Many websites incorporate data obtained from other websites. It is sometimes thought that, where the data obtained is not protected by copyright (e.g. data consisting of postal addresses arranged alphabetically) there are no legal problems. This is however a mistake: the collection and re-use of such data can present significant legal risks.
As a matter of English law, the key risks arise under:
- the database right legislation;
- the law of contract; and
- the Computer Misuse Act.
Database right
A database is defined in the Copyright Designs and Patents Act 1988 as “a collection of independent works, data or other materials which – (a) are arranged in a systematic or methodical way, and (b) are individually accessible by electronic or other means.” In general terms, databases falling with this definition will be protected by database right if there has been “a substantial investment in obtaining, verifying or presenting the contents of the database.” Database right will be infringed where a person extracts or reutilises all or a substantial part of a protected database without the consent of the database owner.
The law on database right is in a state of flux, and unfortunately the scope of the right is not entirely clear. Nonetheless, it is clear that the harvesting of data from other sites can in some circumstances constitute an infringement of this right.
Law of contract
Website terms of use sometimes expressly prohibit the collection and republication of data from websites. If you are considering extracting data from another website for use on your own website, you should check their terms of use of that other site. If they expressly prohibit what you intend to do – and if the website owner can establish that the terms are enforceable against you – then you may be found liable for breach of contract (or licence) if you go ahead.
Computer Misuse Act
The Computer Misuse Act provides for a specific offence in the case of unauthorised access to a computer: “(1) A person is guilty of an offence if— (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer; (b) the access he intends to secure is unauthorised; and (c) he knows at the time when he causes the computer to perform the function that that is the case. (2) The intent a person has to have to commit an offence under this section need not be directed at— (a) any particular program or data; (b) a program or data of any particular kind; or (c) a program or data held in any particular computer. (3) A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both.“
It may be argued that, where a website’s terms of use prohibit data data mining, then such activities could fall within the Computer Misuse Act. This could lead to civil liability (under the tort of breach of statutory duty) as well as criminal liability. To the best of my knowledge, this kind of argument has not yet been tested in the UK courts.
Add a new comment