This article was first written for and published by LawInSport. Click hereto view the original.
I have just visited the Church of Madonna de Ghisallo, the Church of the Patron Saint of Cycling. It sits on the long climb up from Lake Como, occasionally part of the Giro D’Italia and the Tour of Lombardy. Adjoining the Church is a museum containing a collection of cycling artefacts.
One of the most interesting exhibits is a 1905 racing cycle, whose essential frame design, complete with drop handle bars, appears fundamentally the same as that of the modern cycle. The similarity is of course superficial and cycling, in common with most sports, has benefited from technological developments. Those developments embrace the love of modern sport for amassing data. That of course us brings us back to cycling and the allegations that Chris Frome’s data was hacked during the course of the Tour De France.1 There have been notable other examples of data theft or misuse in sport, particularly where it is being used to gain technical insights. These have occasionally led to the courts, for example the Force India Formula One Team litigation against Lotus.2
In such context, this blog examines the UK and EU laws on database rights and the protection it offers to sports teams engaged in data collection.
Data theft is not unique to sport and the Courts are familiar,3 certainly in England, with applications for injunctive relief to restrain the use of data that has been wrongfully removed and to require its’ permanent deletions. The removal of data may be the result of the activities of an errant employee; here the Common Law path is well trodden with case law dating back to the 19th Century based upon the employee’s duty of good faith towards their employer.
If one is concerned with copyrighted material, then established protections around intellectual property rights provide the remedies, in the UK under the Copyright Designs and Patents Act 1988 (CDPA) and the rights derived from the EC Copyright Directive 2001.4 There may be copyright over a database, or indeed the information amassed within the database, if “by reason of the selection or arrangement of the contents of the database the database constitutes the author’s own intellectual creation“.5 That will be a hard test to satisfy in the context of most sporting data, because the database may simply consist in the storage of collated dated without any specific creative input into the design of the database itself. For example, in Football Dataco Ltd and Others v Yahoo! UK Ltd and Others,6 a database of football fixture lists did not meet the definition of a database for the purposes of the Directive as there was no originality in the creation of the database.
But what if one is concerned with the simple taking of data, such as the performance data in the case of Chris Froome? Here the allegation was that Team Sky’s computer system had been hacked and that Chris Froome’s performance data for a section of the tour had been copied. Shortly afterwards a clip appearing on YouTube comparing his performance on the same section 2 years before. The key issue being that the data alleged to have been copied was the raw stored data. The basic Common Law position is that there is no property right in information of itself.7
The European Database Directive8 is however of particular assistance, given effect in the UK by the Copyright and Rights Database Regulations 1997. This creates a property right in the database itself (referred to in the Database Directive as the “sui generis database right” but more simply in the UK legislation as the “database right”). It gives the right to bring a claim if, without the consent of the owner, a person extracts or reutilises all or a substantial part of the contents of a database.9 It is not necessary for the database to be confidential for the rights to be enjoyed and the information within the database may itself consist of information that is in the public domain. The key elements in meeting the definition for there to be a property right over the database are that the data has been arranged in a systematic and methodical way, it need not be an electronic database, and that there has been “substantial investment in obtaining, verifying or presenting the contents of the database”.10
Much of the defining litigation on the requirements to meet this definition have derived from databases within a sporting context, litigation has concerned databases listing horseracing runners and riders and football fixture lists. The decision of the ECJ in British Horseracing Board Ltd and others v William Hill Organization Ltd,11 does however identify a weakness in the scope of the protection afforded by the Directive; if the owner of the database is itself the source of the information then the right is not crystalized by the effort expended on the creation of the data, the owner of the data does not have to seek it out or verify it. Unless then there is substantial investment in the presentation of the data a database right under the regulations may not be created.
Moreover, European Court of Justice also considered that fixture lists are unlikely to benefit from the sui generis database right because obtaining the contents of a football fixture list does not require for a professional football league any investment independent of that required for the creation of the data contained in that list data.12
With that said, it has been accepted that there is a (sui generis) database right in live data provided during the course of a match – which is likely also to be the case with other data compiled during the course of a sports event.13
If property rights exist in the data base then they will subsist for a period of 15 years from the end of the calendar year in which the database was completed, if the material is subject to copyright protection those rights last significantly longer. If there is a significant update to the database involving what amounts to a substantially new investment in the database the ownership period commences afresh.
If database rights are established over a database then there will be an actionable wrong if another person, without permission, extracts or re-utilises all or a substantial part of the contents of the database. This will be case even if the database if made public but without permission for others to extract or reuse the data. It is the contents of the database that enjoy protection. The necessary extraction of a substantial part may arise from repeated or systematic extraction which, when taken as a whole, amounts to a substantial part of the contents of the database.14
If there has been infringement then delivery up of the copied data can be sought through the courts, in the case of electronic material permanent deletion is the effective remedy. Claims for damages, or in England an account of the profits which have made from the misuse of the extracted data, can also be sought. In the English Courts a typical remedy, on an interim basis, where data has been taken is to seek an order that the Defendant provides a witness statement providing information about the removal of the data and the uses to which it has been put. Where the removal of the data has involved potential criminal offences, for example computer misuse, then one might see a Defendant seeking to assert the privilege against self-incrimination. In the context of intellectual property and database rights there is an important limitation on that right against self-incrimination under English Law, which means that it cannot be relied upon in proceedings for the infringement of intellectual property rights.15
Sporting data enjoys the same protection as other data. Specifically the collation of performance data which has involved a substantial investment in its collection is likely to attract database rights, thus is likely to have been the case in the Froome example. If the data has been the subject of analysis so that the product of the analysis is included within the database there may be sufficient intellectual input to give rise to copyright over the database.
Ultimately legal remedies are of course in the nature of cure rather than prevention. Securing the data against unauthorised extraction must be the first step. Prevention methods might include “watermarking” the data by including deliberately fictitious data, to assist in proving that the data has been compromised.