Big Data’s Different Burdens and Benefits’ (2013) 66 Stanford Law Review Online 47, 49.
[50] Neil M Richards ‘Reconciling Data Privacy and the First Amendment’ (2005) 52 UCLA Law Review 1149, 1150.
[51] Anneliese Roos The law of data (privacy) protection: a comparative and theoretical study (LLD Thesis, University of South Africa, 2003), 5.
[52] Sections 23–25 of POPIA; see also articles 12-23 of the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (‘GDPR’).
[53] See articles 16-17, article 21 of the GDPR; see also section 24 of POPIA.
[54] Relevant data subject participation rights contained in the GDPR include the right to rectification (section 16), the right to erasure (section 17), the right to restrict processing (section 18) and the right to data portability (section 20); See also sections 23–25 of POPIA.
[55] For example through the right to erasure (‘right to be forgotten’) in terms of article 17 of the GDPR.
[56] Proposal for a Regulation on harmonised rules on fair access to and use of data (Data Act) [2022] COM 68 final.
[57] ‘European strategy for data: the CNIL and its counterparts comment on the Data Governance Act and the Data Act’ National Commission on Informatics and Liberty (Web Page, 13 July 2022) <https://www.cnil.fr/en/european-strategy-data-cnil-and-its-counterparts-comment-data-governance-act-and-data-act>.
[58] Pascal D König ‘Fortress Europe 4.0? An analysis of EU data governance through the lens of the resource regime concept’ (2022) 8(4) European Policy Analysis 484.
[59] Ibid 487.
[60] Regulation (EU) 2022/868 on European data governance and amending Regulation 2018/1724 (Data Governance Act) [2022] OJ L 152/1.
[61] Article 10.
[62] Francesco Vogelezang ‘The Data Act: five implications for the Datasphere’ Datasphere Initiative (Article, 22 August 2022) <https://www.thedatasphere.org/news/the-data-act-five-implications-for-the-datasphere/>.
[63] Blanca Escribano and Sofía Fontanals ‘The Data Act: new EU rules for data sharing’ EY Spain (Article, 8 November 2022) <https://www.ey.com/en_es/law/the-data-act-new-eu-rules-for-data-sharing>.
[64] Ibid.
[65] Paul Ohm ‘The Broken Promises of Privacy: Responding to the Surprising Failure of Anonymisation’ (2010) 57 UCLA Law Review 1701, 1777.
[66] See Board of Healthcare Funders v Discovery Life; Discovery Health (Pty) Ltd and the Council for Medical Scheme (Unreported decision case number 35769/2011 Local Division decision dated 2 May 2012); Transunion Auto Information Solutions (Pty) Limited V Autobid (Pty) Limited, (Unreported decision case number 6494/2011 Provincial Division decision dated 14 March 2012).
[67] Jacqueline Lipton ‘Balancing Private Rights and Public Policies: Reconceptualizing Property in Databases’ (2003) 18(3) Berkeley Technology Law Journal 773, 830.
[68] Ibid 831.
[69] Asunción Esteve ‘The Business of Personal Data: Google, Facebook, and Privacy Issues in the EU and the USA’ (2017) 7(1) International Data Privacy Law 36, 47.
[70] Václav Janeček ‘Ownership of Personal Data in the Internet of Things’ (2018) 34(5) Computer Law and Security Review 1039, 1052.
[71] Tana Pistorius ‘The IP protection of electronic databases: copyright or copywrong?’ in H Venter, M Eloff, J Eloff and L Labuschagne (eds) ‘Proceedings of the ISSA 2008 Innovative Minds Conference’ (ISSA Pretoria, 2008).
[72] Pistorius, above n 71, 12; See also Stone and Kernick ‘Protecting Databases: Copyright? We don’t Need No Stinkin' Copyright’ (1999) 16 The Computer Lawyer 17; Fieldhouse and Bolton ‘Copyright? Wrong! – Copyright protection of computer programs as literary works’ (2003) Copyright World 22, 25; H Sun ‘Copyright law under siege: An inquiry into the legitimacy of copyright protection in the context of the global divide’ (2005) 36 International Review of Industrial Property and Copyright Law 192; Tana Pistorius ‘Copyright in the Information Age: The Catch-22 of Digital Technology’ (2006) 2 Critical Arts 47, 54; Michael J Bastian ‘Protection of 'Noncreative' Databases: Harmonization of United States, foreign and international law’ (1999) 22 Boston College Environmental Affairs Law Review 425, 426; Lionel M Lavenue ‘Database rights and technical data rights: the expansion of intellectual property for the protection of databases’ (1997) 38 Santa Clara Law Review 1.
[73] Christopher Kuner and others ‘The (Data Privacy) Law hasn’t even checked in when Technology takes off’ (2014) 4 International Data Privacy Law 175, 176.
AustLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.austlii.edu.au/au/journals/ANZCompuLawJl/2022/7.html