By Vidushpat Singhania
Protection of database and associated rights is gaining traction in India. The vast volume and deluge of data available with the Business Processing Offices in India from jurisdictions which have stringent database protection laws have increased the awareness and need for adequate protection of personal data through domestic legislation or international commitments. But the question whether India has adequate measures in place for database right protection still remains to be answered.
Information Technology Act and Rules
Personal and sensitive data is protected under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (“IT Rules”). While the IT Rules check the compliance with the international standard of protecting personal data, it needs to be understood that database right is not limited to only personal and sensitive data. The IT Rules protect information pertaining only to:
a) Passwords;
b) Financial information;
c) Physical, physiological and mental health condition;
d) Sexual orientation;
e) Medical records and history; and
f) Biometric information.
Indian provisions for protection of database rights
In India there is no separate legislation for the protection of general database rights as is the case in the European Union (EU Data Protection Directive 1995) or the one proposed in Singapore (Personal Data Protection Bill). The limited protection available to database rights in India is as follows:
(1) Article 21 of the Constitution guarantees every citizen the fundamental right to personal liberty which includes the right to privacy and by extension private data not available in public domain. This right extends to data in electronic forms and the Information Technology Act, 2000 (“IT Act”) vide Section 66E dealing with punishment for violation of privacy, facilitates protection of such data.
(2) Copyright to a database (rights associated with the labour and investment involved in compiling data, verifying it and presenting and using it in a format which creates a value in such data) is protected under the Copyright Act, 1957 (“Copyright Act”) and the provisions of the IT Act which deal with protection of data along with penal provisions dealing with compensation and violation of the same act as a deterrent in respect of a person seeking to divulge the data without the express consent of the person whose data has been provided.
With the phasing out of the traditional means of data retention in physical paper form like telephone directories, yellow pages and instead a switch to data being retained in electronic form, it has become easier for a person to copy the data of another and distribute the same for commercial gain. With the absence of a specific legislation on database, companies have to rely on the interpretation of the Copyright Act by the courts, especially those pertaining to how database is a literary work and thus protected under the Copyright Act. In the case of V. Govindan v. E.M Gopalakrishna [AIR 1955 Mad 391] the court held that the Copyright Act only protects slavish imitation of data. This interpretation would not adequately check the menace of copying another person’s database with slight modifications.
The court in Burlington Home Shopping v. Rajnish Chibber has gone further and have recognized that compilation is also a literary work and thus protected under the Copyright Act [61 (1995) DLT 6]. The reason for the protection being that, considerable amount of effort, money and time is spent on putting together a compilation. However the essence of copyright protection extending to compilations has been captured in Eastern Book Company v. D.B. Modak [Appeal (Civil) 6472 of 2004]. In this case the court held that unless a work has been prepared by own labour, skill and there is originality and creativity in its generation, it will not be a protected work. It recognized that compilation may have nothing original on their part but it is the whole work which constitutes an original work as considerable skill and labour are put in. The court also observed that changes like spelling, corrections of typographical errors, additions or eliminations of quotation do not constitute a significant work to warrant a copyright protection in a compilation.. Database, especially when it pertains to assimilation of data may not necessarily constitute an original work, additionally with the extensive amount of data possessed by companies, correction and verification of it also require significant effort and therefore has the ability to be distinguished from an earlier work.
Database protection - Companies becoming pro-active
Multinational companies take pride in the database of the clients they possess. The value of the right in database and its association with the companies’ goodwill is increasingly leading to actions by companies for their protection. Recently GoIbibo terminated the services of its marketing agency as it had GoIbibo’s database for sending out promotional emails for another company. In fact some franchising and marketing agreements mandate sharing of data and defines ownership at dissolution of the arrangement. .When such agreements propose to deal with personal data, particularly the physical condition or sexual orientation as most traditional forms filled by customers of marketing companies, restaurants, retail chains require, a duty is enjoined upon them to formulate a privacy policy which should be intimated to the information provider.
Value in database rights needs appreciation
In summary it can be said that the database right is recognized in India under various statutes, but the protection of value in these rights need to be further appreciated. Companies while creating and harnessing data have to understand the value in these rights and need to jealously protect their asset from unauthorized dissemination, as besides the loss of commercial value in the database, they are also opening themselves to liability under the IT Act and IT Rules.
[The author is a Senior Associate, Corporate Practice, Lakshmikumaran & Sridharan, New Delhi]
Protection of database and associated rights is gaining traction in India. The vast volume and deluge of data available with the Business Processing Offices in India from jurisdictions which have stringent database protection laws have increased the awareness and need for adequate protection of personal data through domestic legislation or international commitments. But the question whether India has adequate measures in place for database right protection still remains to be answered.
Information Technology Act and Rules
Personal and sensitive data is protected under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (“IT Rules”). While the IT Rules check the compliance with the international standard of protecting personal data, it needs to be understood that database right is not limited to only personal and sensitive data. The IT Rules protect information pertaining only to:
a) Passwords;
b) Financial information;
c) Physical, physiological and mental health condition;
d) Sexual orientation;
e) Medical records and history; and
f) Biometric information.
Indian provisions for protection of database rights
In India there is no separate legislation for the protection of general database rights as is the case in the European Union (EU Data Protection Directive 1995) or the one proposed in Singapore (Personal Data Protection Bill). The limited protection available to database rights in India is as follows:
(1) Article 21 of the Constitution guarantees every citizen the fundamental right to personal liberty which includes the right to privacy and by extension private data not available in public domain. This right extends to data in electronic forms and the Information Technology Act, 2000 (“IT Act”) vide Section 66E dealing with punishment for violation of privacy, facilitates protection of such data.
(2) Copyright to a database (rights associated with the labour and investment involved in compiling data, verifying it and presenting and using it in a format which creates a value in such data) is protected under the Copyright Act, 1957 (“Copyright Act”) and the provisions of the IT Act which deal with protection of data along with penal provisions dealing with compensation and violation of the same act as a deterrent in respect of a person seeking to divulge the data without the express consent of the person whose data has been provided.
With the phasing out of the traditional means of data retention in physical paper form like telephone directories, yellow pages and instead a switch to data being retained in electronic form, it has become easier for a person to copy the data of another and distribute the same for commercial gain. With the absence of a specific legislation on database, companies have to rely on the interpretation of the Copyright Act by the courts, especially those pertaining to how database is a literary work and thus protected under the Copyright Act. In the case of V. Govindan v. E.M Gopalakrishna [AIR 1955 Mad 391] the court held that the Copyright Act only protects slavish imitation of data. This interpretation would not adequately check the menace of copying another person’s database with slight modifications.
The court in Burlington Home Shopping v. Rajnish Chibber has gone further and have recognized that compilation is also a literary work and thus protected under the Copyright Act [61 (1995) DLT 6]. The reason for the protection being that, considerable amount of effort, money and time is spent on putting together a compilation. However the essence of copyright protection extending to compilations has been captured in Eastern Book Company v. D.B. Modak [Appeal (Civil) 6472 of 2004]. In this case the court held that unless a work has been prepared by own labour, skill and there is originality and creativity in its generation, it will not be a protected work. It recognized that compilation may have nothing original on their part but it is the whole work which constitutes an original work as considerable skill and labour are put in. The court also observed that changes like spelling, corrections of typographical errors, additions or eliminations of quotation do not constitute a significant work to warrant a copyright protection in a compilation.. Database, especially when it pertains to assimilation of data may not necessarily constitute an original work, additionally with the extensive amount of data possessed by companies, correction and verification of it also require significant effort and therefore has the ability to be distinguished from an earlier work.
Database protection - Companies becoming pro-active
Multinational companies take pride in the database of the clients they possess. The value of the right in database and its association with the companies’ goodwill is increasingly leading to actions by companies for their protection. Recently GoIbibo terminated the services of its marketing agency as it had GoIbibo’s database for sending out promotional emails for another company. In fact some franchising and marketing agreements mandate sharing of data and defines ownership at dissolution of the arrangement. .When such agreements propose to deal with personal data, particularly the physical condition or sexual orientation as most traditional forms filled by customers of marketing companies, restaurants, retail chains require, a duty is enjoined upon them to formulate a privacy policy which should be intimated to the information provider.
Value in database rights needs appreciation
In summary it can be said that the database right is recognized in India under various statutes, but the protection of value in these rights need to be further appreciated. Companies while creating and harnessing data have to understand the value in these rights and need to jealously protect their asset from unauthorized dissemination, as besides the loss of commercial value in the database, they are also opening themselves to liability under the IT Act and IT Rules.
[The author is a Senior Associate, Corporate Practice, Lakshmikumaran & Sridharan, New Delhi]